1 /* $OpenBSD: libcrux_mlkem768_sha3.h,v 1.4 2025/11/13 05:13:06 djm Exp $ */ 2 3 /* Extracted from libcrux revision 026a87ab6d88ad3626b9fbbf3710d1e0483c1849 */ 4 5 /* 6 * MIT License 7 * 8 * Copyright (c) 2024 Cryspen 9 * 10 * Permission is hereby granted, free of charge, to any person obtaining a copy 11 * of this software and associated documentation files (the "Software"), to deal 12 * in the Software without restriction, including without limitation the rights 13 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 14 * copies of the Software, and to permit persons to whom the Software is 15 * furnished to do so, subject to the following conditions: 16 * 17 * The above copyright notice and this permission notice shall be included in all 18 * copies or substantial portions of the Software. 19 * 20 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 21 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 23 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 24 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 25 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 26 * SOFTWARE. 27 */ 28 29 #if !defined(__GNUC__) || (__GNUC__ < 2) 30 # define __attribute__(x) 31 #endif 32 #define KRML_MUSTINLINE inline 33 #define KRML_NOINLINE __attribute__((noinline, unused)) 34 #define KRML_HOST_EPRINTF(...) 35 #define KRML_HOST_EXIT(x) fatal_f("internal error") 36 37 static inline void 38 store64_le(uint8_t dst[8], uint64_t src) 39 { 40 dst[0] = src & 0xff; 41 dst[1] = (src >> 8) & 0xff; 42 dst[2] = (src >> 16) & 0xff; 43 dst[3] = (src >> 24) & 0xff; 44 dst[4] = (src >> 32) & 0xff; 45 dst[5] = (src >> 40) & 0xff; 46 dst[6] = (src >> 48) & 0xff; 47 dst[7] = (src >> 56) & 0xff; 48 } 49 50 static inline void 51 store32_le(uint8_t dst[4], uint32_t src) 52 { 53 dst[0] = src & 0xff; 54 dst[1] = (src >> 8) & 0xff; 55 dst[2] = (src >> 16) & 0xff; 56 dst[3] = (src >> 24) & 0xff; 57 } 58 59 static inline void 60 store32_be(uint8_t dst[4], uint32_t src) 61 { 62 dst[0] = (src >> 24) & 0xff; 63 dst[1] = (src >> 16) & 0xff; 64 dst[2] = (src >> 8) & 0xff; 65 dst[3] = src & 0xff; 66 } 67 68 static inline uint64_t 69 load64_le(uint8_t src[8]) 70 { 71 return (uint64_t)(src[0]) | 72 ((uint64_t)(src[1]) << 8) | 73 ((uint64_t)(src[2]) << 16) | 74 ((uint64_t)(src[3]) << 24) | 75 ((uint64_t)(src[4]) << 32) | 76 ((uint64_t)(src[5]) << 40) | 77 ((uint64_t)(src[6]) << 48) | 78 ((uint64_t)(src[7]) << 56); 79 } 80 81 static inline uint32_t 82 load32_le(uint8_t src[4]) 83 { 84 return (uint32_t)(src[0]) | 85 ((uint32_t)(src[1]) << 8) | 86 ((uint32_t)(src[2]) << 16) | 87 ((uint32_t)(src[3]) << 24); 88 } 89 90 #ifdef MISSING_BUILTIN_POPCOUNT 91 static inline unsigned int 92 __builtin_popcount(unsigned int num) 93 { 94 const int v[16] = { 0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4 }; 95 return v[num & 0xf] + v[(num >> 4) & 0xf]; 96 } 97 #endif 98 99 /* from libcrux/libcrux-ml-kem/extracts/c_header_only/generated/eurydice_glue.h */ 100 #pragma once 101 102 103 #ifdef _MSC_VER 104 // For __popcnt 105 #endif 106 107 108 // C++ HELPERS 109 110 #if defined(__cplusplus) 111 112 #ifndef KRML_HOST_EPRINTF 113 #define KRML_HOST_EPRINTF(...) fprintf(stderr, __VA_ARGS__) 114 #endif 115 116 117 #ifndef __cpp_lib_type_identity 118 template <class T> 119 struct type_identity { 120 using type = T; 121 }; 122 123 template <class T> 124 using type_identity_t = typename type_identity<T>::type; 125 #else 126 using std::type_identity_t; 127 #endif 128 129 #define KRML_UNION_CONSTRUCTOR(T) \ 130 template <typename V> \ 131 constexpr T(int t, V U::*m, type_identity_t<V> v) : tag(t) { \ 132 val.*m = std::move(v); \ 133 } \ 134 T() = default; 135 136 #endif 137 138 // GENERAL-PURPOSE STUFF 139 140 #define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) 141 142 #define EURYDICE_ASSERT(test, msg) \ 143 do { \ 144 if (!(test)) { \ 145 fprintf(stderr, "assertion \"%s\" failed: file \"%s\", line %d\n", msg, \ 146 __FILE__, __LINE__); \ 147 exit(255); \ 148 } \ 149 } while (0) 150 151 // SLICES, ARRAYS, ETC. 152 153 // We represent a slice as a pair of an (untyped) pointer, along with the length 154 // of the slice, i.e. the number of elements in the slice (this is NOT the 155 // number of bytes). This design choice has two important consequences. 156 // - if you need to use `ptr`, you MUST cast it to a proper type *before* 157 // performing pointer arithmetic on it (remember that C desugars pointer 158 // arithmetic based on the type of the address) 159 // - if you need to use `len` for a C style function (e.g. memcpy, memcmp), you 160 // need to multiply it by sizeof t, where t is the type of the elements. 161 // 162 // Empty slices have `len == 0` and `ptr` always needs to be a valid pointer 163 // that is not NULL (otherwise the construction in EURYDICE_SLICE computes `NULL 164 // + start`). 165 typedef struct { 166 void *ptr; 167 size_t len; 168 } Eurydice_slice; 169 170 #if defined(__cplusplus) 171 #define KRML_CLITERAL(type) type 172 #else 173 #define KRML_CLITERAL(type) (type) 174 #endif 175 176 #if defined(__cplusplus) && defined(__cpp_designated_initializers) || \ 177 !(defined(__cplusplus)) 178 #define EURYDICE_CFIELD(X) X 179 #else 180 #define EURYDICE_CFIELD(X) 181 #endif 182 183 // Helper macro to create a slice out of a pointer x, a start index in x 184 // (included), and an end index in x (excluded). The argument x must be suitably 185 // cast to something that can decay (see remark above about how pointer 186 // arithmetic works in C), meaning either pointer or array type. 187 #define EURYDICE_SLICE(x, start, end) \ 188 (KRML_CLITERAL(Eurydice_slice){(void *)(x + start), end - start}) 189 190 // Slice length 191 #define EURYDICE_SLICE_LEN(s, _) (s).len 192 #define Eurydice_slice_len(s, _) (s).len 193 194 // This macro is a pain because in case the dereferenced element type is an 195 // array, you cannot simply write `t x` as it would yield `int[4] x` instead, 196 // which is NOT correct C syntax, so we add a dedicated phase in Eurydice that 197 // adds an extra argument to this macro at the last minute so that we have the 198 // correct type of *pointers* to elements. 199 #define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i]) 200 201 // The following functions get sub slices from a slice. 202 203 #define Eurydice_slice_subslice(s, r, t, _0, _1) \ 204 EURYDICE_SLICE((t *)s.ptr, r.start, r.end) 205 206 // Variant for when the start and end indices are statically known (i.e., the 207 // range argument `r` is a literal). 208 #define Eurydice_slice_subslice2(s, start, end, t) \ 209 EURYDICE_SLICE((t *)s.ptr, (start), (end)) 210 211 // Previous version above does not work when t is an array type (as usual). Will 212 // be deprecated soon. 213 #define Eurydice_slice_subslice3(s, start, end, t_ptr) \ 214 EURYDICE_SLICE((t_ptr)s.ptr, (start), (end)) 215 216 #define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _0, _1) \ 217 EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos) 218 219 #define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _0, _1) \ 220 EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len) 221 222 #define Eurydice_array_to_slice(end, x, t) \ 223 EURYDICE_SLICE(x, 0, \ 224 end) /* x is already at an array type, no need for cast */ 225 #define Eurydice_array_to_subslice(_arraylen, x, r, t, _0, _1) \ 226 EURYDICE_SLICE((t *)x, r.start, r.end) 227 228 // Same as above, variant for when start and end are statically known 229 #define Eurydice_array_to_subslice2(x, start, end, t) \ 230 EURYDICE_SLICE((t *)x, (start), (end)) 231 232 // Same as above, variant for when start and end are statically known 233 #define Eurydice_array_to_subslice3(x, start, end, t_ptr) \ 234 EURYDICE_SLICE((t_ptr)x, (start), (end)) 235 236 #define Eurydice_array_repeat(dst, len, init, t) \ 237 ERROR "should've been desugared" 238 239 // The following functions convert an array into a slice. 240 241 #define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _0) \ 242 EURYDICE_SLICE((t *)x, 0, r) 243 #define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _0) \ 244 EURYDICE_SLICE((t *)x, r, size) 245 246 // Copy a slice with memcopy 247 #define Eurydice_slice_copy(dst, src, t) \ 248 memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) 249 250 #define core_array___Array_T__N___as_slice(len_, ptr_, t, _ret_t) \ 251 KRML_CLITERAL(Eurydice_slice) { ptr_, len_ } 252 253 #define core_array__core__clone__Clone_for__Array_T__N___clone( \ 254 len, src, dst, elem_type, _ret_t) \ 255 (memcpy(dst, src, len * sizeof(elem_type))) 256 #define TryFromSliceError uint8_t 257 #define core_array_TryFromSliceError uint8_t 258 259 #define Eurydice_array_eq(sz, a1, a2, t) (memcmp(a1, a2, sz * sizeof(t)) == 0) 260 261 // core::cmp::PartialEq<&0 (@Slice<U>)> for @Array<T, N> 262 #define Eurydice_array_eq_slice(sz, a1, s2, t, _) \ 263 (memcmp(a1, (s2)->ptr, sz * sizeof(t)) == 0) 264 265 #define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ 266 sz, a1, a2, t, _, _ret_t) \ 267 Eurydice_array_eq(sz, a1, a2, t, _) 268 #define core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( \ 269 sz, a1, a2, t, _, _ret_t) \ 270 Eurydice_array_eq(sz, a1, ((a2)->ptr), t, _) 271 272 #define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ 273 KRML_CLITERAL(ret_t) { \ 274 EURYDICE_CFIELD(.fst =) \ 275 EURYDICE_SLICE((element_type *)(slice).ptr, 0, mid), \ 276 EURYDICE_CFIELD(.snd =) \ 277 EURYDICE_SLICE((element_type *)(slice).ptr, mid, (slice).len) \ 278 } 279 280 #define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \ 281 KRML_CLITERAL(ret_t) { \ 282 EURYDICE_CFIELD(.fst =) \ 283 KRML_CLITERAL(Eurydice_slice){EURYDICE_CFIELD(.ptr =)(slice.ptr), \ 284 EURYDICE_CFIELD(.len =) mid}, \ 285 EURYDICE_CFIELD(.snd =) KRML_CLITERAL(Eurydice_slice) { \ 286 EURYDICE_CFIELD(.ptr =) \ 287 ((char *)slice.ptr + mid * sizeof(element_type)), \ 288 EURYDICE_CFIELD(.len =)(slice.len - mid) \ 289 } \ 290 } 291 292 // Conversion of slice to an array, rewritten (by Eurydice) to name the 293 // destination array, since arrays are not values in C. 294 // N.B.: see note in karamel/lib/Inlining.ml if you change this. 295 #define Eurydice_slice_to_array2(dst, src, _0, t_arr, _1) \ 296 Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ 297 sizeof(t_arr)) 298 299 static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, char *dst_ok, 300 Eurydice_slice src, size_t sz) { 301 *dst_tag = 0; 302 memcpy(dst_ok, src.ptr, sz); 303 } 304 305 // SUPPORT FOR DSTs (Dynamically-Sized Types) 306 307 // A DST is a fat pointer that keeps tracks of the size of it flexible array 308 // member. Slices are a specific case of DSTs, where [T; N] implements 309 // Unsize<[T]>, meaning an array of statically known size can be converted to a 310 // fat pointer, i.e. a slice. 311 // 312 // Unlike slices, DSTs have a built-in definition that gets monomorphized, of 313 // the form: 314 // 315 // typedef struct { 316 // T *ptr; 317 // size_t len; // number of elements 318 // } Eurydice_dst; 319 // 320 // Furthermore, T = T0<[U0]> where `struct T0<U: ?Sized>`, where the `U` is the 321 // last field. This means that there are two monomorphizations of T0 in the 322 // program. One is `T0<[V; N]>` 323 // -- this is directly converted to a Eurydice_dst via suitable codegen (no 324 // macro). The other is `T = T0<[U]>`, where `[U]` gets emitted to 325 // `Eurydice_derefed_slice`, a type that only appears in that precise situation 326 // and is thus defined to give rise to a flexible array member. 327 328 typedef char Eurydice_derefed_slice[]; 329 330 #define Eurydice_slice_of_dst(fam_ptr, len_, t, _) \ 331 ((Eurydice_slice){.ptr = (void *)(fam_ptr), .len = len_}) 332 333 #define Eurydice_slice_of_boxed_array(ptr_, len_, t, _) \ 334 ((Eurydice_slice){.ptr = (void *)(ptr_), .len = len_}) 335 336 // CORE STUFF (conversions, endianness, ...) 337 338 // We slap extern "C" on declarations that intend to implement a prototype 339 // generated by Eurydice, because Eurydice prototypes are always emitted within 340 // an extern "C" block, UNLESS you use -fcxx17-compat, in which case, you must 341 // pass -DKRML_CXX17_COMPAT="" to your C++ compiler. 342 #if defined(__cplusplus) && !defined(KRML_CXX17_COMPAT) 343 extern "C" { 344 #endif 345 346 static inline void core_num__u32__to_be_bytes(uint32_t src, uint8_t dst[4]) { 347 store32_be(dst, src); 348 } 349 350 static inline void core_num__u32__to_le_bytes(uint32_t src, uint8_t dst[4]) { 351 store32_le(dst, src); 352 } 353 354 static inline uint32_t core_num__u32__from_le_bytes(uint8_t buf[4]) { 355 return load32_le(buf); 356 } 357 358 static inline void core_num__u64__to_le_bytes(uint64_t v, uint8_t buf[8]) { 359 store64_le(buf, v); 360 } 361 362 static inline uint64_t core_num__u64__from_le_bytes(uint8_t buf[8]) { 363 return load64_le(buf); 364 } 365 366 static inline int64_t core_convert_num___core__convert__From_i32__for_i64__from( 367 int32_t x) { 368 return x; 369 } 370 371 static inline uint64_t core_convert_num___core__convert__From_u8__for_u64__from( 372 uint8_t x) { 373 return x; 374 } 375 376 static inline uint64_t 377 core_convert_num___core__convert__From_u16__for_u64__from(uint16_t x) { 378 return x; 379 } 380 381 static inline size_t 382 core_convert_num___core__convert__From_u16__for_usize__from(uint16_t x) { 383 return x; 384 } 385 386 static inline uint32_t core_num__u8__count_ones(uint8_t x0) { 387 #ifdef _MSC_VER 388 return __popcnt(x0); 389 #else 390 return __builtin_popcount(x0); 391 #endif 392 } 393 394 static inline uint32_t core_num__i32__count_ones(int32_t x0) { 395 #ifdef _MSC_VER 396 return __popcnt(x0); 397 #else 398 return __builtin_popcount(x0); 399 #endif 400 } 401 402 static inline size_t core_cmp_impls___core__cmp__Ord_for_usize__min(size_t a, 403 size_t b) { 404 if (a <= b) 405 return a; 406 else 407 return b; 408 } 409 410 // unsigned overflow wraparound semantics in C 411 static inline uint16_t core_num__u16__wrapping_add(uint16_t x, uint16_t y) { 412 return x + y; 413 } 414 static inline uint8_t core_num__u8__wrapping_sub(uint8_t x, uint8_t y) { 415 return x - y; 416 } 417 static inline uint64_t core_num__u64__rotate_left(uint64_t x0, uint32_t x1) { 418 return (x0 << x1 | x0 >> (64 - x1)); 419 } 420 421 static inline void core_ops_arith__i32__add_assign(int32_t *x0, int32_t *x1) { 422 *x0 = *x0 + *x1; 423 } 424 425 static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { 426 return (*p) & v; 427 } 428 static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { 429 return (*p) >> v; 430 } 431 static inline uint32_t Eurydice_min_u32(uint32_t x, uint32_t y) { 432 return x < y ? x : y; 433 } 434 435 static inline uint8_t 436 core_ops_bit___core__ops__bit__BitAnd_u8__u8__for___a__u8___46__bitand( 437 uint8_t *x0, uint8_t x1) { 438 return Eurydice_bitand_pv_u8(x0, x1); 439 } 440 441 static inline uint8_t 442 core_ops_bit___core__ops__bit__Shr_i32__u8__for___a__u8___792__shr(uint8_t *x0, 443 int32_t x1) { 444 return Eurydice_shr_pv_u8(x0, x1); 445 } 446 447 #define core_num_nonzero_private_NonZeroUsizeInner size_t 448 static inline core_num_nonzero_private_NonZeroUsizeInner 449 core_num_nonzero_private___core__clone__Clone_for_core__num__nonzero__private__NonZeroUsizeInner__26__clone( 450 core_num_nonzero_private_NonZeroUsizeInner *x0) { 451 return *x0; 452 } 453 454 #if defined(__cplusplus) && !defined(KRML_CXX17_COMPAT) 455 } 456 #endif 457 458 // ITERATORS 459 460 #define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ 461 (((iter_ptr)->start >= (iter_ptr)->end) \ 462 ? (KRML_CLITERAL(ret_t){EURYDICE_CFIELD(.tag =) 0, \ 463 EURYDICE_CFIELD(.f0 =) 0}) \ 464 : (KRML_CLITERAL(ret_t){EURYDICE_CFIELD(.tag =) 1, \ 465 EURYDICE_CFIELD(.f0 =)(iter_ptr)->start++})) 466 467 #define core_iter_range___core__iter__traits__iterator__Iterator_A__for_core__ops__range__Range_A__TraitClause_0___6__next \ 468 Eurydice_range_iter_next 469 470 // See note in karamel/lib/Inlining.ml if you change this 471 #define Eurydice_into_iter(x, t, _ret_t, _) (x) 472 #define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_Clause1_Item__I__for_I__1__into_iter \ 473 Eurydice_into_iter 474 475 typedef struct { 476 Eurydice_slice slice; 477 size_t chunk_size; 478 } Eurydice_chunks; 479 480 // Can't use macros Eurydice_slice_subslice_{to,from} because they require a 481 // type, and this static inline function cannot receive a type as an argument. 482 // Instead, we receive the element size and use it to peform manual offset 483 // computations rather than going through the macros. 484 static inline Eurydice_slice chunk_next(Eurydice_chunks *chunks, 485 size_t element_size) { 486 size_t chunk_size = chunks->slice.len >= chunks->chunk_size 487 ? chunks->chunk_size 488 : chunks->slice.len; 489 Eurydice_slice curr_chunk; 490 curr_chunk.ptr = chunks->slice.ptr; 491 curr_chunk.len = chunk_size; 492 chunks->slice.ptr = (char *)(chunks->slice.ptr) + chunk_size * element_size; 493 chunks->slice.len = chunks->slice.len - chunk_size; 494 return curr_chunk; 495 } 496 497 #define core_slice___Slice_T___chunks(slice_, sz_, t, _ret_t) \ 498 ((Eurydice_chunks){.slice = slice_, .chunk_size = sz_}) 499 #define core_slice___Slice_T___chunks_exact(slice_, sz_, t, _ret_t) \ 500 ((Eurydice_chunks){ \ 501 .slice = {.ptr = slice_.ptr, .len = slice_.len - (slice_.len % sz_)}, \ 502 .chunk_size = sz_}) 503 #define core_slice_iter_Chunks Eurydice_chunks 504 #define core_slice_iter_ChunksExact Eurydice_chunks 505 #define Eurydice_chunks_next(iter, t, ret_t) \ 506 (((iter)->slice.len == 0) ? ((ret_t){.tag = core_option_None}) \ 507 : ((ret_t){.tag = core_option_Some, \ 508 .f0 = chunk_next(iter, sizeof(t))})) 509 #define core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next \ 510 Eurydice_chunks_next 511 // This name changed on 20240627 512 #define core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___71__next \ 513 Eurydice_chunks_next 514 #define core_slice_iter__core__slice__iter__ChunksExact__a__T__89__next( \ 515 iter, t, _ret_t) \ 516 core_slice_iter__core__slice__iter__Chunks__a__T__70__next(iter, t) 517 518 typedef struct { 519 Eurydice_slice s; 520 size_t index; 521 } Eurydice_slice_iterator; 522 523 #define core_slice___Slice_T___iter(x, t, _ret_t) \ 524 ((Eurydice_slice_iterator){.s = x, .index = 0}) 525 #define core_slice_iter_Iter Eurydice_slice_iterator 526 #define core_slice_iter__core__slice__iter__Iter__a__T__181__next(iter, t, \ 527 ret_t) \ 528 (((iter)->index == (iter)->s.len) \ 529 ? (KRML_CLITERAL(ret_t){.tag = core_option_None}) \ 530 : (KRML_CLITERAL(ret_t){ \ 531 .tag = core_option_Some, \ 532 .f0 = ((iter)->index++, \ 533 &((t *)((iter)->s.ptr))[(iter)->index - 1])})) 534 #define core_option__core__option__Option_T__TraitClause_0___is_some(X, _0, \ 535 _1) \ 536 ((X)->tag == 1) 537 // STRINGS 538 539 typedef const char *Prims_string; 540 541 // MISC (UNTESTED) 542 543 typedef void *core_fmt_Formatter; 544 typedef void *core_fmt_Arguments; 545 typedef void *core_fmt_rt_Argument; 546 #define core_fmt_rt__core__fmt__rt__Argument__a__1__new_display(x1, x2, x3, \ 547 x4) \ 548 NULL 549 550 // BOXES 551 552 // Crimes. 553 static inline char *malloc_and_init(size_t sz, char *init) { 554 char *ptr = (char *)malloc(sz); 555 memcpy(ptr, init, sz); 556 return ptr; 557 } 558 559 #define Eurydice_box_new(init, t, t_dst) \ 560 ((t_dst)(malloc_and_init(sizeof(t), (char *)(&init)))) 561 562 #define Eurydice_box_new_array(len, ptr, t, t_dst) \ 563 ((t_dst)(malloc_and_init(len * sizeof(t), (char *)(ptr)))) 564 565 /* from libcrux/libcrux-ml-kem/extracts/c_header_only/generated/libcrux_mlkem_core.h */ 566 /* 567 * SPDX-FileCopyrightText: 2025 Cryspen Sarl <info (at) cryspen.com> 568 * 569 * SPDX-License-Identifier: MIT or Apache-2.0 570 * 571 * This code was generated with the following revisions: 572 * Charon: 667d2fc98984ff7f3df989c2367e6c1fa4a000e7 573 * Eurydice: 2381cbc416ef2ad0b561c362c500bc84f36b6785 574 * Karamel: 80f5435f2fc505973c469a4afcc8d875cddd0d8b 575 * F*: 71d8221589d4d438af3706d89cb653cf53e18aab 576 * Libcrux: 68dfed5a4a9e40277f62828471c029afed1ecdcc 577 */ 578 579 #ifndef libcrux_mlkem_core_H 580 #define libcrux_mlkem_core_H 581 582 583 #if defined(__cplusplus) 584 extern "C" { 585 #endif 586 587 /** 588 A monomorphic instance of core.ops.range.Range 589 with types size_t 590 591 */ 592 typedef struct core_ops_range_Range_08_s { 593 size_t start; 594 size_t end; 595 } core_ops_range_Range_08; 596 597 static inline uint16_t core_num__u16__wrapping_add(uint16_t x0, uint16_t x1); 598 599 static inline uint64_t core_num__u64__from_le_bytes(uint8_t x0[8U]); 600 601 static inline uint64_t core_num__u64__rotate_left(uint64_t x0, uint32_t x1); 602 603 static inline void core_num__u64__to_le_bytes(uint64_t x0, uint8_t x1[8U]); 604 605 static inline uint32_t core_num__u8__count_ones(uint8_t x0); 606 607 static inline uint8_t core_num__u8__wrapping_sub(uint8_t x0, uint8_t x1); 608 609 #define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) 610 611 #define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT ((size_t)12U) 612 613 #define LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT ((size_t)256U) 614 615 #define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT \ 616 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)12U) 617 618 #define LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT \ 619 (LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) 620 621 #define LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE ((size_t)32U) 622 623 #define LIBCRUX_ML_KEM_CONSTANTS_G_DIGEST_SIZE ((size_t)64U) 624 625 #define LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE ((size_t)32U) 626 627 /** 628 K * BITS_PER_RING_ELEMENT / 8 629 630 [eurydice] Note that we can't use const generics here because that breaks 631 C extraction with eurydice. 632 */ 633 static inline size_t libcrux_ml_kem_constants_ranked_bytes_per_ring_element( 634 size_t rank) { 635 return rank * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U; 636 } 637 638 /** 639 This function found in impl {libcrux_secrets::traits::Classify<T> for T} 640 */ 641 /** 642 A monomorphic instance of libcrux_secrets.int.public_integers.classify_27 643 with types uint8_t 644 645 */ 646 static KRML_MUSTINLINE uint8_t 647 libcrux_secrets_int_public_integers_classify_27_90(uint8_t self) { 648 return self; 649 } 650 651 /** 652 This function found in impl {libcrux_secrets::traits::Declassify<T> for T} 653 */ 654 /** 655 A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 656 with types int16_t 657 658 */ 659 static KRML_MUSTINLINE int16_t 660 libcrux_secrets_int_public_integers_declassify_d8_39(int16_t self) { 661 return self; 662 } 663 664 /** 665 This function found in impl {libcrux_secrets::int::CastOps for i16} 666 */ 667 static KRML_MUSTINLINE uint8_t libcrux_secrets_int_as_u8_f5(int16_t self) { 668 return libcrux_secrets_int_public_integers_classify_27_90( 669 (uint8_t)libcrux_secrets_int_public_integers_declassify_d8_39(self)); 670 } 671 672 /** 673 This function found in impl {libcrux_secrets::traits::Classify<T> for T} 674 */ 675 /** 676 A monomorphic instance of libcrux_secrets.int.public_integers.classify_27 677 with types int16_t 678 679 */ 680 static KRML_MUSTINLINE int16_t 681 libcrux_secrets_int_public_integers_classify_27_39(int16_t self) { 682 return self; 683 } 684 685 /** 686 This function found in impl {libcrux_secrets::traits::Declassify<T> for T} 687 */ 688 /** 689 A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 690 with types uint8_t 691 692 */ 693 static KRML_MUSTINLINE uint8_t 694 libcrux_secrets_int_public_integers_declassify_d8_90(uint8_t self) { 695 return self; 696 } 697 698 /** 699 This function found in impl {libcrux_secrets::int::CastOps for u8} 700 */ 701 static KRML_MUSTINLINE int16_t libcrux_secrets_int_as_i16_59(uint8_t self) { 702 return libcrux_secrets_int_public_integers_classify_27_39( 703 (int16_t)libcrux_secrets_int_public_integers_declassify_d8_90(self)); 704 } 705 706 /** 707 This function found in impl {libcrux_secrets::traits::Classify<T> for T} 708 */ 709 /** 710 A monomorphic instance of libcrux_secrets.int.public_integers.classify_27 711 with types int32_t 712 713 */ 714 static KRML_MUSTINLINE int32_t 715 libcrux_secrets_int_public_integers_classify_27_a8(int32_t self) { 716 return self; 717 } 718 719 /** 720 This function found in impl {libcrux_secrets::int::CastOps for i16} 721 */ 722 static KRML_MUSTINLINE int32_t libcrux_secrets_int_as_i32_f5(int16_t self) { 723 return libcrux_secrets_int_public_integers_classify_27_a8( 724 (int32_t)libcrux_secrets_int_public_integers_declassify_d8_39(self)); 725 } 726 727 /** 728 This function found in impl {libcrux_secrets::traits::Declassify<T> for T} 729 */ 730 /** 731 A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 732 with types int32_t 733 734 */ 735 static KRML_MUSTINLINE int32_t 736 libcrux_secrets_int_public_integers_declassify_d8_a8(int32_t self) { 737 return self; 738 } 739 740 /** 741 This function found in impl {libcrux_secrets::int::CastOps for i32} 742 */ 743 static KRML_MUSTINLINE int16_t libcrux_secrets_int_as_i16_36(int32_t self) { 744 return libcrux_secrets_int_public_integers_classify_27_39( 745 (int16_t)libcrux_secrets_int_public_integers_declassify_d8_a8(self)); 746 } 747 748 /** 749 This function found in impl {libcrux_secrets::traits::Declassify<T> for T} 750 */ 751 /** 752 A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 753 with types uint32_t 754 755 */ 756 static KRML_MUSTINLINE uint32_t 757 libcrux_secrets_int_public_integers_declassify_d8_df(uint32_t self) { 758 return self; 759 } 760 761 /** 762 This function found in impl {libcrux_secrets::int::CastOps for u32} 763 */ 764 static KRML_MUSTINLINE int32_t libcrux_secrets_int_as_i32_b8(uint32_t self) { 765 return libcrux_secrets_int_public_integers_classify_27_a8( 766 (int32_t)libcrux_secrets_int_public_integers_declassify_d8_df(self)); 767 } 768 769 /** 770 This function found in impl {libcrux_secrets::traits::Classify<T> for T} 771 */ 772 /** 773 A monomorphic instance of libcrux_secrets.int.public_integers.classify_27 774 with types uint16_t 775 776 */ 777 static KRML_MUSTINLINE uint16_t 778 libcrux_secrets_int_public_integers_classify_27_de(uint16_t self) { 779 return self; 780 } 781 782 /** 783 This function found in impl {libcrux_secrets::int::CastOps for i16} 784 */ 785 static KRML_MUSTINLINE uint16_t libcrux_secrets_int_as_u16_f5(int16_t self) { 786 return libcrux_secrets_int_public_integers_classify_27_de( 787 (uint16_t)libcrux_secrets_int_public_integers_declassify_d8_39(self)); 788 } 789 790 /** 791 This function found in impl {libcrux_secrets::traits::Declassify<T> for T} 792 */ 793 /** 794 A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 795 with types uint16_t 796 797 */ 798 static KRML_MUSTINLINE uint16_t 799 libcrux_secrets_int_public_integers_declassify_d8_de(uint16_t self) { 800 return self; 801 } 802 803 /** 804 This function found in impl {libcrux_secrets::int::CastOps for u16} 805 */ 806 static KRML_MUSTINLINE int16_t libcrux_secrets_int_as_i16_ca(uint16_t self) { 807 return libcrux_secrets_int_public_integers_classify_27_39( 808 (int16_t)libcrux_secrets_int_public_integers_declassify_d8_de(self)); 809 } 810 811 /** 812 This function found in impl {libcrux_secrets::traits::Classify<T> for T} 813 */ 814 /** 815 A monomorphic instance of libcrux_secrets.int.public_integers.classify_27 816 with types uint64_t 817 818 */ 819 static KRML_MUSTINLINE uint64_t 820 libcrux_secrets_int_public_integers_classify_27_49(uint64_t self) { 821 return self; 822 } 823 824 /** 825 This function found in impl {libcrux_secrets::int::CastOps for u16} 826 */ 827 static KRML_MUSTINLINE uint64_t libcrux_secrets_int_as_u64_ca(uint16_t self) { 828 return libcrux_secrets_int_public_integers_classify_27_49( 829 (uint64_t)libcrux_secrets_int_public_integers_declassify_d8_de(self)); 830 } 831 832 /** 833 This function found in impl {libcrux_secrets::traits::Classify<T> for T} 834 */ 835 /** 836 A monomorphic instance of libcrux_secrets.int.public_integers.classify_27 837 with types uint32_t 838 839 */ 840 static KRML_MUSTINLINE uint32_t 841 libcrux_secrets_int_public_integers_classify_27_df(uint32_t self) { 842 return self; 843 } 844 845 /** 846 This function found in impl {libcrux_secrets::traits::Declassify<T> for T} 847 */ 848 /** 849 A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 850 with types uint64_t 851 852 */ 853 static KRML_MUSTINLINE uint64_t 854 libcrux_secrets_int_public_integers_declassify_d8_49(uint64_t self) { 855 return self; 856 } 857 858 /** 859 This function found in impl {libcrux_secrets::int::CastOps for u64} 860 */ 861 static KRML_MUSTINLINE uint32_t libcrux_secrets_int_as_u32_a3(uint64_t self) { 862 return libcrux_secrets_int_public_integers_classify_27_df( 863 (uint32_t)libcrux_secrets_int_public_integers_declassify_d8_49(self)); 864 } 865 866 /** 867 This function found in impl {libcrux_secrets::int::CastOps for u32} 868 */ 869 static KRML_MUSTINLINE int16_t libcrux_secrets_int_as_i16_b8(uint32_t self) { 870 return libcrux_secrets_int_public_integers_classify_27_39( 871 (int16_t)libcrux_secrets_int_public_integers_declassify_d8_df(self)); 872 } 873 874 /** 875 This function found in impl {libcrux_secrets::int::CastOps for i16} 876 */ 877 static KRML_MUSTINLINE int16_t libcrux_secrets_int_as_i16_f5(int16_t self) { 878 return libcrux_secrets_int_public_integers_classify_27_39( 879 libcrux_secrets_int_public_integers_declassify_d8_39(self)); 880 } 881 882 typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { 883 uint8_t fst[1152U]; 884 uint8_t snd[1184U]; 885 } libcrux_ml_kem_utils_extraction_helper_Keypair768; 886 887 #define Ok 0 888 #define Err 1 889 890 typedef uint8_t Result_b2_tags; 891 892 /** 893 A monomorphic instance of core.result.Result 894 with types uint8_t[24size_t], core_array_TryFromSliceError 895 896 */ 897 typedef struct Result_b2_s { 898 Result_b2_tags tag; 899 union { 900 uint8_t case_Ok[24U]; 901 TryFromSliceError case_Err; 902 } val; 903 } Result_b2; 904 905 /** 906 This function found in impl {core::result::Result<T, E>[TraitClause@0, 907 TraitClause@1]} 908 */ 909 /** 910 A monomorphic instance of core.result.unwrap_26 911 with types uint8_t[24size_t], core_array_TryFromSliceError 912 913 */ 914 static inline void unwrap_26_70(Result_b2 self, uint8_t ret[24U]) { 915 if (self.tag == Ok) { 916 uint8_t f0[24U]; 917 memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); 918 memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); 919 } else { 920 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, 921 "unwrap not Ok"); 922 KRML_HOST_EXIT(255U); 923 } 924 } 925 926 /** 927 A monomorphic instance of core.result.Result 928 with types uint8_t[20size_t], core_array_TryFromSliceError 929 930 */ 931 typedef struct Result_e1_s { 932 Result_b2_tags tag; 933 union { 934 uint8_t case_Ok[20U]; 935 TryFromSliceError case_Err; 936 } val; 937 } Result_e1; 938 939 /** 940 This function found in impl {core::result::Result<T, E>[TraitClause@0, 941 TraitClause@1]} 942 */ 943 /** 944 A monomorphic instance of core.result.unwrap_26 945 with types uint8_t[20size_t], core_array_TryFromSliceError 946 947 */ 948 static inline void unwrap_26_20(Result_e1 self, uint8_t ret[20U]) { 949 if (self.tag == Ok) { 950 uint8_t f0[20U]; 951 memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); 952 memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); 953 } else { 954 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, 955 "unwrap not Ok"); 956 KRML_HOST_EXIT(255U); 957 } 958 } 959 960 /** 961 Pad the `slice` with `0`s at the end. 962 */ 963 /** 964 A monomorphic instance of libcrux_ml_kem.utils.into_padded_array 965 with const generics 966 - LEN= 32 967 */ 968 static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_9e( 969 Eurydice_slice slice, uint8_t ret[32U]) { 970 uint8_t out[32U] = {0U}; 971 uint8_t *uu____0 = out; 972 Eurydice_slice_copy( 973 Eurydice_array_to_subslice3( 974 uu____0, (size_t)0U, Eurydice_slice_len(slice, uint8_t), uint8_t *), 975 slice, uint8_t); 976 memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); 977 } 978 979 /** 980 A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey 981 with const generics 982 - $2400size_t 983 */ 984 typedef struct libcrux_ml_kem_types_MlKemPrivateKey_d9_s { 985 uint8_t value[2400U]; 986 } libcrux_ml_kem_types_MlKemPrivateKey_d9; 987 988 /** 989 This function found in impl {core::default::Default for 990 libcrux_ml_kem::types::MlKemPrivateKey<SIZE>} 991 */ 992 /** 993 A monomorphic instance of libcrux_ml_kem.types.default_d3 994 with const generics 995 - SIZE= 2400 996 */ 997 static inline libcrux_ml_kem_types_MlKemPrivateKey_d9 998 libcrux_ml_kem_types_default_d3_28(void) { 999 return ( 1000 KRML_CLITERAL(libcrux_ml_kem_types_MlKemPrivateKey_d9){.value = {0U}}); 1001 } 1002 1003 /** 1004 A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey 1005 with const generics 1006 - $1184size_t 1007 */ 1008 typedef struct libcrux_ml_kem_types_MlKemPublicKey_30_s { 1009 uint8_t value[1184U]; 1010 } libcrux_ml_kem_types_MlKemPublicKey_30; 1011 1012 /** 1013 This function found in impl {core::convert::From<@Array<u8, SIZE>> for 1014 libcrux_ml_kem::types::MlKemPublicKey<SIZE>} 1015 */ 1016 /** 1017 A monomorphic instance of libcrux_ml_kem.types.from_fd 1018 with const generics 1019 - SIZE= 1184 1020 */ 1021 static inline libcrux_ml_kem_types_MlKemPublicKey_30 1022 libcrux_ml_kem_types_from_fd_d0(uint8_t value[1184U]) { 1023 /* Passing arrays by value in Rust generates a copy in C */ 1024 uint8_t copy_of_value[1184U]; 1025 memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); 1026 libcrux_ml_kem_types_MlKemPublicKey_30 lit; 1027 memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t)); 1028 return lit; 1029 } 1030 1031 typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s { 1032 libcrux_ml_kem_types_MlKemPrivateKey_d9 sk; 1033 libcrux_ml_kem_types_MlKemPublicKey_30 pk; 1034 } libcrux_ml_kem_mlkem768_MlKem768KeyPair; 1035 1036 /** 1037 This function found in impl 1038 {libcrux_ml_kem::types::MlKemKeyPair<PRIVATE_KEY_SIZE, PUBLIC_KEY_SIZE>} 1039 */ 1040 /** 1041 A monomorphic instance of libcrux_ml_kem.types.from_17 1042 with const generics 1043 - PRIVATE_KEY_SIZE= 2400 1044 - PUBLIC_KEY_SIZE= 1184 1045 */ 1046 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair 1047 libcrux_ml_kem_types_from_17_74(libcrux_ml_kem_types_MlKemPrivateKey_d9 sk, 1048 libcrux_ml_kem_types_MlKemPublicKey_30 pk) { 1049 return (KRML_CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, 1050 .pk = pk}); 1051 } 1052 1053 /** 1054 This function found in impl {core::convert::From<@Array<u8, SIZE>> for 1055 libcrux_ml_kem::types::MlKemPrivateKey<SIZE>} 1056 */ 1057 /** 1058 A monomorphic instance of libcrux_ml_kem.types.from_77 1059 with const generics 1060 - SIZE= 2400 1061 */ 1062 static inline libcrux_ml_kem_types_MlKemPrivateKey_d9 1063 libcrux_ml_kem_types_from_77_28(uint8_t value[2400U]) { 1064 /* Passing arrays by value in Rust generates a copy in C */ 1065 uint8_t copy_of_value[2400U]; 1066 memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); 1067 libcrux_ml_kem_types_MlKemPrivateKey_d9 lit; 1068 memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t)); 1069 return lit; 1070 } 1071 1072 /** 1073 A monomorphic instance of core.result.Result 1074 with types uint8_t[32size_t], core_array_TryFromSliceError 1075 1076 */ 1077 typedef struct Result_fb_s { 1078 Result_b2_tags tag; 1079 union { 1080 uint8_t case_Ok[32U]; 1081 TryFromSliceError case_Err; 1082 } val; 1083 } Result_fb; 1084 1085 /** 1086 This function found in impl {core::result::Result<T, E>[TraitClause@0, 1087 TraitClause@1]} 1088 */ 1089 /** 1090 A monomorphic instance of core.result.unwrap_26 1091 with types uint8_t[32size_t], core_array_TryFromSliceError 1092 1093 */ 1094 static inline void unwrap_26_b3(Result_fb self, uint8_t ret[32U]) { 1095 if (self.tag == Ok) { 1096 uint8_t f0[32U]; 1097 memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); 1098 memcpy(ret, f0, (size_t)32U * sizeof(uint8_t)); 1099 } else { 1100 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, 1101 "unwrap not Ok"); 1102 KRML_HOST_EXIT(255U); 1103 } 1104 } 1105 1106 typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { 1107 uint8_t value[1088U]; 1108 } libcrux_ml_kem_mlkem768_MlKem768Ciphertext; 1109 1110 /** 1111 A monomorphic instance of K. 1112 with types libcrux_ml_kem_types_MlKemCiphertext[[$1088size_t]], 1113 uint8_t[32size_t] 1114 1115 */ 1116 typedef struct tuple_c2_s { 1117 libcrux_ml_kem_mlkem768_MlKem768Ciphertext fst; 1118 uint8_t snd[32U]; 1119 } tuple_c2; 1120 1121 /** 1122 This function found in impl {core::convert::From<@Array<u8, SIZE>> for 1123 libcrux_ml_kem::types::MlKemCiphertext<SIZE>} 1124 */ 1125 /** 1126 A monomorphic instance of libcrux_ml_kem.types.from_e0 1127 with const generics 1128 - SIZE= 1088 1129 */ 1130 static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext 1131 libcrux_ml_kem_types_from_e0_80(uint8_t value[1088U]) { 1132 /* Passing arrays by value in Rust generates a copy in C */ 1133 uint8_t copy_of_value[1088U]; 1134 memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); 1135 libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; 1136 memcpy(lit.value, copy_of_value, (size_t)1088U * sizeof(uint8_t)); 1137 return lit; 1138 } 1139 1140 /** 1141 This function found in impl {libcrux_ml_kem::types::MlKemPublicKey<SIZE>} 1142 */ 1143 /** 1144 A monomorphic instance of libcrux_ml_kem.types.as_slice_e6 1145 with const generics 1146 - SIZE= 1184 1147 */ 1148 static inline uint8_t *libcrux_ml_kem_types_as_slice_e6_d0( 1149 libcrux_ml_kem_types_MlKemPublicKey_30 *self) { 1150 return self->value; 1151 } 1152 1153 /** 1154 This function found in impl {libcrux_ml_kem::types::MlKemCiphertext<SIZE>} 1155 */ 1156 /** 1157 A monomorphic instance of libcrux_ml_kem.types.as_slice_a9 1158 with const generics 1159 - SIZE= 1088 1160 */ 1161 static inline uint8_t *libcrux_ml_kem_types_as_slice_a9_80( 1162 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { 1163 return self->value; 1164 } 1165 1166 /** 1167 A monomorphic instance of libcrux_ml_kem.utils.prf_input_inc 1168 with const generics 1169 - K= 3 1170 */ 1171 static KRML_MUSTINLINE uint8_t libcrux_ml_kem_utils_prf_input_inc_e0( 1172 uint8_t (*prf_inputs)[33U], uint8_t domain_separator) { 1173 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 1174 size_t i0 = i; 1175 prf_inputs[i0][32U] = domain_separator; 1176 domain_separator = (uint32_t)domain_separator + 1U; 1177 } 1178 return domain_separator; 1179 } 1180 1181 /** 1182 Pad the `slice` with `0`s at the end. 1183 */ 1184 /** 1185 A monomorphic instance of libcrux_ml_kem.utils.into_padded_array 1186 with const generics 1187 - LEN= 33 1188 */ 1189 static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_c8( 1190 Eurydice_slice slice, uint8_t ret[33U]) { 1191 uint8_t out[33U] = {0U}; 1192 uint8_t *uu____0 = out; 1193 Eurydice_slice_copy( 1194 Eurydice_array_to_subslice3( 1195 uu____0, (size_t)0U, Eurydice_slice_len(slice, uint8_t), uint8_t *), 1196 slice, uint8_t); 1197 memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); 1198 } 1199 1200 /** 1201 Pad the `slice` with `0`s at the end. 1202 */ 1203 /** 1204 A monomorphic instance of libcrux_ml_kem.utils.into_padded_array 1205 with const generics 1206 - LEN= 34 1207 */ 1208 static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_b6( 1209 Eurydice_slice slice, uint8_t ret[34U]) { 1210 uint8_t out[34U] = {0U}; 1211 uint8_t *uu____0 = out; 1212 Eurydice_slice_copy( 1213 Eurydice_array_to_subslice3( 1214 uu____0, (size_t)0U, Eurydice_slice_len(slice, uint8_t), uint8_t *), 1215 slice, uint8_t); 1216 memcpy(ret, out, (size_t)34U * sizeof(uint8_t)); 1217 } 1218 1219 /** 1220 This function found in impl {core::convert::AsRef<@Slice<u8>> for 1221 libcrux_ml_kem::types::MlKemCiphertext<SIZE>} 1222 */ 1223 /** 1224 A monomorphic instance of libcrux_ml_kem.types.as_ref_d3 1225 with const generics 1226 - SIZE= 1088 1227 */ 1228 static inline Eurydice_slice libcrux_ml_kem_types_as_ref_d3_80( 1229 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { 1230 return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); 1231 } 1232 1233 /** 1234 Pad the `slice` with `0`s at the end. 1235 */ 1236 /** 1237 A monomorphic instance of libcrux_ml_kem.utils.into_padded_array 1238 with const generics 1239 - LEN= 1120 1240 */ 1241 static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_15( 1242 Eurydice_slice slice, uint8_t ret[1120U]) { 1243 uint8_t out[1120U] = {0U}; 1244 uint8_t *uu____0 = out; 1245 Eurydice_slice_copy( 1246 Eurydice_array_to_subslice3( 1247 uu____0, (size_t)0U, Eurydice_slice_len(slice, uint8_t), uint8_t *), 1248 slice, uint8_t); 1249 memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); 1250 } 1251 1252 /** 1253 Pad the `slice` with `0`s at the end. 1254 */ 1255 /** 1256 A monomorphic instance of libcrux_ml_kem.utils.into_padded_array 1257 with const generics 1258 - LEN= 64 1259 */ 1260 static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_24( 1261 Eurydice_slice slice, uint8_t ret[64U]) { 1262 uint8_t out[64U] = {0U}; 1263 uint8_t *uu____0 = out; 1264 Eurydice_slice_copy( 1265 Eurydice_array_to_subslice3( 1266 uu____0, (size_t)0U, Eurydice_slice_len(slice, uint8_t), uint8_t *), 1267 slice, uint8_t); 1268 memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); 1269 } 1270 1271 typedef struct Eurydice_slice_uint8_t_x4_s { 1272 Eurydice_slice fst; 1273 Eurydice_slice snd; 1274 Eurydice_slice thd; 1275 Eurydice_slice f3; 1276 } Eurydice_slice_uint8_t_x4; 1277 1278 typedef struct Eurydice_slice_uint8_t_x2_s { 1279 Eurydice_slice fst; 1280 Eurydice_slice snd; 1281 } Eurydice_slice_uint8_t_x2; 1282 1283 /** 1284 Unpack an incoming private key into it's different parts. 1285 1286 We have this here in types to extract into a common core for C. 1287 */ 1288 /** 1289 A monomorphic instance of libcrux_ml_kem.types.unpack_private_key 1290 with const generics 1291 - CPA_SECRET_KEY_SIZE= 1152 1292 - PUBLIC_KEY_SIZE= 1184 1293 */ 1294 static inline Eurydice_slice_uint8_t_x4 1295 libcrux_ml_kem_types_unpack_private_key_b4(Eurydice_slice private_key) { 1296 Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( 1297 private_key, (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); 1298 Eurydice_slice ind_cpa_secret_key = uu____0.fst; 1299 Eurydice_slice secret_key0 = uu____0.snd; 1300 Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( 1301 secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); 1302 Eurydice_slice ind_cpa_public_key = uu____1.fst; 1303 Eurydice_slice secret_key = uu____1.snd; 1304 Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( 1305 secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, 1306 Eurydice_slice_uint8_t_x2); 1307 Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; 1308 Eurydice_slice implicit_rejection_value = uu____2.snd; 1309 return ( 1310 KRML_CLITERAL(Eurydice_slice_uint8_t_x4){.fst = ind_cpa_secret_key, 1311 .snd = ind_cpa_public_key, 1312 .thd = ind_cpa_public_key_hash, 1313 .f3 = implicit_rejection_value}); 1314 } 1315 1316 /** 1317 This function found in impl {libcrux_secrets::traits::Declassify<T> for T} 1318 */ 1319 /** 1320 A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 1321 with types uint8_t[24size_t] 1322 1323 */ 1324 static KRML_MUSTINLINE void 1325 libcrux_secrets_int_public_integers_declassify_d8_d2(uint8_t self[24U], 1326 uint8_t ret[24U]) { 1327 memcpy(ret, self, (size_t)24U * sizeof(uint8_t)); 1328 } 1329 1330 /** 1331 This function found in impl {libcrux_secrets::traits::Declassify<T> for T} 1332 */ 1333 /** 1334 A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 1335 with types uint8_t[20size_t] 1336 1337 */ 1338 static KRML_MUSTINLINE void 1339 libcrux_secrets_int_public_integers_declassify_d8_57(uint8_t self[20U], 1340 uint8_t ret[20U]) { 1341 memcpy(ret, self, (size_t)20U * sizeof(uint8_t)); 1342 } 1343 1344 /** 1345 This function found in impl {libcrux_secrets::traits::Declassify<T> for T} 1346 */ 1347 /** 1348 A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 1349 with types uint8_t[8size_t] 1350 1351 */ 1352 static KRML_MUSTINLINE void 1353 libcrux_secrets_int_public_integers_declassify_d8_76(uint8_t self[8U], 1354 uint8_t ret[8U]) { 1355 memcpy(ret, self, (size_t)8U * sizeof(uint8_t)); 1356 } 1357 1358 /** 1359 This function found in impl {libcrux_secrets::traits::Declassify<T> for T} 1360 */ 1361 /** 1362 A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 1363 with types uint8_t[2size_t] 1364 1365 */ 1366 static KRML_MUSTINLINE void 1367 libcrux_secrets_int_public_integers_declassify_d8_d4(uint8_t self[2U], 1368 uint8_t ret[2U]) { 1369 memcpy(ret, self, (size_t)2U * sizeof(uint8_t)); 1370 } 1371 1372 /** 1373 This function found in impl {libcrux_secrets::traits::Classify<T> for T} 1374 */ 1375 /** 1376 A monomorphic instance of libcrux_secrets.int.public_integers.classify_27 1377 with types int16_t[16size_t] 1378 1379 */ 1380 static KRML_MUSTINLINE void libcrux_secrets_int_public_integers_classify_27_46( 1381 int16_t self[16U], int16_t ret[16U]) { 1382 memcpy(ret, self, (size_t)16U * sizeof(int16_t)); 1383 } 1384 1385 /** 1386 This function found in impl {libcrux_secrets::traits::ClassifyRef<&'a 1387 (@Slice<T>)> for &'a (@Slice<T>)} 1388 */ 1389 /** 1390 A monomorphic instance of libcrux_secrets.int.classify_public.classify_ref_9b 1391 with types uint8_t 1392 1393 */ 1394 static KRML_MUSTINLINE Eurydice_slice 1395 libcrux_secrets_int_classify_public_classify_ref_9b_90(Eurydice_slice self) { 1396 return self; 1397 } 1398 1399 /** 1400 This function found in impl {libcrux_secrets::traits::ClassifyRef<&'a 1401 (@Slice<T>)> for &'a (@Slice<T>)} 1402 */ 1403 /** 1404 A monomorphic instance of libcrux_secrets.int.classify_public.classify_ref_9b 1405 with types int16_t 1406 1407 */ 1408 static KRML_MUSTINLINE Eurydice_slice 1409 libcrux_secrets_int_classify_public_classify_ref_9b_39(Eurydice_slice self) { 1410 return self; 1411 } 1412 1413 /** 1414 A monomorphic instance of core.result.Result 1415 with types int16_t[16size_t], core_array_TryFromSliceError 1416 1417 */ 1418 typedef struct Result_0a_s { 1419 Result_b2_tags tag; 1420 union { 1421 int16_t case_Ok[16U]; 1422 TryFromSliceError case_Err; 1423 } val; 1424 } Result_0a; 1425 1426 /** 1427 This function found in impl {core::result::Result<T, E>[TraitClause@0, 1428 TraitClause@1]} 1429 */ 1430 /** 1431 A monomorphic instance of core.result.unwrap_26 1432 with types int16_t[16size_t], core_array_TryFromSliceError 1433 1434 */ 1435 static inline void unwrap_26_00(Result_0a self, int16_t ret[16U]) { 1436 if (self.tag == Ok) { 1437 int16_t f0[16U]; 1438 memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); 1439 memcpy(ret, f0, (size_t)16U * sizeof(int16_t)); 1440 } else { 1441 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, 1442 "unwrap not Ok"); 1443 KRML_HOST_EXIT(255U); 1444 } 1445 } 1446 1447 /** 1448 A monomorphic instance of core.result.Result 1449 with types uint8_t[8size_t], core_array_TryFromSliceError 1450 1451 */ 1452 typedef struct Result_15_s { 1453 Result_b2_tags tag; 1454 union { 1455 uint8_t case_Ok[8U]; 1456 TryFromSliceError case_Err; 1457 } val; 1458 } Result_15; 1459 1460 /** 1461 This function found in impl {core::result::Result<T, E>[TraitClause@0, 1462 TraitClause@1]} 1463 */ 1464 /** 1465 A monomorphic instance of core.result.unwrap_26 1466 with types uint8_t[8size_t], core_array_TryFromSliceError 1467 1468 */ 1469 static inline void unwrap_26_68(Result_15 self, uint8_t ret[8U]) { 1470 if (self.tag == Ok) { 1471 uint8_t f0[8U]; 1472 memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); 1473 memcpy(ret, f0, (size_t)8U * sizeof(uint8_t)); 1474 } else { 1475 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, 1476 "unwrap not Ok"); 1477 KRML_HOST_EXIT(255U); 1478 } 1479 } 1480 1481 #if defined(__cplusplus) 1482 } 1483 #endif 1484 1485 #define libcrux_mlkem_core_H_DEFINED 1486 #endif /* libcrux_mlkem_core_H */ 1487 1488 /* from libcrux/libcrux-ml-kem/extracts/c_header_only/generated/libcrux_ct_ops.h */ 1489 /* 1490 * SPDX-FileCopyrightText: 2025 Cryspen Sarl <info (at) cryspen.com> 1491 * 1492 * SPDX-License-Identifier: MIT or Apache-2.0 1493 * 1494 * This code was generated with the following revisions: 1495 * Charon: 667d2fc98984ff7f3df989c2367e6c1fa4a000e7 1496 * Eurydice: 2381cbc416ef2ad0b561c362c500bc84f36b6785 1497 * Karamel: 80f5435f2fc505973c469a4afcc8d875cddd0d8b 1498 * F*: 71d8221589d4d438af3706d89cb653cf53e18aab 1499 * Libcrux: 68dfed5a4a9e40277f62828471c029afed1ecdcc 1500 */ 1501 1502 #ifndef libcrux_ct_ops_H 1503 #define libcrux_ct_ops_H 1504 1505 1506 #if defined(__cplusplus) 1507 extern "C" { 1508 #endif 1509 1510 1511 /** 1512 Return 1 if `value` is not zero and 0 otherwise. 1513 */ 1514 static KRML_NOINLINE uint8_t 1515 libcrux_ml_kem_constant_time_ops_inz(uint8_t value) { 1516 uint16_t value0 = (uint16_t)value; 1517 uint8_t result = 1518 (uint8_t)((uint32_t)core_num__u16__wrapping_add(~value0, 1U) >> 8U); 1519 return (uint32_t)result & 1U; 1520 } 1521 1522 static KRML_NOINLINE uint8_t 1523 libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value) { 1524 return libcrux_ml_kem_constant_time_ops_inz(value); 1525 } 1526 1527 /** 1528 Return 1 if the bytes of `lhs` and `rhs` do not exactly 1529 match and 0 otherwise. 1530 */ 1531 static KRML_NOINLINE uint8_t libcrux_ml_kem_constant_time_ops_compare( 1532 Eurydice_slice lhs, Eurydice_slice rhs) { 1533 uint8_t r = 0U; 1534 for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t); i++) { 1535 size_t i0 = i; 1536 uint8_t nr = (uint32_t)r | 1537 ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) ^ 1538 (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *)); 1539 r = nr; 1540 } 1541 return libcrux_ml_kem_constant_time_ops_is_non_zero(r); 1542 } 1543 1544 static KRML_NOINLINE uint8_t 1545 libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( 1546 Eurydice_slice lhs, Eurydice_slice rhs) { 1547 return libcrux_ml_kem_constant_time_ops_compare(lhs, rhs); 1548 } 1549 1550 /** 1551 If `selector` is not zero, return the bytes in `rhs`; return the bytes in 1552 `lhs` otherwise. 1553 */ 1554 static KRML_NOINLINE void libcrux_ml_kem_constant_time_ops_select_ct( 1555 Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, 1556 uint8_t ret[32U]) { 1557 uint8_t mask = core_num__u8__wrapping_sub( 1558 libcrux_ml_kem_constant_time_ops_is_non_zero(selector), 1U); 1559 uint8_t out[32U] = {0U}; 1560 for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; 1561 i++) { 1562 size_t i0 = i; 1563 uint8_t outi = 1564 ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) & 1565 (uint32_t)mask) | 1566 ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *) & 1567 (uint32_t)~mask); 1568 out[i0] = outi; 1569 } 1570 memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); 1571 } 1572 1573 static KRML_NOINLINE void 1574 libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( 1575 Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, 1576 uint8_t ret[32U]) { 1577 libcrux_ml_kem_constant_time_ops_select_ct(lhs, rhs, selector, ret); 1578 } 1579 1580 static KRML_NOINLINE void 1581 libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( 1582 Eurydice_slice lhs_c, Eurydice_slice rhs_c, Eurydice_slice lhs_s, 1583 Eurydice_slice rhs_s, uint8_t ret[32U]) { 1584 uint8_t selector = 1585 libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( 1586 lhs_c, rhs_c); 1587 uint8_t ret0[32U]; 1588 libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( 1589 lhs_s, rhs_s, selector, ret0); 1590 memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); 1591 } 1592 1593 #if defined(__cplusplus) 1594 } 1595 #endif 1596 1597 #define libcrux_ct_ops_H_DEFINED 1598 #endif /* libcrux_ct_ops_H */ 1599 1600 /* from libcrux/libcrux-ml-kem/extracts/c_header_only/generated/libcrux_sha3_portable.h */ 1601 /* 1602 * SPDX-FileCopyrightText: 2025 Cryspen Sarl <info (at) cryspen.com> 1603 * 1604 * SPDX-License-Identifier: MIT or Apache-2.0 1605 * 1606 * This code was generated with the following revisions: 1607 * Charon: 667d2fc98984ff7f3df989c2367e6c1fa4a000e7 1608 * Eurydice: 2381cbc416ef2ad0b561c362c500bc84f36b6785 1609 * Karamel: 80f5435f2fc505973c469a4afcc8d875cddd0d8b 1610 * F*: 71d8221589d4d438af3706d89cb653cf53e18aab 1611 * Libcrux: 68dfed5a4a9e40277f62828471c029afed1ecdcc 1612 */ 1613 1614 #ifndef libcrux_sha3_portable_H 1615 #define libcrux_sha3_portable_H 1616 1617 1618 #if defined(__cplusplus) 1619 extern "C" { 1620 #endif 1621 1622 1623 /** 1624 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 1625 */ 1626 static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_zero_d2(void) { 1627 return 0ULL; 1628 } 1629 1630 static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__veor5q_u64( 1631 uint64_t a, uint64_t b, uint64_t c, uint64_t d, uint64_t e) { 1632 return (((a ^ b) ^ c) ^ d) ^ e; 1633 } 1634 1635 /** 1636 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 1637 */ 1638 static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor5_d2( 1639 uint64_t a, uint64_t b, uint64_t c, uint64_t d, uint64_t e) { 1640 return libcrux_sha3_simd_portable__veor5q_u64(a, b, c, d, e); 1641 } 1642 1643 /** 1644 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left 1645 with const generics 1646 - LEFT= 1 1647 - RIGHT= 63 1648 */ 1649 static KRML_MUSTINLINE uint64_t 1650 libcrux_sha3_simd_portable_rotate_left_76(uint64_t x) { 1651 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)1); 1652 } 1653 1654 static KRML_MUSTINLINE uint64_t 1655 libcrux_sha3_simd_portable__vrax1q_u64(uint64_t a, uint64_t b) { 1656 uint64_t uu____0 = a; 1657 return uu____0 ^ libcrux_sha3_simd_portable_rotate_left_76(b); 1658 } 1659 1660 /** 1661 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 1662 */ 1663 static KRML_MUSTINLINE uint64_t 1664 libcrux_sha3_simd_portable_rotate_left1_and_xor_d2(uint64_t a, uint64_t b) { 1665 return libcrux_sha3_simd_portable__vrax1q_u64(a, b); 1666 } 1667 1668 static KRML_MUSTINLINE uint64_t 1669 libcrux_sha3_simd_portable__vbcaxq_u64(uint64_t a, uint64_t b, uint64_t c) { 1670 return a ^ (b & ~c); 1671 } 1672 1673 /** 1674 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 1675 */ 1676 static KRML_MUSTINLINE uint64_t 1677 libcrux_sha3_simd_portable_and_not_xor_d2(uint64_t a, uint64_t b, uint64_t c) { 1678 return libcrux_sha3_simd_portable__vbcaxq_u64(a, b, c); 1679 } 1680 1681 static KRML_MUSTINLINE uint64_t 1682 libcrux_sha3_simd_portable__veorq_n_u64(uint64_t a, uint64_t c) { 1683 return a ^ c; 1684 } 1685 1686 /** 1687 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 1688 */ 1689 static KRML_MUSTINLINE uint64_t 1690 libcrux_sha3_simd_portable_xor_constant_d2(uint64_t a, uint64_t c) { 1691 return libcrux_sha3_simd_portable__veorq_n_u64(a, c); 1692 } 1693 1694 /** 1695 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 1696 */ 1697 static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_d2(uint64_t a, 1698 uint64_t b) { 1699 return a ^ b; 1700 } 1701 1702 static const uint64_t 1703 libcrux_sha3_generic_keccak_constants_ROUNDCONSTANTS[24U] = { 1704 1ULL, 1705 32898ULL, 1706 9223372036854808714ULL, 1707 9223372039002292224ULL, 1708 32907ULL, 1709 2147483649ULL, 1710 9223372039002292353ULL, 1711 9223372036854808585ULL, 1712 138ULL, 1713 136ULL, 1714 2147516425ULL, 1715 2147483658ULL, 1716 2147516555ULL, 1717 9223372036854775947ULL, 1718 9223372036854808713ULL, 1719 9223372036854808579ULL, 1720 9223372036854808578ULL, 1721 9223372036854775936ULL, 1722 32778ULL, 1723 9223372039002259466ULL, 1724 9223372039002292353ULL, 1725 9223372036854808704ULL, 1726 2147483649ULL, 1727 9223372039002292232ULL}; 1728 1729 typedef struct size_t_x2_s { 1730 size_t fst; 1731 size_t snd; 1732 } size_t_x2; 1733 1734 /** 1735 A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState 1736 with types uint64_t 1737 with const generics 1738 - $1size_t 1739 */ 1740 typedef struct libcrux_sha3_generic_keccak_KeccakState_17_s { 1741 uint64_t st[25U]; 1742 } libcrux_sha3_generic_keccak_KeccakState_17; 1743 1744 /** 1745 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T, 1746 N>[TraitClause@0, TraitClause@1]} 1747 */ 1748 /** 1749 A monomorphic instance of libcrux_sha3.generic_keccak.new_80 1750 with types uint64_t 1751 with const generics 1752 - N= 1 1753 */ 1754 static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_17 1755 libcrux_sha3_generic_keccak_new_80_04(void) { 1756 libcrux_sha3_generic_keccak_KeccakState_17 lit; 1757 uint64_t repeat_expression[25U]; 1758 for (size_t i = (size_t)0U; i < (size_t)25U; i++) { 1759 repeat_expression[i] = libcrux_sha3_simd_portable_zero_d2(); 1760 } 1761 memcpy(lit.st, repeat_expression, (size_t)25U * sizeof(uint64_t)); 1762 return lit; 1763 } 1764 1765 /** 1766 A monomorphic instance of libcrux_sha3.traits.get_ij 1767 with types uint64_t 1768 with const generics 1769 - N= 1 1770 */ 1771 static KRML_MUSTINLINE uint64_t *libcrux_sha3_traits_get_ij_04(uint64_t *arr, 1772 size_t i, 1773 size_t j) { 1774 return &arr[(size_t)5U * j + i]; 1775 } 1776 1777 /** 1778 A monomorphic instance of libcrux_sha3.traits.set_ij 1779 with types uint64_t 1780 with const generics 1781 - N= 1 1782 */ 1783 static KRML_MUSTINLINE void libcrux_sha3_traits_set_ij_04(uint64_t *arr, 1784 size_t i, size_t j, 1785 uint64_t value) { 1786 arr[(size_t)5U * j + i] = value; 1787 } 1788 1789 /** 1790 A monomorphic instance of libcrux_sha3.simd.portable.load_block 1791 with const generics 1792 - RATE= 72 1793 */ 1794 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_block_f8( 1795 uint64_t *state, Eurydice_slice blocks, size_t start) { 1796 uint64_t state_flat[25U] = {0U}; 1797 for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { 1798 size_t i0 = i; 1799 size_t offset = start + (size_t)8U * i0; 1800 uint8_t uu____0[8U]; 1801 Result_15 dst; 1802 Eurydice_slice_to_array2( 1803 &dst, 1804 Eurydice_slice_subslice3(blocks, offset, offset + (size_t)8U, 1805 uint8_t *), 1806 Eurydice_slice, uint8_t[8U], TryFromSliceError); 1807 unwrap_26_68(dst, uu____0); 1808 state_flat[i0] = core_num__u64__from_le_bytes(uu____0); 1809 } 1810 for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { 1811 size_t i0 = i; 1812 libcrux_sha3_traits_set_ij_04( 1813 state, i0 / (size_t)5U, i0 % (size_t)5U, 1814 libcrux_sha3_traits_get_ij_04(state, i0 / (size_t)5U, 1815 i0 % (size_t)5U)[0U] ^ 1816 state_flat[i0]); 1817 } 1818 } 1819 1820 /** 1821 This function found in impl {libcrux_sha3::traits::Absorb<1usize> for 1822 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>, 1823 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for 1824 u64}]} 1825 */ 1826 /** 1827 A monomorphic instance of libcrux_sha3.simd.portable.load_block_a1 1828 with const generics 1829 - RATE= 72 1830 */ 1831 static inline void libcrux_sha3_simd_portable_load_block_a1_f8( 1832 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input, 1833 size_t start) { 1834 libcrux_sha3_simd_portable_load_block_f8(self->st, input[0U], start); 1835 } 1836 1837 /** 1838 This function found in impl {core::ops::index::Index<(usize, usize), T> for 1839 libcrux_sha3::generic_keccak::KeccakState<T, N>[TraitClause@0, TraitClause@1]} 1840 */ 1841 /** 1842 A monomorphic instance of libcrux_sha3.generic_keccak.index_c2 1843 with types uint64_t 1844 with const generics 1845 - N= 1 1846 */ 1847 static inline uint64_t *libcrux_sha3_generic_keccak_index_c2_04( 1848 libcrux_sha3_generic_keccak_KeccakState_17 *self, size_t_x2 index) { 1849 return libcrux_sha3_traits_get_ij_04(self->st, index.fst, index.snd); 1850 } 1851 1852 /** 1853 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T, 1854 N>[TraitClause@0, TraitClause@1]} 1855 */ 1856 /** 1857 A monomorphic instance of libcrux_sha3.generic_keccak.theta_80 1858 with types uint64_t 1859 with const generics 1860 - N= 1 1861 */ 1862 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_80_04( 1863 libcrux_sha3_generic_keccak_KeccakState_17 *self, uint64_t ret[5U]) { 1864 uint64_t c[5U] = { 1865 libcrux_sha3_simd_portable_xor5_d2( 1866 libcrux_sha3_generic_keccak_index_c2_04( 1867 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, 1868 .snd = (size_t)0U}))[0U], 1869 libcrux_sha3_generic_keccak_index_c2_04( 1870 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, 1871 .snd = (size_t)0U}))[0U], 1872 libcrux_sha3_generic_keccak_index_c2_04( 1873 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, 1874 .snd = (size_t)0U}))[0U], 1875 libcrux_sha3_generic_keccak_index_c2_04( 1876 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, 1877 .snd = (size_t)0U}))[0U], 1878 libcrux_sha3_generic_keccak_index_c2_04( 1879 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, 1880 .snd = (size_t)0U}))[0U]), 1881 libcrux_sha3_simd_portable_xor5_d2( 1882 libcrux_sha3_generic_keccak_index_c2_04( 1883 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, 1884 .snd = (size_t)1U}))[0U], 1885 libcrux_sha3_generic_keccak_index_c2_04( 1886 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, 1887 .snd = (size_t)1U}))[0U], 1888 libcrux_sha3_generic_keccak_index_c2_04( 1889 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, 1890 .snd = (size_t)1U}))[0U], 1891 libcrux_sha3_generic_keccak_index_c2_04( 1892 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, 1893 .snd = (size_t)1U}))[0U], 1894 libcrux_sha3_generic_keccak_index_c2_04( 1895 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, 1896 .snd = (size_t)1U}))[0U]), 1897 libcrux_sha3_simd_portable_xor5_d2( 1898 libcrux_sha3_generic_keccak_index_c2_04( 1899 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, 1900 .snd = (size_t)2U}))[0U], 1901 libcrux_sha3_generic_keccak_index_c2_04( 1902 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, 1903 .snd = (size_t)2U}))[0U], 1904 libcrux_sha3_generic_keccak_index_c2_04( 1905 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, 1906 .snd = (size_t)2U}))[0U], 1907 libcrux_sha3_generic_keccak_index_c2_04( 1908 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, 1909 .snd = (size_t)2U}))[0U], 1910 libcrux_sha3_generic_keccak_index_c2_04( 1911 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, 1912 .snd = (size_t)2U}))[0U]), 1913 libcrux_sha3_simd_portable_xor5_d2( 1914 libcrux_sha3_generic_keccak_index_c2_04( 1915 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, 1916 .snd = (size_t)3U}))[0U], 1917 libcrux_sha3_generic_keccak_index_c2_04( 1918 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, 1919 .snd = (size_t)3U}))[0U], 1920 libcrux_sha3_generic_keccak_index_c2_04( 1921 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, 1922 .snd = (size_t)3U}))[0U], 1923 libcrux_sha3_generic_keccak_index_c2_04( 1924 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, 1925 .snd = (size_t)3U}))[0U], 1926 libcrux_sha3_generic_keccak_index_c2_04( 1927 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, 1928 .snd = (size_t)3U}))[0U]), 1929 libcrux_sha3_simd_portable_xor5_d2( 1930 libcrux_sha3_generic_keccak_index_c2_04( 1931 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, 1932 .snd = (size_t)4U}))[0U], 1933 libcrux_sha3_generic_keccak_index_c2_04( 1934 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, 1935 .snd = (size_t)4U}))[0U], 1936 libcrux_sha3_generic_keccak_index_c2_04( 1937 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, 1938 .snd = (size_t)4U}))[0U], 1939 libcrux_sha3_generic_keccak_index_c2_04( 1940 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, 1941 .snd = (size_t)4U}))[0U], 1942 libcrux_sha3_generic_keccak_index_c2_04( 1943 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, 1944 .snd = (size_t)4U}))[0U])}; 1945 uint64_t uu____0 = libcrux_sha3_simd_portable_rotate_left1_and_xor_d2( 1946 c[((size_t)0U + (size_t)4U) % (size_t)5U], 1947 c[((size_t)0U + (size_t)1U) % (size_t)5U]); 1948 uint64_t uu____1 = libcrux_sha3_simd_portable_rotate_left1_and_xor_d2( 1949 c[((size_t)1U + (size_t)4U) % (size_t)5U], 1950 c[((size_t)1U + (size_t)1U) % (size_t)5U]); 1951 uint64_t uu____2 = libcrux_sha3_simd_portable_rotate_left1_and_xor_d2( 1952 c[((size_t)2U + (size_t)4U) % (size_t)5U], 1953 c[((size_t)2U + (size_t)1U) % (size_t)5U]); 1954 uint64_t uu____3 = libcrux_sha3_simd_portable_rotate_left1_and_xor_d2( 1955 c[((size_t)3U + (size_t)4U) % (size_t)5U], 1956 c[((size_t)3U + (size_t)1U) % (size_t)5U]); 1957 ret[0U] = uu____0; 1958 ret[1U] = uu____1; 1959 ret[2U] = uu____2; 1960 ret[3U] = uu____3; 1961 ret[4U] = libcrux_sha3_simd_portable_rotate_left1_and_xor_d2( 1962 c[((size_t)4U + (size_t)4U) % (size_t)5U], 1963 c[((size_t)4U + (size_t)1U) % (size_t)5U]); 1964 } 1965 1966 /** 1967 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T, 1968 N>[TraitClause@0, TraitClause@1]} 1969 */ 1970 /** 1971 A monomorphic instance of libcrux_sha3.generic_keccak.set_80 1972 with types uint64_t 1973 with const generics 1974 - N= 1 1975 */ 1976 static inline void libcrux_sha3_generic_keccak_set_80_04( 1977 libcrux_sha3_generic_keccak_KeccakState_17 *self, size_t i, size_t j, 1978 uint64_t v) { 1979 libcrux_sha3_traits_set_ij_04(self->st, i, j, v); 1980 } 1981 1982 /** 1983 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left 1984 with const generics 1985 - LEFT= 36 1986 - RIGHT= 28 1987 */ 1988 static KRML_MUSTINLINE uint64_t 1989 libcrux_sha3_simd_portable_rotate_left_02(uint64_t x) { 1990 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)36); 1991 } 1992 1993 /** 1994 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 1995 with const generics 1996 - LEFT= 36 1997 - RIGHT= 28 1998 */ 1999 static KRML_MUSTINLINE uint64_t 2000 libcrux_sha3_simd_portable__vxarq_u64_02(uint64_t a, uint64_t b) { 2001 return libcrux_sha3_simd_portable_rotate_left_02(a ^ b); 2002 } 2003 2004 /** 2005 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 2006 */ 2007 /** 2008 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 2009 with const generics 2010 - LEFT= 36 2011 - RIGHT= 28 2012 */ 2013 static KRML_MUSTINLINE uint64_t 2014 libcrux_sha3_simd_portable_xor_and_rotate_d2_02(uint64_t a, uint64_t b) { 2015 return libcrux_sha3_simd_portable__vxarq_u64_02(a, b); 2016 } 2017 2018 /** 2019 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left 2020 with const generics 2021 - LEFT= 3 2022 - RIGHT= 61 2023 */ 2024 static KRML_MUSTINLINE uint64_t 2025 libcrux_sha3_simd_portable_rotate_left_ac(uint64_t x) { 2026 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)3); 2027 } 2028 2029 /** 2030 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 2031 with const generics 2032 - LEFT= 3 2033 - RIGHT= 61 2034 */ 2035 static KRML_MUSTINLINE uint64_t 2036 libcrux_sha3_simd_portable__vxarq_u64_ac(uint64_t a, uint64_t b) { 2037 return libcrux_sha3_simd_portable_rotate_left_ac(a ^ b); 2038 } 2039 2040 /** 2041 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 2042 */ 2043 /** 2044 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 2045 with const generics 2046 - LEFT= 3 2047 - RIGHT= 61 2048 */ 2049 static KRML_MUSTINLINE uint64_t 2050 libcrux_sha3_simd_portable_xor_and_rotate_d2_ac(uint64_t a, uint64_t b) { 2051 return libcrux_sha3_simd_portable__vxarq_u64_ac(a, b); 2052 } 2053 2054 /** 2055 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left 2056 with const generics 2057 - LEFT= 41 2058 - RIGHT= 23 2059 */ 2060 static KRML_MUSTINLINE uint64_t 2061 libcrux_sha3_simd_portable_rotate_left_020(uint64_t x) { 2062 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)41); 2063 } 2064 2065 /** 2066 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 2067 with const generics 2068 - LEFT= 41 2069 - RIGHT= 23 2070 */ 2071 static KRML_MUSTINLINE uint64_t 2072 libcrux_sha3_simd_portable__vxarq_u64_020(uint64_t a, uint64_t b) { 2073 return libcrux_sha3_simd_portable_rotate_left_020(a ^ b); 2074 } 2075 2076 /** 2077 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 2078 */ 2079 /** 2080 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 2081 with const generics 2082 - LEFT= 41 2083 - RIGHT= 23 2084 */ 2085 static KRML_MUSTINLINE uint64_t 2086 libcrux_sha3_simd_portable_xor_and_rotate_d2_020(uint64_t a, uint64_t b) { 2087 return libcrux_sha3_simd_portable__vxarq_u64_020(a, b); 2088 } 2089 2090 /** 2091 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left 2092 with const generics 2093 - LEFT= 18 2094 - RIGHT= 46 2095 */ 2096 static KRML_MUSTINLINE uint64_t 2097 libcrux_sha3_simd_portable_rotate_left_a9(uint64_t x) { 2098 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)18); 2099 } 2100 2101 /** 2102 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 2103 with const generics 2104 - LEFT= 18 2105 - RIGHT= 46 2106 */ 2107 static KRML_MUSTINLINE uint64_t 2108 libcrux_sha3_simd_portable__vxarq_u64_a9(uint64_t a, uint64_t b) { 2109 return libcrux_sha3_simd_portable_rotate_left_a9(a ^ b); 2110 } 2111 2112 /** 2113 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 2114 */ 2115 /** 2116 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 2117 with const generics 2118 - LEFT= 18 2119 - RIGHT= 46 2120 */ 2121 static KRML_MUSTINLINE uint64_t 2122 libcrux_sha3_simd_portable_xor_and_rotate_d2_a9(uint64_t a, uint64_t b) { 2123 return libcrux_sha3_simd_portable__vxarq_u64_a9(a, b); 2124 } 2125 2126 /** 2127 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 2128 with const generics 2129 - LEFT= 1 2130 - RIGHT= 63 2131 */ 2132 static KRML_MUSTINLINE uint64_t 2133 libcrux_sha3_simd_portable__vxarq_u64_76(uint64_t a, uint64_t b) { 2134 return libcrux_sha3_simd_portable_rotate_left_76(a ^ b); 2135 } 2136 2137 /** 2138 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 2139 */ 2140 /** 2141 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 2142 with const generics 2143 - LEFT= 1 2144 - RIGHT= 63 2145 */ 2146 static KRML_MUSTINLINE uint64_t 2147 libcrux_sha3_simd_portable_xor_and_rotate_d2_76(uint64_t a, uint64_t b) { 2148 return libcrux_sha3_simd_portable__vxarq_u64_76(a, b); 2149 } 2150 2151 /** 2152 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left 2153 with const generics 2154 - LEFT= 44 2155 - RIGHT= 20 2156 */ 2157 static KRML_MUSTINLINE uint64_t 2158 libcrux_sha3_simd_portable_rotate_left_58(uint64_t x) { 2159 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)44); 2160 } 2161 2162 /** 2163 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 2164 with const generics 2165 - LEFT= 44 2166 - RIGHT= 20 2167 */ 2168 static KRML_MUSTINLINE uint64_t 2169 libcrux_sha3_simd_portable__vxarq_u64_58(uint64_t a, uint64_t b) { 2170 return libcrux_sha3_simd_portable_rotate_left_58(a ^ b); 2171 } 2172 2173 /** 2174 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 2175 */ 2176 /** 2177 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 2178 with const generics 2179 - LEFT= 44 2180 - RIGHT= 20 2181 */ 2182 static KRML_MUSTINLINE uint64_t 2183 libcrux_sha3_simd_portable_xor_and_rotate_d2_58(uint64_t a, uint64_t b) { 2184 return libcrux_sha3_simd_portable__vxarq_u64_58(a, b); 2185 } 2186 2187 /** 2188 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left 2189 with const generics 2190 - LEFT= 10 2191 - RIGHT= 54 2192 */ 2193 static KRML_MUSTINLINE uint64_t 2194 libcrux_sha3_simd_portable_rotate_left_e0(uint64_t x) { 2195 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)10); 2196 } 2197 2198 /** 2199 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 2200 with const generics 2201 - LEFT= 10 2202 - RIGHT= 54 2203 */ 2204 static KRML_MUSTINLINE uint64_t 2205 libcrux_sha3_simd_portable__vxarq_u64_e0(uint64_t a, uint64_t b) { 2206 return libcrux_sha3_simd_portable_rotate_left_e0(a ^ b); 2207 } 2208 2209 /** 2210 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 2211 */ 2212 /** 2213 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 2214 with const generics 2215 - LEFT= 10 2216 - RIGHT= 54 2217 */ 2218 static KRML_MUSTINLINE uint64_t 2219 libcrux_sha3_simd_portable_xor_and_rotate_d2_e0(uint64_t a, uint64_t b) { 2220 return libcrux_sha3_simd_portable__vxarq_u64_e0(a, b); 2221 } 2222 2223 /** 2224 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left 2225 with const generics 2226 - LEFT= 45 2227 - RIGHT= 19 2228 */ 2229 static KRML_MUSTINLINE uint64_t 2230 libcrux_sha3_simd_portable_rotate_left_63(uint64_t x) { 2231 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)45); 2232 } 2233 2234 /** 2235 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 2236 with const generics 2237 - LEFT= 45 2238 - RIGHT= 19 2239 */ 2240 static KRML_MUSTINLINE uint64_t 2241 libcrux_sha3_simd_portable__vxarq_u64_63(uint64_t a, uint64_t b) { 2242 return libcrux_sha3_simd_portable_rotate_left_63(a ^ b); 2243 } 2244 2245 /** 2246 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 2247 */ 2248 /** 2249 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 2250 with const generics 2251 - LEFT= 45 2252 - RIGHT= 19 2253 */ 2254 static KRML_MUSTINLINE uint64_t 2255 libcrux_sha3_simd_portable_xor_and_rotate_d2_63(uint64_t a, uint64_t b) { 2256 return libcrux_sha3_simd_portable__vxarq_u64_63(a, b); 2257 } 2258 2259 /** 2260 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left 2261 with const generics 2262 - LEFT= 2 2263 - RIGHT= 62 2264 */ 2265 static KRML_MUSTINLINE uint64_t 2266 libcrux_sha3_simd_portable_rotate_left_6a(uint64_t x) { 2267 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)2); 2268 } 2269 2270 /** 2271 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 2272 with const generics 2273 - LEFT= 2 2274 - RIGHT= 62 2275 */ 2276 static KRML_MUSTINLINE uint64_t 2277 libcrux_sha3_simd_portable__vxarq_u64_6a(uint64_t a, uint64_t b) { 2278 return libcrux_sha3_simd_portable_rotate_left_6a(a ^ b); 2279 } 2280 2281 /** 2282 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 2283 */ 2284 /** 2285 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 2286 with const generics 2287 - LEFT= 2 2288 - RIGHT= 62 2289 */ 2290 static KRML_MUSTINLINE uint64_t 2291 libcrux_sha3_simd_portable_xor_and_rotate_d2_6a(uint64_t a, uint64_t b) { 2292 return libcrux_sha3_simd_portable__vxarq_u64_6a(a, b); 2293 } 2294 2295 /** 2296 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left 2297 with const generics 2298 - LEFT= 62 2299 - RIGHT= 2 2300 */ 2301 static KRML_MUSTINLINE uint64_t 2302 libcrux_sha3_simd_portable_rotate_left_ab(uint64_t x) { 2303 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)62); 2304 } 2305 2306 /** 2307 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 2308 with const generics 2309 - LEFT= 62 2310 - RIGHT= 2 2311 */ 2312 static KRML_MUSTINLINE uint64_t 2313 libcrux_sha3_simd_portable__vxarq_u64_ab(uint64_t a, uint64_t b) { 2314 return libcrux_sha3_simd_portable_rotate_left_ab(a ^ b); 2315 } 2316 2317 /** 2318 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 2319 */ 2320 /** 2321 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 2322 with const generics 2323 - LEFT= 62 2324 - RIGHT= 2 2325 */ 2326 static KRML_MUSTINLINE uint64_t 2327 libcrux_sha3_simd_portable_xor_and_rotate_d2_ab(uint64_t a, uint64_t b) { 2328 return libcrux_sha3_simd_portable__vxarq_u64_ab(a, b); 2329 } 2330 2331 /** 2332 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left 2333 with const generics 2334 - LEFT= 6 2335 - RIGHT= 58 2336 */ 2337 static KRML_MUSTINLINE uint64_t 2338 libcrux_sha3_simd_portable_rotate_left_5b(uint64_t x) { 2339 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)6); 2340 } 2341 2342 /** 2343 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 2344 with const generics 2345 - LEFT= 6 2346 - RIGHT= 58 2347 */ 2348 static KRML_MUSTINLINE uint64_t 2349 libcrux_sha3_simd_portable__vxarq_u64_5b(uint64_t a, uint64_t b) { 2350 return libcrux_sha3_simd_portable_rotate_left_5b(a ^ b); 2351 } 2352 2353 /** 2354 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 2355 */ 2356 /** 2357 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 2358 with const generics 2359 - LEFT= 6 2360 - RIGHT= 58 2361 */ 2362 static KRML_MUSTINLINE uint64_t 2363 libcrux_sha3_simd_portable_xor_and_rotate_d2_5b(uint64_t a, uint64_t b) { 2364 return libcrux_sha3_simd_portable__vxarq_u64_5b(a, b); 2365 } 2366 2367 /** 2368 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left 2369 with const generics 2370 - LEFT= 43 2371 - RIGHT= 21 2372 */ 2373 static KRML_MUSTINLINE uint64_t 2374 libcrux_sha3_simd_portable_rotate_left_6f(uint64_t x) { 2375 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)43); 2376 } 2377 2378 /** 2379 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 2380 with const generics 2381 - LEFT= 43 2382 - RIGHT= 21 2383 */ 2384 static KRML_MUSTINLINE uint64_t 2385 libcrux_sha3_simd_portable__vxarq_u64_6f(uint64_t a, uint64_t b) { 2386 return libcrux_sha3_simd_portable_rotate_left_6f(a ^ b); 2387 } 2388 2389 /** 2390 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 2391 */ 2392 /** 2393 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 2394 with const generics 2395 - LEFT= 43 2396 - RIGHT= 21 2397 */ 2398 static KRML_MUSTINLINE uint64_t 2399 libcrux_sha3_simd_portable_xor_and_rotate_d2_6f(uint64_t a, uint64_t b) { 2400 return libcrux_sha3_simd_portable__vxarq_u64_6f(a, b); 2401 } 2402 2403 /** 2404 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left 2405 with const generics 2406 - LEFT= 15 2407 - RIGHT= 49 2408 */ 2409 static KRML_MUSTINLINE uint64_t 2410 libcrux_sha3_simd_portable_rotate_left_62(uint64_t x) { 2411 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)15); 2412 } 2413 2414 /** 2415 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 2416 with const generics 2417 - LEFT= 15 2418 - RIGHT= 49 2419 */ 2420 static KRML_MUSTINLINE uint64_t 2421 libcrux_sha3_simd_portable__vxarq_u64_62(uint64_t a, uint64_t b) { 2422 return libcrux_sha3_simd_portable_rotate_left_62(a ^ b); 2423 } 2424 2425 /** 2426 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 2427 */ 2428 /** 2429 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 2430 with const generics 2431 - LEFT= 15 2432 - RIGHT= 49 2433 */ 2434 static KRML_MUSTINLINE uint64_t 2435 libcrux_sha3_simd_portable_xor_and_rotate_d2_62(uint64_t a, uint64_t b) { 2436 return libcrux_sha3_simd_portable__vxarq_u64_62(a, b); 2437 } 2438 2439 /** 2440 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left 2441 with const generics 2442 - LEFT= 61 2443 - RIGHT= 3 2444 */ 2445 static KRML_MUSTINLINE uint64_t 2446 libcrux_sha3_simd_portable_rotate_left_23(uint64_t x) { 2447 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)61); 2448 } 2449 2450 /** 2451 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 2452 with const generics 2453 - LEFT= 61 2454 - RIGHT= 3 2455 */ 2456 static KRML_MUSTINLINE uint64_t 2457 libcrux_sha3_simd_portable__vxarq_u64_23(uint64_t a, uint64_t b) { 2458 return libcrux_sha3_simd_portable_rotate_left_23(a ^ b); 2459 } 2460 2461 /** 2462 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 2463 */ 2464 /** 2465 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 2466 with const generics 2467 - LEFT= 61 2468 - RIGHT= 3 2469 */ 2470 static KRML_MUSTINLINE uint64_t 2471 libcrux_sha3_simd_portable_xor_and_rotate_d2_23(uint64_t a, uint64_t b) { 2472 return libcrux_sha3_simd_portable__vxarq_u64_23(a, b); 2473 } 2474 2475 /** 2476 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left 2477 with const generics 2478 - LEFT= 28 2479 - RIGHT= 36 2480 */ 2481 static KRML_MUSTINLINE uint64_t 2482 libcrux_sha3_simd_portable_rotate_left_37(uint64_t x) { 2483 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)28); 2484 } 2485 2486 /** 2487 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 2488 with const generics 2489 - LEFT= 28 2490 - RIGHT= 36 2491 */ 2492 static KRML_MUSTINLINE uint64_t 2493 libcrux_sha3_simd_portable__vxarq_u64_37(uint64_t a, uint64_t b) { 2494 return libcrux_sha3_simd_portable_rotate_left_37(a ^ b); 2495 } 2496 2497 /** 2498 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 2499 */ 2500 /** 2501 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 2502 with const generics 2503 - LEFT= 28 2504 - RIGHT= 36 2505 */ 2506 static KRML_MUSTINLINE uint64_t 2507 libcrux_sha3_simd_portable_xor_and_rotate_d2_37(uint64_t a, uint64_t b) { 2508 return libcrux_sha3_simd_portable__vxarq_u64_37(a, b); 2509 } 2510 2511 /** 2512 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left 2513 with const generics 2514 - LEFT= 55 2515 - RIGHT= 9 2516 */ 2517 static KRML_MUSTINLINE uint64_t 2518 libcrux_sha3_simd_portable_rotate_left_bb(uint64_t x) { 2519 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)55); 2520 } 2521 2522 /** 2523 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 2524 with const generics 2525 - LEFT= 55 2526 - RIGHT= 9 2527 */ 2528 static KRML_MUSTINLINE uint64_t 2529 libcrux_sha3_simd_portable__vxarq_u64_bb(uint64_t a, uint64_t b) { 2530 return libcrux_sha3_simd_portable_rotate_left_bb(a ^ b); 2531 } 2532 2533 /** 2534 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 2535 */ 2536 /** 2537 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 2538 with const generics 2539 - LEFT= 55 2540 - RIGHT= 9 2541 */ 2542 static KRML_MUSTINLINE uint64_t 2543 libcrux_sha3_simd_portable_xor_and_rotate_d2_bb(uint64_t a, uint64_t b) { 2544 return libcrux_sha3_simd_portable__vxarq_u64_bb(a, b); 2545 } 2546 2547 /** 2548 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left 2549 with const generics 2550 - LEFT= 25 2551 - RIGHT= 39 2552 */ 2553 static KRML_MUSTINLINE uint64_t 2554 libcrux_sha3_simd_portable_rotate_left_b9(uint64_t x) { 2555 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)25); 2556 } 2557 2558 /** 2559 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 2560 with const generics 2561 - LEFT= 25 2562 - RIGHT= 39 2563 */ 2564 static KRML_MUSTINLINE uint64_t 2565 libcrux_sha3_simd_portable__vxarq_u64_b9(uint64_t a, uint64_t b) { 2566 return libcrux_sha3_simd_portable_rotate_left_b9(a ^ b); 2567 } 2568 2569 /** 2570 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 2571 */ 2572 /** 2573 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 2574 with const generics 2575 - LEFT= 25 2576 - RIGHT= 39 2577 */ 2578 static KRML_MUSTINLINE uint64_t 2579 libcrux_sha3_simd_portable_xor_and_rotate_d2_b9(uint64_t a, uint64_t b) { 2580 return libcrux_sha3_simd_portable__vxarq_u64_b9(a, b); 2581 } 2582 2583 /** 2584 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left 2585 with const generics 2586 - LEFT= 21 2587 - RIGHT= 43 2588 */ 2589 static KRML_MUSTINLINE uint64_t 2590 libcrux_sha3_simd_portable_rotate_left_54(uint64_t x) { 2591 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)21); 2592 } 2593 2594 /** 2595 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 2596 with const generics 2597 - LEFT= 21 2598 - RIGHT= 43 2599 */ 2600 static KRML_MUSTINLINE uint64_t 2601 libcrux_sha3_simd_portable__vxarq_u64_54(uint64_t a, uint64_t b) { 2602 return libcrux_sha3_simd_portable_rotate_left_54(a ^ b); 2603 } 2604 2605 /** 2606 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 2607 */ 2608 /** 2609 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 2610 with const generics 2611 - LEFT= 21 2612 - RIGHT= 43 2613 */ 2614 static KRML_MUSTINLINE uint64_t 2615 libcrux_sha3_simd_portable_xor_and_rotate_d2_54(uint64_t a, uint64_t b) { 2616 return libcrux_sha3_simd_portable__vxarq_u64_54(a, b); 2617 } 2618 2619 /** 2620 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left 2621 with const generics 2622 - LEFT= 56 2623 - RIGHT= 8 2624 */ 2625 static KRML_MUSTINLINE uint64_t 2626 libcrux_sha3_simd_portable_rotate_left_4c(uint64_t x) { 2627 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)56); 2628 } 2629 2630 /** 2631 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 2632 with const generics 2633 - LEFT= 56 2634 - RIGHT= 8 2635 */ 2636 static KRML_MUSTINLINE uint64_t 2637 libcrux_sha3_simd_portable__vxarq_u64_4c(uint64_t a, uint64_t b) { 2638 return libcrux_sha3_simd_portable_rotate_left_4c(a ^ b); 2639 } 2640 2641 /** 2642 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 2643 */ 2644 /** 2645 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 2646 with const generics 2647 - LEFT= 56 2648 - RIGHT= 8 2649 */ 2650 static KRML_MUSTINLINE uint64_t 2651 libcrux_sha3_simd_portable_xor_and_rotate_d2_4c(uint64_t a, uint64_t b) { 2652 return libcrux_sha3_simd_portable__vxarq_u64_4c(a, b); 2653 } 2654 2655 /** 2656 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left 2657 with const generics 2658 - LEFT= 27 2659 - RIGHT= 37 2660 */ 2661 static KRML_MUSTINLINE uint64_t 2662 libcrux_sha3_simd_portable_rotate_left_ce(uint64_t x) { 2663 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)27); 2664 } 2665 2666 /** 2667 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 2668 with const generics 2669 - LEFT= 27 2670 - RIGHT= 37 2671 */ 2672 static KRML_MUSTINLINE uint64_t 2673 libcrux_sha3_simd_portable__vxarq_u64_ce(uint64_t a, uint64_t b) { 2674 return libcrux_sha3_simd_portable_rotate_left_ce(a ^ b); 2675 } 2676 2677 /** 2678 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 2679 */ 2680 /** 2681 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 2682 with const generics 2683 - LEFT= 27 2684 - RIGHT= 37 2685 */ 2686 static KRML_MUSTINLINE uint64_t 2687 libcrux_sha3_simd_portable_xor_and_rotate_d2_ce(uint64_t a, uint64_t b) { 2688 return libcrux_sha3_simd_portable__vxarq_u64_ce(a, b); 2689 } 2690 2691 /** 2692 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left 2693 with const generics 2694 - LEFT= 20 2695 - RIGHT= 44 2696 */ 2697 static KRML_MUSTINLINE uint64_t 2698 libcrux_sha3_simd_portable_rotate_left_77(uint64_t x) { 2699 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)20); 2700 } 2701 2702 /** 2703 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 2704 with const generics 2705 - LEFT= 20 2706 - RIGHT= 44 2707 */ 2708 static KRML_MUSTINLINE uint64_t 2709 libcrux_sha3_simd_portable__vxarq_u64_77(uint64_t a, uint64_t b) { 2710 return libcrux_sha3_simd_portable_rotate_left_77(a ^ b); 2711 } 2712 2713 /** 2714 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 2715 */ 2716 /** 2717 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 2718 with const generics 2719 - LEFT= 20 2720 - RIGHT= 44 2721 */ 2722 static KRML_MUSTINLINE uint64_t 2723 libcrux_sha3_simd_portable_xor_and_rotate_d2_77(uint64_t a, uint64_t b) { 2724 return libcrux_sha3_simd_portable__vxarq_u64_77(a, b); 2725 } 2726 2727 /** 2728 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left 2729 with const generics 2730 - LEFT= 39 2731 - RIGHT= 25 2732 */ 2733 static KRML_MUSTINLINE uint64_t 2734 libcrux_sha3_simd_portable_rotate_left_25(uint64_t x) { 2735 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)39); 2736 } 2737 2738 /** 2739 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 2740 with const generics 2741 - LEFT= 39 2742 - RIGHT= 25 2743 */ 2744 static KRML_MUSTINLINE uint64_t 2745 libcrux_sha3_simd_portable__vxarq_u64_25(uint64_t a, uint64_t b) { 2746 return libcrux_sha3_simd_portable_rotate_left_25(a ^ b); 2747 } 2748 2749 /** 2750 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 2751 */ 2752 /** 2753 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 2754 with const generics 2755 - LEFT= 39 2756 - RIGHT= 25 2757 */ 2758 static KRML_MUSTINLINE uint64_t 2759 libcrux_sha3_simd_portable_xor_and_rotate_d2_25(uint64_t a, uint64_t b) { 2760 return libcrux_sha3_simd_portable__vxarq_u64_25(a, b); 2761 } 2762 2763 /** 2764 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left 2765 with const generics 2766 - LEFT= 8 2767 - RIGHT= 56 2768 */ 2769 static KRML_MUSTINLINE uint64_t 2770 libcrux_sha3_simd_portable_rotate_left_af(uint64_t x) { 2771 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)8); 2772 } 2773 2774 /** 2775 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 2776 with const generics 2777 - LEFT= 8 2778 - RIGHT= 56 2779 */ 2780 static KRML_MUSTINLINE uint64_t 2781 libcrux_sha3_simd_portable__vxarq_u64_af(uint64_t a, uint64_t b) { 2782 return libcrux_sha3_simd_portable_rotate_left_af(a ^ b); 2783 } 2784 2785 /** 2786 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 2787 */ 2788 /** 2789 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 2790 with const generics 2791 - LEFT= 8 2792 - RIGHT= 56 2793 */ 2794 static KRML_MUSTINLINE uint64_t 2795 libcrux_sha3_simd_portable_xor_and_rotate_d2_af(uint64_t a, uint64_t b) { 2796 return libcrux_sha3_simd_portable__vxarq_u64_af(a, b); 2797 } 2798 2799 /** 2800 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left 2801 with const generics 2802 - LEFT= 14 2803 - RIGHT= 50 2804 */ 2805 static KRML_MUSTINLINE uint64_t 2806 libcrux_sha3_simd_portable_rotate_left_fd(uint64_t x) { 2807 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)14); 2808 } 2809 2810 /** 2811 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 2812 with const generics 2813 - LEFT= 14 2814 - RIGHT= 50 2815 */ 2816 static KRML_MUSTINLINE uint64_t 2817 libcrux_sha3_simd_portable__vxarq_u64_fd(uint64_t a, uint64_t b) { 2818 return libcrux_sha3_simd_portable_rotate_left_fd(a ^ b); 2819 } 2820 2821 /** 2822 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} 2823 */ 2824 /** 2825 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 2826 with const generics 2827 - LEFT= 14 2828 - RIGHT= 50 2829 */ 2830 static KRML_MUSTINLINE uint64_t 2831 libcrux_sha3_simd_portable_xor_and_rotate_d2_fd(uint64_t a, uint64_t b) { 2832 return libcrux_sha3_simd_portable__vxarq_u64_fd(a, b); 2833 } 2834 2835 /** 2836 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T, 2837 N>[TraitClause@0, TraitClause@1]} 2838 */ 2839 /** 2840 A monomorphic instance of libcrux_sha3.generic_keccak.rho_80 2841 with types uint64_t 2842 with const generics 2843 - N= 1 2844 */ 2845 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_rho_80_04( 2846 libcrux_sha3_generic_keccak_KeccakState_17 *self, uint64_t t[5U]) { 2847 libcrux_sha3_generic_keccak_set_80_04( 2848 self, (size_t)0U, (size_t)0U, 2849 libcrux_sha3_simd_portable_xor_d2( 2850 libcrux_sha3_generic_keccak_index_c2_04( 2851 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, 2852 .snd = (size_t)0U}))[0U], 2853 t[0U])); 2854 libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = self; 2855 libcrux_sha3_generic_keccak_set_80_04( 2856 uu____0, (size_t)1U, (size_t)0U, 2857 libcrux_sha3_simd_portable_xor_and_rotate_d2_02( 2858 libcrux_sha3_generic_keccak_index_c2_04( 2859 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, 2860 .snd = (size_t)0U}))[0U], 2861 t[0U])); 2862 libcrux_sha3_generic_keccak_KeccakState_17 *uu____1 = self; 2863 libcrux_sha3_generic_keccak_set_80_04( 2864 uu____1, (size_t)2U, (size_t)0U, 2865 libcrux_sha3_simd_portable_xor_and_rotate_d2_ac( 2866 libcrux_sha3_generic_keccak_index_c2_04( 2867 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, 2868 .snd = (size_t)0U}))[0U], 2869 t[0U])); 2870 libcrux_sha3_generic_keccak_KeccakState_17 *uu____2 = self; 2871 libcrux_sha3_generic_keccak_set_80_04( 2872 uu____2, (size_t)3U, (size_t)0U, 2873 libcrux_sha3_simd_portable_xor_and_rotate_d2_020( 2874 libcrux_sha3_generic_keccak_index_c2_04( 2875 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, 2876 .snd = (size_t)0U}))[0U], 2877 t[0U])); 2878 libcrux_sha3_generic_keccak_KeccakState_17 *uu____3 = self; 2879 libcrux_sha3_generic_keccak_set_80_04( 2880 uu____3, (size_t)4U, (size_t)0U, 2881 libcrux_sha3_simd_portable_xor_and_rotate_d2_a9( 2882 libcrux_sha3_generic_keccak_index_c2_04( 2883 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, 2884 .snd = (size_t)0U}))[0U], 2885 t[0U])); 2886 libcrux_sha3_generic_keccak_KeccakState_17 *uu____4 = self; 2887 libcrux_sha3_generic_keccak_set_80_04( 2888 uu____4, (size_t)0U, (size_t)1U, 2889 libcrux_sha3_simd_portable_xor_and_rotate_d2_76( 2890 libcrux_sha3_generic_keccak_index_c2_04( 2891 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, 2892 .snd = (size_t)1U}))[0U], 2893 t[1U])); 2894 libcrux_sha3_generic_keccak_KeccakState_17 *uu____5 = self; 2895 libcrux_sha3_generic_keccak_set_80_04( 2896 uu____5, (size_t)1U, (size_t)1U, 2897 libcrux_sha3_simd_portable_xor_and_rotate_d2_58( 2898 libcrux_sha3_generic_keccak_index_c2_04( 2899 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, 2900 .snd = (size_t)1U}))[0U], 2901 t[1U])); 2902 libcrux_sha3_generic_keccak_KeccakState_17 *uu____6 = self; 2903 libcrux_sha3_generic_keccak_set_80_04( 2904 uu____6, (size_t)2U, (size_t)1U, 2905 libcrux_sha3_simd_portable_xor_and_rotate_d2_e0( 2906 libcrux_sha3_generic_keccak_index_c2_04( 2907 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, 2908 .snd = (size_t)1U}))[0U], 2909 t[1U])); 2910 libcrux_sha3_generic_keccak_KeccakState_17 *uu____7 = self; 2911 libcrux_sha3_generic_keccak_set_80_04( 2912 uu____7, (size_t)3U, (size_t)1U, 2913 libcrux_sha3_simd_portable_xor_and_rotate_d2_63( 2914 libcrux_sha3_generic_keccak_index_c2_04( 2915 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, 2916 .snd = (size_t)1U}))[0U], 2917 t[1U])); 2918 libcrux_sha3_generic_keccak_KeccakState_17 *uu____8 = self; 2919 libcrux_sha3_generic_keccak_set_80_04( 2920 uu____8, (size_t)4U, (size_t)1U, 2921 libcrux_sha3_simd_portable_xor_and_rotate_d2_6a( 2922 libcrux_sha3_generic_keccak_index_c2_04( 2923 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, 2924 .snd = (size_t)1U}))[0U], 2925 t[1U])); 2926 libcrux_sha3_generic_keccak_KeccakState_17 *uu____9 = self; 2927 libcrux_sha3_generic_keccak_set_80_04( 2928 uu____9, (size_t)0U, (size_t)2U, 2929 libcrux_sha3_simd_portable_xor_and_rotate_d2_ab( 2930 libcrux_sha3_generic_keccak_index_c2_04( 2931 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, 2932 .snd = (size_t)2U}))[0U], 2933 t[2U])); 2934 libcrux_sha3_generic_keccak_KeccakState_17 *uu____10 = self; 2935 libcrux_sha3_generic_keccak_set_80_04( 2936 uu____10, (size_t)1U, (size_t)2U, 2937 libcrux_sha3_simd_portable_xor_and_rotate_d2_5b( 2938 libcrux_sha3_generic_keccak_index_c2_04( 2939 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, 2940 .snd = (size_t)2U}))[0U], 2941 t[2U])); 2942 libcrux_sha3_generic_keccak_KeccakState_17 *uu____11 = self; 2943 libcrux_sha3_generic_keccak_set_80_04( 2944 uu____11, (size_t)2U, (size_t)2U, 2945 libcrux_sha3_simd_portable_xor_and_rotate_d2_6f( 2946 libcrux_sha3_generic_keccak_index_c2_04( 2947 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, 2948 .snd = (size_t)2U}))[0U], 2949 t[2U])); 2950 libcrux_sha3_generic_keccak_KeccakState_17 *uu____12 = self; 2951 libcrux_sha3_generic_keccak_set_80_04( 2952 uu____12, (size_t)3U, (size_t)2U, 2953 libcrux_sha3_simd_portable_xor_and_rotate_d2_62( 2954 libcrux_sha3_generic_keccak_index_c2_04( 2955 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, 2956 .snd = (size_t)2U}))[0U], 2957 t[2U])); 2958 libcrux_sha3_generic_keccak_KeccakState_17 *uu____13 = self; 2959 libcrux_sha3_generic_keccak_set_80_04( 2960 uu____13, (size_t)4U, (size_t)2U, 2961 libcrux_sha3_simd_portable_xor_and_rotate_d2_23( 2962 libcrux_sha3_generic_keccak_index_c2_04( 2963 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, 2964 .snd = (size_t)2U}))[0U], 2965 t[2U])); 2966 libcrux_sha3_generic_keccak_KeccakState_17 *uu____14 = self; 2967 libcrux_sha3_generic_keccak_set_80_04( 2968 uu____14, (size_t)0U, (size_t)3U, 2969 libcrux_sha3_simd_portable_xor_and_rotate_d2_37( 2970 libcrux_sha3_generic_keccak_index_c2_04( 2971 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, 2972 .snd = (size_t)3U}))[0U], 2973 t[3U])); 2974 libcrux_sha3_generic_keccak_KeccakState_17 *uu____15 = self; 2975 libcrux_sha3_generic_keccak_set_80_04( 2976 uu____15, (size_t)1U, (size_t)3U, 2977 libcrux_sha3_simd_portable_xor_and_rotate_d2_bb( 2978 libcrux_sha3_generic_keccak_index_c2_04( 2979 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, 2980 .snd = (size_t)3U}))[0U], 2981 t[3U])); 2982 libcrux_sha3_generic_keccak_KeccakState_17 *uu____16 = self; 2983 libcrux_sha3_generic_keccak_set_80_04( 2984 uu____16, (size_t)2U, (size_t)3U, 2985 libcrux_sha3_simd_portable_xor_and_rotate_d2_b9( 2986 libcrux_sha3_generic_keccak_index_c2_04( 2987 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, 2988 .snd = (size_t)3U}))[0U], 2989 t[3U])); 2990 libcrux_sha3_generic_keccak_KeccakState_17 *uu____17 = self; 2991 libcrux_sha3_generic_keccak_set_80_04( 2992 uu____17, (size_t)3U, (size_t)3U, 2993 libcrux_sha3_simd_portable_xor_and_rotate_d2_54( 2994 libcrux_sha3_generic_keccak_index_c2_04( 2995 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, 2996 .snd = (size_t)3U}))[0U], 2997 t[3U])); 2998 libcrux_sha3_generic_keccak_KeccakState_17 *uu____18 = self; 2999 libcrux_sha3_generic_keccak_set_80_04( 3000 uu____18, (size_t)4U, (size_t)3U, 3001 libcrux_sha3_simd_portable_xor_and_rotate_d2_4c( 3002 libcrux_sha3_generic_keccak_index_c2_04( 3003 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, 3004 .snd = (size_t)3U}))[0U], 3005 t[3U])); 3006 libcrux_sha3_generic_keccak_KeccakState_17 *uu____19 = self; 3007 libcrux_sha3_generic_keccak_set_80_04( 3008 uu____19, (size_t)0U, (size_t)4U, 3009 libcrux_sha3_simd_portable_xor_and_rotate_d2_ce( 3010 libcrux_sha3_generic_keccak_index_c2_04( 3011 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, 3012 .snd = (size_t)4U}))[0U], 3013 t[4U])); 3014 libcrux_sha3_generic_keccak_KeccakState_17 *uu____20 = self; 3015 libcrux_sha3_generic_keccak_set_80_04( 3016 uu____20, (size_t)1U, (size_t)4U, 3017 libcrux_sha3_simd_portable_xor_and_rotate_d2_77( 3018 libcrux_sha3_generic_keccak_index_c2_04( 3019 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, 3020 .snd = (size_t)4U}))[0U], 3021 t[4U])); 3022 libcrux_sha3_generic_keccak_KeccakState_17 *uu____21 = self; 3023 libcrux_sha3_generic_keccak_set_80_04( 3024 uu____21, (size_t)2U, (size_t)4U, 3025 libcrux_sha3_simd_portable_xor_and_rotate_d2_25( 3026 libcrux_sha3_generic_keccak_index_c2_04( 3027 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, 3028 .snd = (size_t)4U}))[0U], 3029 t[4U])); 3030 libcrux_sha3_generic_keccak_KeccakState_17 *uu____22 = self; 3031 libcrux_sha3_generic_keccak_set_80_04( 3032 uu____22, (size_t)3U, (size_t)4U, 3033 libcrux_sha3_simd_portable_xor_and_rotate_d2_af( 3034 libcrux_sha3_generic_keccak_index_c2_04( 3035 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, 3036 .snd = (size_t)4U}))[0U], 3037 t[4U])); 3038 libcrux_sha3_generic_keccak_KeccakState_17 *uu____23 = self; 3039 libcrux_sha3_generic_keccak_set_80_04( 3040 uu____23, (size_t)4U, (size_t)4U, 3041 libcrux_sha3_simd_portable_xor_and_rotate_d2_fd( 3042 libcrux_sha3_generic_keccak_index_c2_04( 3043 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, 3044 .snd = (size_t)4U}))[0U], 3045 t[4U])); 3046 } 3047 3048 /** 3049 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T, 3050 N>[TraitClause@0, TraitClause@1]} 3051 */ 3052 /** 3053 A monomorphic instance of libcrux_sha3.generic_keccak.pi_80 3054 with types uint64_t 3055 with const generics 3056 - N= 1 3057 */ 3058 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_80_04( 3059 libcrux_sha3_generic_keccak_KeccakState_17 *self) { 3060 libcrux_sha3_generic_keccak_KeccakState_17 old = self[0U]; 3061 libcrux_sha3_generic_keccak_set_80_04( 3062 self, (size_t)1U, (size_t)0U, 3063 libcrux_sha3_generic_keccak_index_c2_04( 3064 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, 3065 .snd = (size_t)3U}))[0U]); 3066 libcrux_sha3_generic_keccak_set_80_04( 3067 self, (size_t)2U, (size_t)0U, 3068 libcrux_sha3_generic_keccak_index_c2_04( 3069 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, 3070 .snd = (size_t)1U}))[0U]); 3071 libcrux_sha3_generic_keccak_set_80_04( 3072 self, (size_t)3U, (size_t)0U, 3073 libcrux_sha3_generic_keccak_index_c2_04( 3074 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, 3075 .snd = (size_t)4U}))[0U]); 3076 libcrux_sha3_generic_keccak_set_80_04( 3077 self, (size_t)4U, (size_t)0U, 3078 libcrux_sha3_generic_keccak_index_c2_04( 3079 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, 3080 .snd = (size_t)2U}))[0U]); 3081 libcrux_sha3_generic_keccak_set_80_04( 3082 self, (size_t)0U, (size_t)1U, 3083 libcrux_sha3_generic_keccak_index_c2_04( 3084 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, 3085 .snd = (size_t)1U}))[0U]); 3086 libcrux_sha3_generic_keccak_set_80_04( 3087 self, (size_t)1U, (size_t)1U, 3088 libcrux_sha3_generic_keccak_index_c2_04( 3089 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, 3090 .snd = (size_t)4U}))[0U]); 3091 libcrux_sha3_generic_keccak_set_80_04( 3092 self, (size_t)2U, (size_t)1U, 3093 libcrux_sha3_generic_keccak_index_c2_04( 3094 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, 3095 .snd = (size_t)2U}))[0U]); 3096 libcrux_sha3_generic_keccak_set_80_04( 3097 self, (size_t)3U, (size_t)1U, 3098 libcrux_sha3_generic_keccak_index_c2_04( 3099 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, 3100 .snd = (size_t)0U}))[0U]); 3101 libcrux_sha3_generic_keccak_set_80_04( 3102 self, (size_t)4U, (size_t)1U, 3103 libcrux_sha3_generic_keccak_index_c2_04( 3104 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, 3105 .snd = (size_t)3U}))[0U]); 3106 libcrux_sha3_generic_keccak_set_80_04( 3107 self, (size_t)0U, (size_t)2U, 3108 libcrux_sha3_generic_keccak_index_c2_04( 3109 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, 3110 .snd = (size_t)2U}))[0U]); 3111 libcrux_sha3_generic_keccak_set_80_04( 3112 self, (size_t)1U, (size_t)2U, 3113 libcrux_sha3_generic_keccak_index_c2_04( 3114 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, 3115 .snd = (size_t)0U}))[0U]); 3116 libcrux_sha3_generic_keccak_set_80_04( 3117 self, (size_t)2U, (size_t)2U, 3118 libcrux_sha3_generic_keccak_index_c2_04( 3119 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, 3120 .snd = (size_t)3U}))[0U]); 3121 libcrux_sha3_generic_keccak_set_80_04( 3122 self, (size_t)3U, (size_t)2U, 3123 libcrux_sha3_generic_keccak_index_c2_04( 3124 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, 3125 .snd = (size_t)1U}))[0U]); 3126 libcrux_sha3_generic_keccak_set_80_04( 3127 self, (size_t)4U, (size_t)2U, 3128 libcrux_sha3_generic_keccak_index_c2_04( 3129 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, 3130 .snd = (size_t)4U}))[0U]); 3131 libcrux_sha3_generic_keccak_set_80_04( 3132 self, (size_t)0U, (size_t)3U, 3133 libcrux_sha3_generic_keccak_index_c2_04( 3134 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, 3135 .snd = (size_t)3U}))[0U]); 3136 libcrux_sha3_generic_keccak_set_80_04( 3137 self, (size_t)1U, (size_t)3U, 3138 libcrux_sha3_generic_keccak_index_c2_04( 3139 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, 3140 .snd = (size_t)1U}))[0U]); 3141 libcrux_sha3_generic_keccak_set_80_04( 3142 self, (size_t)2U, (size_t)3U, 3143 libcrux_sha3_generic_keccak_index_c2_04( 3144 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, 3145 .snd = (size_t)4U}))[0U]); 3146 libcrux_sha3_generic_keccak_set_80_04( 3147 self, (size_t)3U, (size_t)3U, 3148 libcrux_sha3_generic_keccak_index_c2_04( 3149 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, 3150 .snd = (size_t)2U}))[0U]); 3151 libcrux_sha3_generic_keccak_set_80_04( 3152 self, (size_t)4U, (size_t)3U, 3153 libcrux_sha3_generic_keccak_index_c2_04( 3154 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, 3155 .snd = (size_t)0U}))[0U]); 3156 libcrux_sha3_generic_keccak_set_80_04( 3157 self, (size_t)0U, (size_t)4U, 3158 libcrux_sha3_generic_keccak_index_c2_04( 3159 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, 3160 .snd = (size_t)4U}))[0U]); 3161 libcrux_sha3_generic_keccak_set_80_04( 3162 self, (size_t)1U, (size_t)4U, 3163 libcrux_sha3_generic_keccak_index_c2_04( 3164 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, 3165 .snd = (size_t)2U}))[0U]); 3166 libcrux_sha3_generic_keccak_set_80_04( 3167 self, (size_t)2U, (size_t)4U, 3168 libcrux_sha3_generic_keccak_index_c2_04( 3169 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, 3170 .snd = (size_t)0U}))[0U]); 3171 libcrux_sha3_generic_keccak_set_80_04( 3172 self, (size_t)3U, (size_t)4U, 3173 libcrux_sha3_generic_keccak_index_c2_04( 3174 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, 3175 .snd = (size_t)3U}))[0U]); 3176 libcrux_sha3_generic_keccak_set_80_04( 3177 self, (size_t)4U, (size_t)4U, 3178 libcrux_sha3_generic_keccak_index_c2_04( 3179 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, 3180 .snd = (size_t)1U}))[0U]); 3181 } 3182 3183 /** 3184 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T, 3185 N>[TraitClause@0, TraitClause@1]} 3186 */ 3187 /** 3188 A monomorphic instance of libcrux_sha3.generic_keccak.chi_80 3189 with types uint64_t 3190 with const generics 3191 - N= 1 3192 */ 3193 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_80_04( 3194 libcrux_sha3_generic_keccak_KeccakState_17 *self) { 3195 libcrux_sha3_generic_keccak_KeccakState_17 old = self[0U]; 3196 for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) { 3197 size_t i1 = i0; 3198 for (size_t i = (size_t)0U; i < (size_t)5U; i++) { 3199 size_t j = i; 3200 libcrux_sha3_generic_keccak_set_80_04( 3201 self, i1, j, 3202 libcrux_sha3_simd_portable_and_not_xor_d2( 3203 libcrux_sha3_generic_keccak_index_c2_04( 3204 self, (KRML_CLITERAL(size_t_x2){.fst = i1, .snd = j}))[0U], 3205 libcrux_sha3_generic_keccak_index_c2_04( 3206 &old, 3207 (KRML_CLITERAL(size_t_x2){ 3208 .fst = i1, .snd = (j + (size_t)2U) % (size_t)5U}))[0U], 3209 libcrux_sha3_generic_keccak_index_c2_04( 3210 &old, 3211 (KRML_CLITERAL(size_t_x2){ 3212 .fst = i1, .snd = (j + (size_t)1U) % (size_t)5U}))[0U])); 3213 } 3214 } 3215 } 3216 3217 /** 3218 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T, 3219 N>[TraitClause@0, TraitClause@1]} 3220 */ 3221 /** 3222 A monomorphic instance of libcrux_sha3.generic_keccak.iota_80 3223 with types uint64_t 3224 with const generics 3225 - N= 1 3226 */ 3227 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_80_04( 3228 libcrux_sha3_generic_keccak_KeccakState_17 *self, size_t i) { 3229 libcrux_sha3_generic_keccak_set_80_04( 3230 self, (size_t)0U, (size_t)0U, 3231 libcrux_sha3_simd_portable_xor_constant_d2( 3232 libcrux_sha3_generic_keccak_index_c2_04( 3233 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, 3234 .snd = (size_t)0U}))[0U], 3235 libcrux_sha3_generic_keccak_constants_ROUNDCONSTANTS[i])); 3236 } 3237 3238 /** 3239 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T, 3240 N>[TraitClause@0, TraitClause@1]} 3241 */ 3242 /** 3243 A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600_80 3244 with types uint64_t 3245 with const generics 3246 - N= 1 3247 */ 3248 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_80_04( 3249 libcrux_sha3_generic_keccak_KeccakState_17 *self) { 3250 for (size_t i = (size_t)0U; i < (size_t)24U; i++) { 3251 size_t i0 = i; 3252 uint64_t t[5U]; 3253 libcrux_sha3_generic_keccak_theta_80_04(self, t); 3254 libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = self; 3255 uint64_t uu____1[5U]; 3256 memcpy(uu____1, t, (size_t)5U * sizeof(uint64_t)); 3257 libcrux_sha3_generic_keccak_rho_80_04(uu____0, uu____1); 3258 libcrux_sha3_generic_keccak_pi_80_04(self); 3259 libcrux_sha3_generic_keccak_chi_80_04(self); 3260 libcrux_sha3_generic_keccak_iota_80_04(self, i0); 3261 } 3262 } 3263 3264 /** 3265 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T, 3266 N>[TraitClause@0, TraitClause@1]} 3267 */ 3268 /** 3269 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block_80 3270 with types uint64_t 3271 with const generics 3272 - N= 1 3273 - RATE= 72 3274 */ 3275 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_80_c6( 3276 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *blocks, 3277 size_t start) { 3278 libcrux_sha3_simd_portable_load_block_a1_f8(self, blocks, start); 3279 libcrux_sha3_generic_keccak_keccakf1600_80_04(self); 3280 } 3281 3282 /** 3283 A monomorphic instance of libcrux_sha3.simd.portable.load_last 3284 with const generics 3285 - RATE= 72 3286 - DELIMITER= 6 3287 */ 3288 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_last_96( 3289 uint64_t *state, Eurydice_slice blocks, size_t start, size_t len) { 3290 uint8_t buffer[72U] = {0U}; 3291 Eurydice_slice_copy( 3292 Eurydice_array_to_subslice3(buffer, (size_t)0U, len, uint8_t *), 3293 Eurydice_slice_subslice3(blocks, start, start + len, uint8_t *), uint8_t); 3294 buffer[len] = 6U; 3295 size_t uu____0 = (size_t)72U - (size_t)1U; 3296 buffer[uu____0] = (uint32_t)buffer[uu____0] | 128U; 3297 libcrux_sha3_simd_portable_load_block_f8( 3298 state, Eurydice_array_to_slice((size_t)72U, buffer, uint8_t), (size_t)0U); 3299 } 3300 3301 /** 3302 This function found in impl {libcrux_sha3::traits::Absorb<1usize> for 3303 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>, 3304 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for 3305 u64}]} 3306 */ 3307 /** 3308 A monomorphic instance of libcrux_sha3.simd.portable.load_last_a1 3309 with const generics 3310 - RATE= 72 3311 - DELIMITER= 6 3312 */ 3313 static inline void libcrux_sha3_simd_portable_load_last_a1_96( 3314 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input, 3315 size_t start, size_t len) { 3316 libcrux_sha3_simd_portable_load_last_96(self->st, input[0U], start, len); 3317 } 3318 3319 /** 3320 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T, 3321 N>[TraitClause@0, TraitClause@1]} 3322 */ 3323 /** 3324 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_80 3325 with types uint64_t 3326 with const generics 3327 - N= 1 3328 - RATE= 72 3329 - DELIM= 6 3330 */ 3331 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80_9e( 3332 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *last, 3333 size_t start, size_t len) { 3334 libcrux_sha3_simd_portable_load_last_a1_96(self, last, start, len); 3335 libcrux_sha3_generic_keccak_keccakf1600_80_04(self); 3336 } 3337 3338 /** 3339 A monomorphic instance of libcrux_sha3.simd.portable.store_block 3340 with const generics 3341 - RATE= 72 3342 */ 3343 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_store_block_f8( 3344 uint64_t *s, Eurydice_slice out, size_t start, size_t len) { 3345 size_t octets = len / (size_t)8U; 3346 for (size_t i = (size_t)0U; i < octets; i++) { 3347 size_t i0 = i; 3348 Eurydice_slice uu____0 = Eurydice_slice_subslice3( 3349 out, start + (size_t)8U * i0, start + (size_t)8U * i0 + (size_t)8U, 3350 uint8_t *); 3351 uint8_t ret[8U]; 3352 core_num__u64__to_le_bytes( 3353 libcrux_sha3_traits_get_ij_04(s, i0 / (size_t)5U, i0 % (size_t)5U)[0U], 3354 ret); 3355 Eurydice_slice_copy( 3356 uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); 3357 } 3358 size_t remaining = len % (size_t)8U; 3359 if (remaining > (size_t)0U) { 3360 Eurydice_slice uu____1 = Eurydice_slice_subslice3( 3361 out, start + len - remaining, start + len, uint8_t *); 3362 uint8_t ret[8U]; 3363 core_num__u64__to_le_bytes( 3364 libcrux_sha3_traits_get_ij_04(s, octets / (size_t)5U, 3365 octets % (size_t)5U)[0U], 3366 ret); 3367 Eurydice_slice_copy( 3368 uu____1, 3369 Eurydice_array_to_subslice3(ret, (size_t)0U, remaining, uint8_t *), 3370 uint8_t); 3371 } 3372 } 3373 3374 /** 3375 This function found in impl {libcrux_sha3::traits::Squeeze1<u64> for 3376 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>, 3377 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for 3378 u64}]} 3379 */ 3380 /** 3381 A monomorphic instance of libcrux_sha3.simd.portable.squeeze_13 3382 with const generics 3383 - RATE= 72 3384 */ 3385 static inline void libcrux_sha3_simd_portable_squeeze_13_f8( 3386 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out, 3387 size_t start, size_t len) { 3388 libcrux_sha3_simd_portable_store_block_f8(self->st, out, start, len); 3389 } 3390 3391 /** 3392 A monomorphic instance of libcrux_sha3.generic_keccak.portable.keccak1 3393 with const generics 3394 - RATE= 72 3395 - DELIM= 6 3396 */ 3397 static inline void libcrux_sha3_generic_keccak_portable_keccak1_96( 3398 Eurydice_slice data, Eurydice_slice out) { 3399 libcrux_sha3_generic_keccak_KeccakState_17 s = 3400 libcrux_sha3_generic_keccak_new_80_04(); 3401 size_t data_len = Eurydice_slice_len(data, uint8_t); 3402 for (size_t i = (size_t)0U; i < data_len / (size_t)72U; i++) { 3403 size_t i0 = i; 3404 Eurydice_slice buf[1U] = {data}; 3405 libcrux_sha3_generic_keccak_absorb_block_80_c6(&s, buf, i0 * (size_t)72U); 3406 } 3407 size_t rem = data_len % (size_t)72U; 3408 Eurydice_slice buf[1U] = {data}; 3409 libcrux_sha3_generic_keccak_absorb_final_80_9e(&s, buf, data_len - rem, rem); 3410 size_t outlen = Eurydice_slice_len(out, uint8_t); 3411 size_t blocks = outlen / (size_t)72U; 3412 size_t last = outlen - outlen % (size_t)72U; 3413 if (blocks == (size_t)0U) { 3414 libcrux_sha3_simd_portable_squeeze_13_f8(&s, out, (size_t)0U, outlen); 3415 } else { 3416 libcrux_sha3_simd_portable_squeeze_13_f8(&s, out, (size_t)0U, (size_t)72U); 3417 for (size_t i = (size_t)1U; i < blocks; i++) { 3418 size_t i0 = i; 3419 libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); 3420 libcrux_sha3_simd_portable_squeeze_13_f8(&s, out, i0 * (size_t)72U, 3421 (size_t)72U); 3422 } 3423 if (last < outlen) { 3424 libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); 3425 libcrux_sha3_simd_portable_squeeze_13_f8(&s, out, last, outlen - last); 3426 } 3427 } 3428 } 3429 3430 /** 3431 A portable SHA3 512 implementation. 3432 */ 3433 static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, 3434 Eurydice_slice data) { 3435 libcrux_sha3_generic_keccak_portable_keccak1_96(data, digest); 3436 } 3437 3438 /** 3439 A monomorphic instance of libcrux_sha3.simd.portable.load_block 3440 with const generics 3441 - RATE= 136 3442 */ 3443 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_block_5b( 3444 uint64_t *state, Eurydice_slice blocks, size_t start) { 3445 uint64_t state_flat[25U] = {0U}; 3446 for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { 3447 size_t i0 = i; 3448 size_t offset = start + (size_t)8U * i0; 3449 uint8_t uu____0[8U]; 3450 Result_15 dst; 3451 Eurydice_slice_to_array2( 3452 &dst, 3453 Eurydice_slice_subslice3(blocks, offset, offset + (size_t)8U, 3454 uint8_t *), 3455 Eurydice_slice, uint8_t[8U], TryFromSliceError); 3456 unwrap_26_68(dst, uu____0); 3457 state_flat[i0] = core_num__u64__from_le_bytes(uu____0); 3458 } 3459 for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { 3460 size_t i0 = i; 3461 libcrux_sha3_traits_set_ij_04( 3462 state, i0 / (size_t)5U, i0 % (size_t)5U, 3463 libcrux_sha3_traits_get_ij_04(state, i0 / (size_t)5U, 3464 i0 % (size_t)5U)[0U] ^ 3465 state_flat[i0]); 3466 } 3467 } 3468 3469 /** 3470 This function found in impl {libcrux_sha3::traits::Absorb<1usize> for 3471 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>, 3472 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for 3473 u64}]} 3474 */ 3475 /** 3476 A monomorphic instance of libcrux_sha3.simd.portable.load_block_a1 3477 with const generics 3478 - RATE= 136 3479 */ 3480 static inline void libcrux_sha3_simd_portable_load_block_a1_5b( 3481 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input, 3482 size_t start) { 3483 libcrux_sha3_simd_portable_load_block_5b(self->st, input[0U], start); 3484 } 3485 3486 /** 3487 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T, 3488 N>[TraitClause@0, TraitClause@1]} 3489 */ 3490 /** 3491 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block_80 3492 with types uint64_t 3493 with const generics 3494 - N= 1 3495 - RATE= 136 3496 */ 3497 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_80_c60( 3498 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *blocks, 3499 size_t start) { 3500 libcrux_sha3_simd_portable_load_block_a1_5b(self, blocks, start); 3501 libcrux_sha3_generic_keccak_keccakf1600_80_04(self); 3502 } 3503 3504 /** 3505 A monomorphic instance of libcrux_sha3.simd.portable.load_last 3506 with const generics 3507 - RATE= 136 3508 - DELIMITER= 6 3509 */ 3510 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_last_ad( 3511 uint64_t *state, Eurydice_slice blocks, size_t start, size_t len) { 3512 uint8_t buffer[136U] = {0U}; 3513 Eurydice_slice_copy( 3514 Eurydice_array_to_subslice3(buffer, (size_t)0U, len, uint8_t *), 3515 Eurydice_slice_subslice3(blocks, start, start + len, uint8_t *), uint8_t); 3516 buffer[len] = 6U; 3517 size_t uu____0 = (size_t)136U - (size_t)1U; 3518 buffer[uu____0] = (uint32_t)buffer[uu____0] | 128U; 3519 libcrux_sha3_simd_portable_load_block_5b( 3520 state, Eurydice_array_to_slice((size_t)136U, buffer, uint8_t), 3521 (size_t)0U); 3522 } 3523 3524 /** 3525 This function found in impl {libcrux_sha3::traits::Absorb<1usize> for 3526 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>, 3527 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for 3528 u64}]} 3529 */ 3530 /** 3531 A monomorphic instance of libcrux_sha3.simd.portable.load_last_a1 3532 with const generics 3533 - RATE= 136 3534 - DELIMITER= 6 3535 */ 3536 static inline void libcrux_sha3_simd_portable_load_last_a1_ad( 3537 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input, 3538 size_t start, size_t len) { 3539 libcrux_sha3_simd_portable_load_last_ad(self->st, input[0U], start, len); 3540 } 3541 3542 /** 3543 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T, 3544 N>[TraitClause@0, TraitClause@1]} 3545 */ 3546 /** 3547 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_80 3548 with types uint64_t 3549 with const generics 3550 - N= 1 3551 - RATE= 136 3552 - DELIM= 6 3553 */ 3554 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80_9e0( 3555 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *last, 3556 size_t start, size_t len) { 3557 libcrux_sha3_simd_portable_load_last_a1_ad(self, last, start, len); 3558 libcrux_sha3_generic_keccak_keccakf1600_80_04(self); 3559 } 3560 3561 /** 3562 A monomorphic instance of libcrux_sha3.simd.portable.store_block 3563 with const generics 3564 - RATE= 136 3565 */ 3566 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_store_block_5b( 3567 uint64_t *s, Eurydice_slice out, size_t start, size_t len) { 3568 size_t octets = len / (size_t)8U; 3569 for (size_t i = (size_t)0U; i < octets; i++) { 3570 size_t i0 = i; 3571 Eurydice_slice uu____0 = Eurydice_slice_subslice3( 3572 out, start + (size_t)8U * i0, start + (size_t)8U * i0 + (size_t)8U, 3573 uint8_t *); 3574 uint8_t ret[8U]; 3575 core_num__u64__to_le_bytes( 3576 libcrux_sha3_traits_get_ij_04(s, i0 / (size_t)5U, i0 % (size_t)5U)[0U], 3577 ret); 3578 Eurydice_slice_copy( 3579 uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); 3580 } 3581 size_t remaining = len % (size_t)8U; 3582 if (remaining > (size_t)0U) { 3583 Eurydice_slice uu____1 = Eurydice_slice_subslice3( 3584 out, start + len - remaining, start + len, uint8_t *); 3585 uint8_t ret[8U]; 3586 core_num__u64__to_le_bytes( 3587 libcrux_sha3_traits_get_ij_04(s, octets / (size_t)5U, 3588 octets % (size_t)5U)[0U], 3589 ret); 3590 Eurydice_slice_copy( 3591 uu____1, 3592 Eurydice_array_to_subslice3(ret, (size_t)0U, remaining, uint8_t *), 3593 uint8_t); 3594 } 3595 } 3596 3597 /** 3598 This function found in impl {libcrux_sha3::traits::Squeeze1<u64> for 3599 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>, 3600 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for 3601 u64}]} 3602 */ 3603 /** 3604 A monomorphic instance of libcrux_sha3.simd.portable.squeeze_13 3605 with const generics 3606 - RATE= 136 3607 */ 3608 static inline void libcrux_sha3_simd_portable_squeeze_13_5b( 3609 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out, 3610 size_t start, size_t len) { 3611 libcrux_sha3_simd_portable_store_block_5b(self->st, out, start, len); 3612 } 3613 3614 /** 3615 A monomorphic instance of libcrux_sha3.generic_keccak.portable.keccak1 3616 with const generics 3617 - RATE= 136 3618 - DELIM= 6 3619 */ 3620 static inline void libcrux_sha3_generic_keccak_portable_keccak1_ad( 3621 Eurydice_slice data, Eurydice_slice out) { 3622 libcrux_sha3_generic_keccak_KeccakState_17 s = 3623 libcrux_sha3_generic_keccak_new_80_04(); 3624 size_t data_len = Eurydice_slice_len(data, uint8_t); 3625 for (size_t i = (size_t)0U; i < data_len / (size_t)136U; i++) { 3626 size_t i0 = i; 3627 Eurydice_slice buf[1U] = {data}; 3628 libcrux_sha3_generic_keccak_absorb_block_80_c60(&s, buf, i0 * (size_t)136U); 3629 } 3630 size_t rem = data_len % (size_t)136U; 3631 Eurydice_slice buf[1U] = {data}; 3632 libcrux_sha3_generic_keccak_absorb_final_80_9e0(&s, buf, data_len - rem, rem); 3633 size_t outlen = Eurydice_slice_len(out, uint8_t); 3634 size_t blocks = outlen / (size_t)136U; 3635 size_t last = outlen - outlen % (size_t)136U; 3636 if (blocks == (size_t)0U) { 3637 libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, (size_t)0U, outlen); 3638 } else { 3639 libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, (size_t)0U, (size_t)136U); 3640 for (size_t i = (size_t)1U; i < blocks; i++) { 3641 size_t i0 = i; 3642 libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); 3643 libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, i0 * (size_t)136U, 3644 (size_t)136U); 3645 } 3646 if (last < outlen) { 3647 libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); 3648 libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, last, outlen - last); 3649 } 3650 } 3651 } 3652 3653 /** 3654 A portable SHA3 256 implementation. 3655 */ 3656 static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, 3657 Eurydice_slice data) { 3658 libcrux_sha3_generic_keccak_portable_keccak1_ad(data, digest); 3659 } 3660 3661 /** 3662 A monomorphic instance of libcrux_sha3.simd.portable.load_last 3663 with const generics 3664 - RATE= 136 3665 - DELIMITER= 31 3666 */ 3667 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_last_ad0( 3668 uint64_t *state, Eurydice_slice blocks, size_t start, size_t len) { 3669 uint8_t buffer[136U] = {0U}; 3670 Eurydice_slice_copy( 3671 Eurydice_array_to_subslice3(buffer, (size_t)0U, len, uint8_t *), 3672 Eurydice_slice_subslice3(blocks, start, start + len, uint8_t *), uint8_t); 3673 buffer[len] = 31U; 3674 size_t uu____0 = (size_t)136U - (size_t)1U; 3675 buffer[uu____0] = (uint32_t)buffer[uu____0] | 128U; 3676 libcrux_sha3_simd_portable_load_block_5b( 3677 state, Eurydice_array_to_slice((size_t)136U, buffer, uint8_t), 3678 (size_t)0U); 3679 } 3680 3681 /** 3682 This function found in impl {libcrux_sha3::traits::Absorb<1usize> for 3683 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>, 3684 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for 3685 u64}]} 3686 */ 3687 /** 3688 A monomorphic instance of libcrux_sha3.simd.portable.load_last_a1 3689 with const generics 3690 - RATE= 136 3691 - DELIMITER= 31 3692 */ 3693 static inline void libcrux_sha3_simd_portable_load_last_a1_ad0( 3694 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input, 3695 size_t start, size_t len) { 3696 libcrux_sha3_simd_portable_load_last_ad0(self->st, input[0U], start, len); 3697 } 3698 3699 /** 3700 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T, 3701 N>[TraitClause@0, TraitClause@1]} 3702 */ 3703 /** 3704 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_80 3705 with types uint64_t 3706 with const generics 3707 - N= 1 3708 - RATE= 136 3709 - DELIM= 31 3710 */ 3711 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80_9e1( 3712 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *last, 3713 size_t start, size_t len) { 3714 libcrux_sha3_simd_portable_load_last_a1_ad0(self, last, start, len); 3715 libcrux_sha3_generic_keccak_keccakf1600_80_04(self); 3716 } 3717 3718 /** 3719 A monomorphic instance of libcrux_sha3.generic_keccak.portable.keccak1 3720 with const generics 3721 - RATE= 136 3722 - DELIM= 31 3723 */ 3724 static inline void libcrux_sha3_generic_keccak_portable_keccak1_ad0( 3725 Eurydice_slice data, Eurydice_slice out) { 3726 libcrux_sha3_generic_keccak_KeccakState_17 s = 3727 libcrux_sha3_generic_keccak_new_80_04(); 3728 size_t data_len = Eurydice_slice_len(data, uint8_t); 3729 for (size_t i = (size_t)0U; i < data_len / (size_t)136U; i++) { 3730 size_t i0 = i; 3731 Eurydice_slice buf[1U] = {data}; 3732 libcrux_sha3_generic_keccak_absorb_block_80_c60(&s, buf, i0 * (size_t)136U); 3733 } 3734 size_t rem = data_len % (size_t)136U; 3735 Eurydice_slice buf[1U] = {data}; 3736 libcrux_sha3_generic_keccak_absorb_final_80_9e1(&s, buf, data_len - rem, rem); 3737 size_t outlen = Eurydice_slice_len(out, uint8_t); 3738 size_t blocks = outlen / (size_t)136U; 3739 size_t last = outlen - outlen % (size_t)136U; 3740 if (blocks == (size_t)0U) { 3741 libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, (size_t)0U, outlen); 3742 } else { 3743 libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, (size_t)0U, (size_t)136U); 3744 for (size_t i = (size_t)1U; i < blocks; i++) { 3745 size_t i0 = i; 3746 libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); 3747 libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, i0 * (size_t)136U, 3748 (size_t)136U); 3749 } 3750 if (last < outlen) { 3751 libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); 3752 libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, last, outlen - last); 3753 } 3754 } 3755 } 3756 3757 /** 3758 A portable SHAKE256 implementation. 3759 */ 3760 static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( 3761 Eurydice_slice digest, Eurydice_slice data) { 3762 libcrux_sha3_generic_keccak_portable_keccak1_ad0(data, digest); 3763 } 3764 3765 typedef libcrux_sha3_generic_keccak_KeccakState_17 3766 libcrux_sha3_portable_KeccakState; 3767 3768 /** 3769 Create a new SHAKE-128 state object. 3770 */ 3771 static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_17 3772 libcrux_sha3_portable_incremental_shake128_init(void) { 3773 return libcrux_sha3_generic_keccak_new_80_04(); 3774 } 3775 3776 /** 3777 A monomorphic instance of libcrux_sha3.simd.portable.load_block 3778 with const generics 3779 - RATE= 168 3780 */ 3781 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_block_3a( 3782 uint64_t *state, Eurydice_slice blocks, size_t start) { 3783 uint64_t state_flat[25U] = {0U}; 3784 for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { 3785 size_t i0 = i; 3786 size_t offset = start + (size_t)8U * i0; 3787 uint8_t uu____0[8U]; 3788 Result_15 dst; 3789 Eurydice_slice_to_array2( 3790 &dst, 3791 Eurydice_slice_subslice3(blocks, offset, offset + (size_t)8U, 3792 uint8_t *), 3793 Eurydice_slice, uint8_t[8U], TryFromSliceError); 3794 unwrap_26_68(dst, uu____0); 3795 state_flat[i0] = core_num__u64__from_le_bytes(uu____0); 3796 } 3797 for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { 3798 size_t i0 = i; 3799 libcrux_sha3_traits_set_ij_04( 3800 state, i0 / (size_t)5U, i0 % (size_t)5U, 3801 libcrux_sha3_traits_get_ij_04(state, i0 / (size_t)5U, 3802 i0 % (size_t)5U)[0U] ^ 3803 state_flat[i0]); 3804 } 3805 } 3806 3807 /** 3808 A monomorphic instance of libcrux_sha3.simd.portable.load_last 3809 with const generics 3810 - RATE= 168 3811 - DELIMITER= 31 3812 */ 3813 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_last_c6( 3814 uint64_t *state, Eurydice_slice blocks, size_t start, size_t len) { 3815 uint8_t buffer[168U] = {0U}; 3816 Eurydice_slice_copy( 3817 Eurydice_array_to_subslice3(buffer, (size_t)0U, len, uint8_t *), 3818 Eurydice_slice_subslice3(blocks, start, start + len, uint8_t *), uint8_t); 3819 buffer[len] = 31U; 3820 size_t uu____0 = (size_t)168U - (size_t)1U; 3821 buffer[uu____0] = (uint32_t)buffer[uu____0] | 128U; 3822 libcrux_sha3_simd_portable_load_block_3a( 3823 state, Eurydice_array_to_slice((size_t)168U, buffer, uint8_t), 3824 (size_t)0U); 3825 } 3826 3827 /** 3828 This function found in impl {libcrux_sha3::traits::Absorb<1usize> for 3829 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>, 3830 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for 3831 u64}]} 3832 */ 3833 /** 3834 A monomorphic instance of libcrux_sha3.simd.portable.load_last_a1 3835 with const generics 3836 - RATE= 168 3837 - DELIMITER= 31 3838 */ 3839 static inline void libcrux_sha3_simd_portable_load_last_a1_c6( 3840 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input, 3841 size_t start, size_t len) { 3842 libcrux_sha3_simd_portable_load_last_c6(self->st, input[0U], start, len); 3843 } 3844 3845 /** 3846 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T, 3847 N>[TraitClause@0, TraitClause@1]} 3848 */ 3849 /** 3850 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_80 3851 with types uint64_t 3852 with const generics 3853 - N= 1 3854 - RATE= 168 3855 - DELIM= 31 3856 */ 3857 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80_9e2( 3858 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *last, 3859 size_t start, size_t len) { 3860 libcrux_sha3_simd_portable_load_last_a1_c6(self, last, start, len); 3861 libcrux_sha3_generic_keccak_keccakf1600_80_04(self); 3862 } 3863 3864 /** 3865 Absorb 3866 */ 3867 static KRML_MUSTINLINE void 3868 libcrux_sha3_portable_incremental_shake128_absorb_final( 3869 libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice data0) { 3870 libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = s; 3871 Eurydice_slice uu____1[1U] = {data0}; 3872 libcrux_sha3_generic_keccak_absorb_final_80_9e2( 3873 uu____0, uu____1, (size_t)0U, Eurydice_slice_len(data0, uint8_t)); 3874 } 3875 3876 /** 3877 A monomorphic instance of libcrux_sha3.simd.portable.store_block 3878 with const generics 3879 - RATE= 168 3880 */ 3881 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_store_block_3a( 3882 uint64_t *s, Eurydice_slice out, size_t start, size_t len) { 3883 size_t octets = len / (size_t)8U; 3884 for (size_t i = (size_t)0U; i < octets; i++) { 3885 size_t i0 = i; 3886 Eurydice_slice uu____0 = Eurydice_slice_subslice3( 3887 out, start + (size_t)8U * i0, start + (size_t)8U * i0 + (size_t)8U, 3888 uint8_t *); 3889 uint8_t ret[8U]; 3890 core_num__u64__to_le_bytes( 3891 libcrux_sha3_traits_get_ij_04(s, i0 / (size_t)5U, i0 % (size_t)5U)[0U], 3892 ret); 3893 Eurydice_slice_copy( 3894 uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); 3895 } 3896 size_t remaining = len % (size_t)8U; 3897 if (remaining > (size_t)0U) { 3898 Eurydice_slice uu____1 = Eurydice_slice_subslice3( 3899 out, start + len - remaining, start + len, uint8_t *); 3900 uint8_t ret[8U]; 3901 core_num__u64__to_le_bytes( 3902 libcrux_sha3_traits_get_ij_04(s, octets / (size_t)5U, 3903 octets % (size_t)5U)[0U], 3904 ret); 3905 Eurydice_slice_copy( 3906 uu____1, 3907 Eurydice_array_to_subslice3(ret, (size_t)0U, remaining, uint8_t *), 3908 uint8_t); 3909 } 3910 } 3911 3912 /** 3913 This function found in impl {libcrux_sha3::traits::Squeeze1<u64> for 3914 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>, 3915 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for 3916 u64}]} 3917 */ 3918 /** 3919 A monomorphic instance of libcrux_sha3.simd.portable.squeeze_13 3920 with const generics 3921 - RATE= 168 3922 */ 3923 static inline void libcrux_sha3_simd_portable_squeeze_13_3a( 3924 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out, 3925 size_t start, size_t len) { 3926 libcrux_sha3_simd_portable_store_block_3a(self->st, out, start, len); 3927 } 3928 3929 /** 3930 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<u64, 3931 1usize>[core::marker::Sized<u64>, 3932 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for 3933 u64}]} 3934 */ 3935 /** 3936 A monomorphic instance of 3937 libcrux_sha3.generic_keccak.portable.squeeze_first_three_blocks_b4 with const 3938 generics 3939 - RATE= 168 3940 */ 3941 static KRML_MUSTINLINE void 3942 libcrux_sha3_generic_keccak_portable_squeeze_first_three_blocks_b4_3a( 3943 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out) { 3944 libcrux_sha3_simd_portable_squeeze_13_3a(self, out, (size_t)0U, (size_t)168U); 3945 libcrux_sha3_generic_keccak_keccakf1600_80_04(self); 3946 libcrux_sha3_simd_portable_squeeze_13_3a(self, out, (size_t)168U, 3947 (size_t)168U); 3948 libcrux_sha3_generic_keccak_keccakf1600_80_04(self); 3949 libcrux_sha3_simd_portable_squeeze_13_3a(self, out, (size_t)2U * (size_t)168U, 3950 (size_t)168U); 3951 } 3952 3953 /** 3954 Squeeze three blocks 3955 */ 3956 static KRML_MUSTINLINE void 3957 libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( 3958 libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out0) { 3959 libcrux_sha3_generic_keccak_portable_squeeze_first_three_blocks_b4_3a(s, 3960 out0); 3961 } 3962 3963 /** 3964 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<u64, 3965 1usize>[core::marker::Sized<u64>, 3966 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for 3967 u64}]} 3968 */ 3969 /** 3970 A monomorphic instance of 3971 libcrux_sha3.generic_keccak.portable.squeeze_next_block_b4 with const generics 3972 - RATE= 168 3973 */ 3974 static KRML_MUSTINLINE void 3975 libcrux_sha3_generic_keccak_portable_squeeze_next_block_b4_3a( 3976 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out, 3977 size_t start) { 3978 libcrux_sha3_generic_keccak_keccakf1600_80_04(self); 3979 libcrux_sha3_simd_portable_squeeze_13_3a(self, out, start, (size_t)168U); 3980 } 3981 3982 /** 3983 Squeeze another block 3984 */ 3985 static KRML_MUSTINLINE void 3986 libcrux_sha3_portable_incremental_shake128_squeeze_next_block( 3987 libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out0) { 3988 libcrux_sha3_generic_keccak_portable_squeeze_next_block_b4_3a(s, out0, 3989 (size_t)0U); 3990 } 3991 3992 #define libcrux_sha3_Algorithm_Sha224 1 3993 #define libcrux_sha3_Algorithm_Sha256 2 3994 #define libcrux_sha3_Algorithm_Sha384 3 3995 #define libcrux_sha3_Algorithm_Sha512 4 3996 3997 typedef uint8_t libcrux_sha3_Algorithm; 3998 3999 typedef uint8_t libcrux_sha3_Sha3_224Digest[28U]; 4000 4001 typedef uint8_t libcrux_sha3_Sha3_256Digest[32U]; 4002 4003 typedef uint8_t libcrux_sha3_Sha3_384Digest[48U]; 4004 4005 typedef uint8_t libcrux_sha3_Sha3_512Digest[64U]; 4006 4007 /** 4008 Returns the output size of a digest. 4009 */ 4010 static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { 4011 switch (mode) { 4012 case libcrux_sha3_Algorithm_Sha224: { 4013 break; 4014 } 4015 case libcrux_sha3_Algorithm_Sha256: { 4016 return (size_t)32U; 4017 } 4018 case libcrux_sha3_Algorithm_Sha384: { 4019 return (size_t)48U; 4020 } 4021 case libcrux_sha3_Algorithm_Sha512: { 4022 return (size_t)64U; 4023 } 4024 default: { 4025 KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, 4026 __LINE__); 4027 KRML_HOST_EXIT(253U); 4028 } 4029 } 4030 return (size_t)28U; 4031 } 4032 4033 /** 4034 A monomorphic instance of libcrux_sha3.simd.portable.load_block 4035 with const generics 4036 - RATE= 144 4037 */ 4038 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_block_2c( 4039 uint64_t *state, Eurydice_slice blocks, size_t start) { 4040 uint64_t state_flat[25U] = {0U}; 4041 for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { 4042 size_t i0 = i; 4043 size_t offset = start + (size_t)8U * i0; 4044 uint8_t uu____0[8U]; 4045 Result_15 dst; 4046 Eurydice_slice_to_array2( 4047 &dst, 4048 Eurydice_slice_subslice3(blocks, offset, offset + (size_t)8U, 4049 uint8_t *), 4050 Eurydice_slice, uint8_t[8U], TryFromSliceError); 4051 unwrap_26_68(dst, uu____0); 4052 state_flat[i0] = core_num__u64__from_le_bytes(uu____0); 4053 } 4054 for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { 4055 size_t i0 = i; 4056 libcrux_sha3_traits_set_ij_04( 4057 state, i0 / (size_t)5U, i0 % (size_t)5U, 4058 libcrux_sha3_traits_get_ij_04(state, i0 / (size_t)5U, 4059 i0 % (size_t)5U)[0U] ^ 4060 state_flat[i0]); 4061 } 4062 } 4063 4064 /** 4065 This function found in impl {libcrux_sha3::traits::Absorb<1usize> for 4066 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>, 4067 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for 4068 u64}]} 4069 */ 4070 /** 4071 A monomorphic instance of libcrux_sha3.simd.portable.load_block_a1 4072 with const generics 4073 - RATE= 144 4074 */ 4075 static inline void libcrux_sha3_simd_portable_load_block_a1_2c( 4076 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input, 4077 size_t start) { 4078 libcrux_sha3_simd_portable_load_block_2c(self->st, input[0U], start); 4079 } 4080 4081 /** 4082 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T, 4083 N>[TraitClause@0, TraitClause@1]} 4084 */ 4085 /** 4086 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block_80 4087 with types uint64_t 4088 with const generics 4089 - N= 1 4090 - RATE= 144 4091 */ 4092 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_80_c61( 4093 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *blocks, 4094 size_t start) { 4095 libcrux_sha3_simd_portable_load_block_a1_2c(self, blocks, start); 4096 libcrux_sha3_generic_keccak_keccakf1600_80_04(self); 4097 } 4098 4099 /** 4100 A monomorphic instance of libcrux_sha3.simd.portable.load_last 4101 with const generics 4102 - RATE= 144 4103 - DELIMITER= 6 4104 */ 4105 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_last_1e( 4106 uint64_t *state, Eurydice_slice blocks, size_t start, size_t len) { 4107 uint8_t buffer[144U] = {0U}; 4108 Eurydice_slice_copy( 4109 Eurydice_array_to_subslice3(buffer, (size_t)0U, len, uint8_t *), 4110 Eurydice_slice_subslice3(blocks, start, start + len, uint8_t *), uint8_t); 4111 buffer[len] = 6U; 4112 size_t uu____0 = (size_t)144U - (size_t)1U; 4113 buffer[uu____0] = (uint32_t)buffer[uu____0] | 128U; 4114 libcrux_sha3_simd_portable_load_block_2c( 4115 state, Eurydice_array_to_slice((size_t)144U, buffer, uint8_t), 4116 (size_t)0U); 4117 } 4118 4119 /** 4120 This function found in impl {libcrux_sha3::traits::Absorb<1usize> for 4121 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>, 4122 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for 4123 u64}]} 4124 */ 4125 /** 4126 A monomorphic instance of libcrux_sha3.simd.portable.load_last_a1 4127 with const generics 4128 - RATE= 144 4129 - DELIMITER= 6 4130 */ 4131 static inline void libcrux_sha3_simd_portable_load_last_a1_1e( 4132 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input, 4133 size_t start, size_t len) { 4134 libcrux_sha3_simd_portable_load_last_1e(self->st, input[0U], start, len); 4135 } 4136 4137 /** 4138 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T, 4139 N>[TraitClause@0, TraitClause@1]} 4140 */ 4141 /** 4142 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_80 4143 with types uint64_t 4144 with const generics 4145 - N= 1 4146 - RATE= 144 4147 - DELIM= 6 4148 */ 4149 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80_9e3( 4150 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *last, 4151 size_t start, size_t len) { 4152 libcrux_sha3_simd_portable_load_last_a1_1e(self, last, start, len); 4153 libcrux_sha3_generic_keccak_keccakf1600_80_04(self); 4154 } 4155 4156 /** 4157 A monomorphic instance of libcrux_sha3.simd.portable.store_block 4158 with const generics 4159 - RATE= 144 4160 */ 4161 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_store_block_2c( 4162 uint64_t *s, Eurydice_slice out, size_t start, size_t len) { 4163 size_t octets = len / (size_t)8U; 4164 for (size_t i = (size_t)0U; i < octets; i++) { 4165 size_t i0 = i; 4166 Eurydice_slice uu____0 = Eurydice_slice_subslice3( 4167 out, start + (size_t)8U * i0, start + (size_t)8U * i0 + (size_t)8U, 4168 uint8_t *); 4169 uint8_t ret[8U]; 4170 core_num__u64__to_le_bytes( 4171 libcrux_sha3_traits_get_ij_04(s, i0 / (size_t)5U, i0 % (size_t)5U)[0U], 4172 ret); 4173 Eurydice_slice_copy( 4174 uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); 4175 } 4176 size_t remaining = len % (size_t)8U; 4177 if (remaining > (size_t)0U) { 4178 Eurydice_slice uu____1 = Eurydice_slice_subslice3( 4179 out, start + len - remaining, start + len, uint8_t *); 4180 uint8_t ret[8U]; 4181 core_num__u64__to_le_bytes( 4182 libcrux_sha3_traits_get_ij_04(s, octets / (size_t)5U, 4183 octets % (size_t)5U)[0U], 4184 ret); 4185 Eurydice_slice_copy( 4186 uu____1, 4187 Eurydice_array_to_subslice3(ret, (size_t)0U, remaining, uint8_t *), 4188 uint8_t); 4189 } 4190 } 4191 4192 /** 4193 This function found in impl {libcrux_sha3::traits::Squeeze1<u64> for 4194 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>, 4195 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for 4196 u64}]} 4197 */ 4198 /** 4199 A monomorphic instance of libcrux_sha3.simd.portable.squeeze_13 4200 with const generics 4201 - RATE= 144 4202 */ 4203 static inline void libcrux_sha3_simd_portable_squeeze_13_2c( 4204 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out, 4205 size_t start, size_t len) { 4206 libcrux_sha3_simd_portable_store_block_2c(self->st, out, start, len); 4207 } 4208 4209 /** 4210 A monomorphic instance of libcrux_sha3.generic_keccak.portable.keccak1 4211 with const generics 4212 - RATE= 144 4213 - DELIM= 6 4214 */ 4215 static inline void libcrux_sha3_generic_keccak_portable_keccak1_1e( 4216 Eurydice_slice data, Eurydice_slice out) { 4217 libcrux_sha3_generic_keccak_KeccakState_17 s = 4218 libcrux_sha3_generic_keccak_new_80_04(); 4219 size_t data_len = Eurydice_slice_len(data, uint8_t); 4220 for (size_t i = (size_t)0U; i < data_len / (size_t)144U; i++) { 4221 size_t i0 = i; 4222 Eurydice_slice buf[1U] = {data}; 4223 libcrux_sha3_generic_keccak_absorb_block_80_c61(&s, buf, i0 * (size_t)144U); 4224 } 4225 size_t rem = data_len % (size_t)144U; 4226 Eurydice_slice buf[1U] = {data}; 4227 libcrux_sha3_generic_keccak_absorb_final_80_9e3(&s, buf, data_len - rem, rem); 4228 size_t outlen = Eurydice_slice_len(out, uint8_t); 4229 size_t blocks = outlen / (size_t)144U; 4230 size_t last = outlen - outlen % (size_t)144U; 4231 if (blocks == (size_t)0U) { 4232 libcrux_sha3_simd_portable_squeeze_13_2c(&s, out, (size_t)0U, outlen); 4233 } else { 4234 libcrux_sha3_simd_portable_squeeze_13_2c(&s, out, (size_t)0U, (size_t)144U); 4235 for (size_t i = (size_t)1U; i < blocks; i++) { 4236 size_t i0 = i; 4237 libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); 4238 libcrux_sha3_simd_portable_squeeze_13_2c(&s, out, i0 * (size_t)144U, 4239 (size_t)144U); 4240 } 4241 if (last < outlen) { 4242 libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); 4243 libcrux_sha3_simd_portable_squeeze_13_2c(&s, out, last, outlen - last); 4244 } 4245 } 4246 } 4247 4248 /** 4249 A portable SHA3 224 implementation. 4250 */ 4251 static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, 4252 Eurydice_slice data) { 4253 libcrux_sha3_generic_keccak_portable_keccak1_1e(data, digest); 4254 } 4255 4256 /** 4257 A monomorphic instance of libcrux_sha3.simd.portable.load_block 4258 with const generics 4259 - RATE= 104 4260 */ 4261 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_block_7a( 4262 uint64_t *state, Eurydice_slice blocks, size_t start) { 4263 uint64_t state_flat[25U] = {0U}; 4264 for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { 4265 size_t i0 = i; 4266 size_t offset = start + (size_t)8U * i0; 4267 uint8_t uu____0[8U]; 4268 Result_15 dst; 4269 Eurydice_slice_to_array2( 4270 &dst, 4271 Eurydice_slice_subslice3(blocks, offset, offset + (size_t)8U, 4272 uint8_t *), 4273 Eurydice_slice, uint8_t[8U], TryFromSliceError); 4274 unwrap_26_68(dst, uu____0); 4275 state_flat[i0] = core_num__u64__from_le_bytes(uu____0); 4276 } 4277 for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { 4278 size_t i0 = i; 4279 libcrux_sha3_traits_set_ij_04( 4280 state, i0 / (size_t)5U, i0 % (size_t)5U, 4281 libcrux_sha3_traits_get_ij_04(state, i0 / (size_t)5U, 4282 i0 % (size_t)5U)[0U] ^ 4283 state_flat[i0]); 4284 } 4285 } 4286 4287 /** 4288 This function found in impl {libcrux_sha3::traits::Absorb<1usize> for 4289 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>, 4290 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for 4291 u64}]} 4292 */ 4293 /** 4294 A monomorphic instance of libcrux_sha3.simd.portable.load_block_a1 4295 with const generics 4296 - RATE= 104 4297 */ 4298 static inline void libcrux_sha3_simd_portable_load_block_a1_7a( 4299 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input, 4300 size_t start) { 4301 libcrux_sha3_simd_portable_load_block_7a(self->st, input[0U], start); 4302 } 4303 4304 /** 4305 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T, 4306 N>[TraitClause@0, TraitClause@1]} 4307 */ 4308 /** 4309 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block_80 4310 with types uint64_t 4311 with const generics 4312 - N= 1 4313 - RATE= 104 4314 */ 4315 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_80_c62( 4316 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *blocks, 4317 size_t start) { 4318 libcrux_sha3_simd_portable_load_block_a1_7a(self, blocks, start); 4319 libcrux_sha3_generic_keccak_keccakf1600_80_04(self); 4320 } 4321 4322 /** 4323 A monomorphic instance of libcrux_sha3.simd.portable.load_last 4324 with const generics 4325 - RATE= 104 4326 - DELIMITER= 6 4327 */ 4328 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_last_7c( 4329 uint64_t *state, Eurydice_slice blocks, size_t start, size_t len) { 4330 uint8_t buffer[104U] = {0U}; 4331 Eurydice_slice_copy( 4332 Eurydice_array_to_subslice3(buffer, (size_t)0U, len, uint8_t *), 4333 Eurydice_slice_subslice3(blocks, start, start + len, uint8_t *), uint8_t); 4334 buffer[len] = 6U; 4335 size_t uu____0 = (size_t)104U - (size_t)1U; 4336 buffer[uu____0] = (uint32_t)buffer[uu____0] | 128U; 4337 libcrux_sha3_simd_portable_load_block_7a( 4338 state, Eurydice_array_to_slice((size_t)104U, buffer, uint8_t), 4339 (size_t)0U); 4340 } 4341 4342 /** 4343 This function found in impl {libcrux_sha3::traits::Absorb<1usize> for 4344 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>, 4345 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for 4346 u64}]} 4347 */ 4348 /** 4349 A monomorphic instance of libcrux_sha3.simd.portable.load_last_a1 4350 with const generics 4351 - RATE= 104 4352 - DELIMITER= 6 4353 */ 4354 static inline void libcrux_sha3_simd_portable_load_last_a1_7c( 4355 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input, 4356 size_t start, size_t len) { 4357 libcrux_sha3_simd_portable_load_last_7c(self->st, input[0U], start, len); 4358 } 4359 4360 /** 4361 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T, 4362 N>[TraitClause@0, TraitClause@1]} 4363 */ 4364 /** 4365 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_80 4366 with types uint64_t 4367 with const generics 4368 - N= 1 4369 - RATE= 104 4370 - DELIM= 6 4371 */ 4372 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80_9e4( 4373 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *last, 4374 size_t start, size_t len) { 4375 libcrux_sha3_simd_portable_load_last_a1_7c(self, last, start, len); 4376 libcrux_sha3_generic_keccak_keccakf1600_80_04(self); 4377 } 4378 4379 /** 4380 A monomorphic instance of libcrux_sha3.simd.portable.store_block 4381 with const generics 4382 - RATE= 104 4383 */ 4384 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_store_block_7a( 4385 uint64_t *s, Eurydice_slice out, size_t start, size_t len) { 4386 size_t octets = len / (size_t)8U; 4387 for (size_t i = (size_t)0U; i < octets; i++) { 4388 size_t i0 = i; 4389 Eurydice_slice uu____0 = Eurydice_slice_subslice3( 4390 out, start + (size_t)8U * i0, start + (size_t)8U * i0 + (size_t)8U, 4391 uint8_t *); 4392 uint8_t ret[8U]; 4393 core_num__u64__to_le_bytes( 4394 libcrux_sha3_traits_get_ij_04(s, i0 / (size_t)5U, i0 % (size_t)5U)[0U], 4395 ret); 4396 Eurydice_slice_copy( 4397 uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); 4398 } 4399 size_t remaining = len % (size_t)8U; 4400 if (remaining > (size_t)0U) { 4401 Eurydice_slice uu____1 = Eurydice_slice_subslice3( 4402 out, start + len - remaining, start + len, uint8_t *); 4403 uint8_t ret[8U]; 4404 core_num__u64__to_le_bytes( 4405 libcrux_sha3_traits_get_ij_04(s, octets / (size_t)5U, 4406 octets % (size_t)5U)[0U], 4407 ret); 4408 Eurydice_slice_copy( 4409 uu____1, 4410 Eurydice_array_to_subslice3(ret, (size_t)0U, remaining, uint8_t *), 4411 uint8_t); 4412 } 4413 } 4414 4415 /** 4416 This function found in impl {libcrux_sha3::traits::Squeeze1<u64> for 4417 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>, 4418 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for 4419 u64}]} 4420 */ 4421 /** 4422 A monomorphic instance of libcrux_sha3.simd.portable.squeeze_13 4423 with const generics 4424 - RATE= 104 4425 */ 4426 static inline void libcrux_sha3_simd_portable_squeeze_13_7a( 4427 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out, 4428 size_t start, size_t len) { 4429 libcrux_sha3_simd_portable_store_block_7a(self->st, out, start, len); 4430 } 4431 4432 /** 4433 A monomorphic instance of libcrux_sha3.generic_keccak.portable.keccak1 4434 with const generics 4435 - RATE= 104 4436 - DELIM= 6 4437 */ 4438 static inline void libcrux_sha3_generic_keccak_portable_keccak1_7c( 4439 Eurydice_slice data, Eurydice_slice out) { 4440 libcrux_sha3_generic_keccak_KeccakState_17 s = 4441 libcrux_sha3_generic_keccak_new_80_04(); 4442 size_t data_len = Eurydice_slice_len(data, uint8_t); 4443 for (size_t i = (size_t)0U; i < data_len / (size_t)104U; i++) { 4444 size_t i0 = i; 4445 Eurydice_slice buf[1U] = {data}; 4446 libcrux_sha3_generic_keccak_absorb_block_80_c62(&s, buf, i0 * (size_t)104U); 4447 } 4448 size_t rem = data_len % (size_t)104U; 4449 Eurydice_slice buf[1U] = {data}; 4450 libcrux_sha3_generic_keccak_absorb_final_80_9e4(&s, buf, data_len - rem, rem); 4451 size_t outlen = Eurydice_slice_len(out, uint8_t); 4452 size_t blocks = outlen / (size_t)104U; 4453 size_t last = outlen - outlen % (size_t)104U; 4454 if (blocks == (size_t)0U) { 4455 libcrux_sha3_simd_portable_squeeze_13_7a(&s, out, (size_t)0U, outlen); 4456 } else { 4457 libcrux_sha3_simd_portable_squeeze_13_7a(&s, out, (size_t)0U, (size_t)104U); 4458 for (size_t i = (size_t)1U; i < blocks; i++) { 4459 size_t i0 = i; 4460 libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); 4461 libcrux_sha3_simd_portable_squeeze_13_7a(&s, out, i0 * (size_t)104U, 4462 (size_t)104U); 4463 } 4464 if (last < outlen) { 4465 libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); 4466 libcrux_sha3_simd_portable_squeeze_13_7a(&s, out, last, outlen - last); 4467 } 4468 } 4469 } 4470 4471 /** 4472 A portable SHA3 384 implementation. 4473 */ 4474 static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, 4475 Eurydice_slice data) { 4476 libcrux_sha3_generic_keccak_portable_keccak1_7c(data, digest); 4477 } 4478 4479 /** 4480 SHA3 224 4481 4482 Preconditions: 4483 - `digest.len() == 28` 4484 */ 4485 static inline void libcrux_sha3_sha224_ema(Eurydice_slice digest, 4486 Eurydice_slice payload) { 4487 libcrux_sha3_portable_sha224(digest, payload); 4488 } 4489 4490 /** 4491 SHA3 224 4492 */ 4493 static inline void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { 4494 uint8_t out[28U] = {0U}; 4495 libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t), 4496 data); 4497 memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); 4498 } 4499 4500 /** 4501 SHA3 256 4502 */ 4503 static inline void libcrux_sha3_sha256_ema(Eurydice_slice digest, 4504 Eurydice_slice payload) { 4505 libcrux_sha3_portable_sha256(digest, payload); 4506 } 4507 4508 /** 4509 SHA3 256 4510 */ 4511 static inline void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { 4512 uint8_t out[32U] = {0U}; 4513 libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t), 4514 data); 4515 memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); 4516 } 4517 4518 /** 4519 SHA3 384 4520 */ 4521 static inline void libcrux_sha3_sha384_ema(Eurydice_slice digest, 4522 Eurydice_slice payload) { 4523 libcrux_sha3_portable_sha384(digest, payload); 4524 } 4525 4526 /** 4527 SHA3 384 4528 */ 4529 static inline void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { 4530 uint8_t out[48U] = {0U}; 4531 libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t), 4532 data); 4533 memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); 4534 } 4535 4536 /** 4537 SHA3 512 4538 */ 4539 static inline void libcrux_sha3_sha512_ema(Eurydice_slice digest, 4540 Eurydice_slice payload) { 4541 libcrux_sha3_portable_sha512(digest, payload); 4542 } 4543 4544 /** 4545 SHA3 512 4546 */ 4547 static inline void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { 4548 uint8_t out[64U] = {0U}; 4549 libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t), 4550 data); 4551 memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); 4552 } 4553 4554 /** 4555 This function found in impl {libcrux_sha3::traits::Absorb<1usize> for 4556 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>, 4557 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for 4558 u64}]} 4559 */ 4560 /** 4561 A monomorphic instance of libcrux_sha3.simd.portable.load_block_a1 4562 with const generics 4563 - RATE= 168 4564 */ 4565 static inline void libcrux_sha3_simd_portable_load_block_a1_3a( 4566 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input, 4567 size_t start) { 4568 libcrux_sha3_simd_portable_load_block_3a(self->st, input[0U], start); 4569 } 4570 4571 /** 4572 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T, 4573 N>[TraitClause@0, TraitClause@1]} 4574 */ 4575 /** 4576 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block_80 4577 with types uint64_t 4578 with const generics 4579 - N= 1 4580 - RATE= 168 4581 */ 4582 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_80_c63( 4583 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *blocks, 4584 size_t start) { 4585 libcrux_sha3_simd_portable_load_block_a1_3a(self, blocks, start); 4586 libcrux_sha3_generic_keccak_keccakf1600_80_04(self); 4587 } 4588 4589 /** 4590 A monomorphic instance of libcrux_sha3.generic_keccak.portable.keccak1 4591 with const generics 4592 - RATE= 168 4593 - DELIM= 31 4594 */ 4595 static inline void libcrux_sha3_generic_keccak_portable_keccak1_c6( 4596 Eurydice_slice data, Eurydice_slice out) { 4597 libcrux_sha3_generic_keccak_KeccakState_17 s = 4598 libcrux_sha3_generic_keccak_new_80_04(); 4599 size_t data_len = Eurydice_slice_len(data, uint8_t); 4600 for (size_t i = (size_t)0U; i < data_len / (size_t)168U; i++) { 4601 size_t i0 = i; 4602 Eurydice_slice buf[1U] = {data}; 4603 libcrux_sha3_generic_keccak_absorb_block_80_c63(&s, buf, i0 * (size_t)168U); 4604 } 4605 size_t rem = data_len % (size_t)168U; 4606 Eurydice_slice buf[1U] = {data}; 4607 libcrux_sha3_generic_keccak_absorb_final_80_9e2(&s, buf, data_len - rem, rem); 4608 size_t outlen = Eurydice_slice_len(out, uint8_t); 4609 size_t blocks = outlen / (size_t)168U; 4610 size_t last = outlen - outlen % (size_t)168U; 4611 if (blocks == (size_t)0U) { 4612 libcrux_sha3_simd_portable_squeeze_13_3a(&s, out, (size_t)0U, outlen); 4613 } else { 4614 libcrux_sha3_simd_portable_squeeze_13_3a(&s, out, (size_t)0U, (size_t)168U); 4615 for (size_t i = (size_t)1U; i < blocks; i++) { 4616 size_t i0 = i; 4617 libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); 4618 libcrux_sha3_simd_portable_squeeze_13_3a(&s, out, i0 * (size_t)168U, 4619 (size_t)168U); 4620 } 4621 if (last < outlen) { 4622 libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); 4623 libcrux_sha3_simd_portable_squeeze_13_3a(&s, out, last, outlen - last); 4624 } 4625 } 4626 } 4627 4628 /** 4629 A portable SHAKE128 implementation. 4630 */ 4631 static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( 4632 Eurydice_slice digest, Eurydice_slice data) { 4633 libcrux_sha3_generic_keccak_portable_keccak1_c6(data, digest); 4634 } 4635 4636 /** 4637 SHAKE 128 4638 4639 Writes `out.len()` bytes. 4640 */ 4641 static inline void libcrux_sha3_shake128_ema(Eurydice_slice out, 4642 Eurydice_slice data) { 4643 libcrux_sha3_portable_shake128(out, data); 4644 } 4645 4646 /** 4647 SHAKE 256 4648 4649 Writes `out.len()` bytes. 4650 */ 4651 static inline void libcrux_sha3_shake256_ema(Eurydice_slice out, 4652 Eurydice_slice data) { 4653 libcrux_sha3_portable_shake256(out, data); 4654 } 4655 4656 /** 4657 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<u64, 4658 1usize>[core::marker::Sized<u64>, 4659 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for 4660 u64}]} 4661 */ 4662 /** 4663 A monomorphic instance of 4664 libcrux_sha3.generic_keccak.portable.squeeze_first_five_blocks_b4 with const 4665 generics 4666 - RATE= 168 4667 */ 4668 static KRML_MUSTINLINE void 4669 libcrux_sha3_generic_keccak_portable_squeeze_first_five_blocks_b4_3a( 4670 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out) { 4671 libcrux_sha3_simd_portable_squeeze_13_3a(self, out, (size_t)0U, (size_t)168U); 4672 libcrux_sha3_generic_keccak_keccakf1600_80_04(self); 4673 libcrux_sha3_simd_portable_squeeze_13_3a(self, out, (size_t)168U, 4674 (size_t)168U); 4675 libcrux_sha3_generic_keccak_keccakf1600_80_04(self); 4676 libcrux_sha3_simd_portable_squeeze_13_3a(self, out, (size_t)2U * (size_t)168U, 4677 (size_t)168U); 4678 libcrux_sha3_generic_keccak_keccakf1600_80_04(self); 4679 libcrux_sha3_simd_portable_squeeze_13_3a(self, out, (size_t)3U * (size_t)168U, 4680 (size_t)168U); 4681 libcrux_sha3_generic_keccak_keccakf1600_80_04(self); 4682 libcrux_sha3_simd_portable_squeeze_13_3a(self, out, (size_t)4U * (size_t)168U, 4683 (size_t)168U); 4684 } 4685 4686 /** 4687 Squeeze five blocks 4688 */ 4689 static KRML_MUSTINLINE void 4690 libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( 4691 libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out0) { 4692 libcrux_sha3_generic_keccak_portable_squeeze_first_five_blocks_b4_3a(s, out0); 4693 } 4694 4695 /** 4696 Absorb some data for SHAKE-256 for the last time 4697 */ 4698 static KRML_MUSTINLINE void 4699 libcrux_sha3_portable_incremental_shake256_absorb_final( 4700 libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice data) { 4701 libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = s; 4702 Eurydice_slice uu____1[1U] = {data}; 4703 libcrux_sha3_generic_keccak_absorb_final_80_9e1( 4704 uu____0, uu____1, (size_t)0U, Eurydice_slice_len(data, uint8_t)); 4705 } 4706 4707 /** 4708 Create a new SHAKE-256 state object. 4709 */ 4710 static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_17 4711 libcrux_sha3_portable_incremental_shake256_init(void) { 4712 return libcrux_sha3_generic_keccak_new_80_04(); 4713 } 4714 4715 /** 4716 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<u64, 4717 1usize>[core::marker::Sized<u64>, 4718 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for 4719 u64}]} 4720 */ 4721 /** 4722 A monomorphic instance of 4723 libcrux_sha3.generic_keccak.portable.squeeze_first_block_b4 with const generics 4724 - RATE= 136 4725 */ 4726 static KRML_MUSTINLINE void 4727 libcrux_sha3_generic_keccak_portable_squeeze_first_block_b4_5b( 4728 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out) { 4729 libcrux_sha3_simd_portable_squeeze_13_5b(self, out, (size_t)0U, (size_t)136U); 4730 } 4731 4732 /** 4733 Squeeze the first SHAKE-256 block 4734 */ 4735 static KRML_MUSTINLINE void 4736 libcrux_sha3_portable_incremental_shake256_squeeze_first_block( 4737 libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out) { 4738 libcrux_sha3_generic_keccak_portable_squeeze_first_block_b4_5b(s, out); 4739 } 4740 4741 /** 4742 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<u64, 4743 1usize>[core::marker::Sized<u64>, 4744 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for 4745 u64}]} 4746 */ 4747 /** 4748 A monomorphic instance of 4749 libcrux_sha3.generic_keccak.portable.squeeze_next_block_b4 with const generics 4750 - RATE= 136 4751 */ 4752 static KRML_MUSTINLINE void 4753 libcrux_sha3_generic_keccak_portable_squeeze_next_block_b4_5b( 4754 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out, 4755 size_t start) { 4756 libcrux_sha3_generic_keccak_keccakf1600_80_04(self); 4757 libcrux_sha3_simd_portable_squeeze_13_5b(self, out, start, (size_t)136U); 4758 } 4759 4760 /** 4761 Squeeze the next SHAKE-256 block 4762 */ 4763 static KRML_MUSTINLINE void 4764 libcrux_sha3_portable_incremental_shake256_squeeze_next_block( 4765 libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out) { 4766 libcrux_sha3_generic_keccak_portable_squeeze_next_block_b4_5b(s, out, 4767 (size_t)0U); 4768 } 4769 4770 /** 4771 A monomorphic instance of libcrux_sha3.generic_keccak.xof.KeccakXofState 4772 with types uint64_t 4773 with const generics 4774 - $1size_t 4775 - $136size_t 4776 */ 4777 typedef struct libcrux_sha3_generic_keccak_xof_KeccakXofState_e2_s { 4778 libcrux_sha3_generic_keccak_KeccakState_17 inner; 4779 uint8_t buf[1U][136U]; 4780 size_t buf_len; 4781 bool sponge; 4782 } libcrux_sha3_generic_keccak_xof_KeccakXofState_e2; 4783 4784 typedef libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 4785 libcrux_sha3_portable_incremental_Shake256Xof; 4786 4787 /** 4788 This function found in impl 4789 {libcrux_sha3::generic_keccak::xof::KeccakXofState<STATE, PARALLEL_LANES, 4790 RATE>[TraitClause@0, TraitClause@1]} 4791 */ 4792 /** 4793 A monomorphic instance of libcrux_sha3.generic_keccak.xof.fill_buffer_35 4794 with types uint64_t 4795 with const generics 4796 - PARALLEL_LANES= 1 4797 - RATE= 136 4798 */ 4799 static inline size_t libcrux_sha3_generic_keccak_xof_fill_buffer_35_c6( 4800 libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 *self, 4801 Eurydice_slice *inputs) { 4802 size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); 4803 size_t consumed = (size_t)0U; 4804 if (self->buf_len > (size_t)0U) { 4805 if (self->buf_len + input_len >= (size_t)136U) { 4806 consumed = (size_t)136U - self->buf_len; 4807 for (size_t i = (size_t)0U; i < (size_t)1U; i++) { 4808 size_t i0 = i; 4809 Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( 4810 (size_t)136U, self->buf[i0], self->buf_len, uint8_t, size_t, 4811 uint8_t[]); 4812 Eurydice_slice_copy( 4813 uu____0, 4814 Eurydice_slice_subslice_to(inputs[i0], consumed, uint8_t, size_t, 4815 uint8_t[]), 4816 uint8_t); 4817 } 4818 self->buf_len = self->buf_len + consumed; 4819 } 4820 } 4821 return consumed; 4822 } 4823 4824 /** 4825 This function found in impl 4826 {libcrux_sha3::generic_keccak::xof::KeccakXofState<STATE, PARALLEL_LANES, 4827 RATE>[TraitClause@0, TraitClause@1]} 4828 */ 4829 /** 4830 A monomorphic instance of libcrux_sha3.generic_keccak.xof.absorb_full_35 4831 with types uint64_t 4832 with const generics 4833 - PARALLEL_LANES= 1 4834 - RATE= 136 4835 */ 4836 static inline size_t libcrux_sha3_generic_keccak_xof_absorb_full_35_c6( 4837 libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 *self, 4838 Eurydice_slice *inputs) { 4839 size_t input_consumed = 4840 libcrux_sha3_generic_keccak_xof_fill_buffer_35_c6(self, inputs); 4841 if (input_consumed > (size_t)0U) { 4842 Eurydice_slice borrowed[1U]; 4843 for (size_t i = (size_t)0U; i < (size_t)1U; i++) { 4844 uint8_t buf[136U] = {0U}; 4845 borrowed[i] = core_array___Array_T__N___as_slice((size_t)136U, buf, 4846 uint8_t, Eurydice_slice); 4847 } 4848 for (size_t i = (size_t)0U; i < (size_t)1U; i++) { 4849 size_t i0 = i; 4850 borrowed[i0] = 4851 Eurydice_array_to_slice((size_t)136U, self->buf[i0], uint8_t); 4852 } 4853 libcrux_sha3_simd_portable_load_block_a1_5b(&self->inner, borrowed, 4854 (size_t)0U); 4855 libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner); 4856 self->buf_len = (size_t)0U; 4857 } 4858 size_t input_to_consume = 4859 Eurydice_slice_len(inputs[0U], uint8_t) - input_consumed; 4860 size_t num_blocks = input_to_consume / (size_t)136U; 4861 size_t remainder = input_to_consume % (size_t)136U; 4862 for (size_t i = (size_t)0U; i < num_blocks; i++) { 4863 size_t i0 = i; 4864 libcrux_sha3_simd_portable_load_block_a1_5b( 4865 &self->inner, inputs, input_consumed + i0 * (size_t)136U); 4866 libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner); 4867 } 4868 return remainder; 4869 } 4870 4871 /** 4872 This function found in impl 4873 {libcrux_sha3::generic_keccak::xof::KeccakXofState<STATE, PARALLEL_LANES, 4874 RATE>[TraitClause@0, TraitClause@1]} 4875 */ 4876 /** 4877 A monomorphic instance of libcrux_sha3.generic_keccak.xof.absorb_35 4878 with types uint64_t 4879 with const generics 4880 - PARALLEL_LANES= 1 4881 - RATE= 136 4882 */ 4883 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_xof_absorb_35_c6( 4884 libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 *self, 4885 Eurydice_slice *inputs) { 4886 size_t input_remainder_len = 4887 libcrux_sha3_generic_keccak_xof_absorb_full_35_c6(self, inputs); 4888 if (input_remainder_len > (size_t)0U) { 4889 size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); 4890 for (size_t i = (size_t)0U; i < (size_t)1U; i++) { 4891 size_t i0 = i; 4892 Eurydice_slice_copy(Eurydice_array_to_subslice3( 4893 self->buf[i0], self->buf_len, 4894 self->buf_len + input_remainder_len, uint8_t *), 4895 Eurydice_slice_subslice_from( 4896 inputs[i0], input_len - input_remainder_len, 4897 uint8_t, size_t, uint8_t[]), 4898 uint8_t); 4899 } 4900 self->buf_len = self->buf_len + input_remainder_len; 4901 } 4902 } 4903 4904 /** 4905 Shake256 absorb 4906 */ 4907 /** 4908 This function found in impl {libcrux_sha3::portable::incremental::Xof<136usize> 4909 for libcrux_sha3::portable::incremental::Shake256Xof} 4910 */ 4911 static inline void libcrux_sha3_portable_incremental_absorb_42( 4912 libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 *self, 4913 Eurydice_slice input) { 4914 Eurydice_slice buf[1U] = {input}; 4915 libcrux_sha3_generic_keccak_xof_absorb_35_c6(self, buf); 4916 } 4917 4918 /** 4919 This function found in impl 4920 {libcrux_sha3::generic_keccak::xof::KeccakXofState<STATE, PARALLEL_LANES, 4921 RATE>[TraitClause@0, TraitClause@1]} 4922 */ 4923 /** 4924 A monomorphic instance of libcrux_sha3.generic_keccak.xof.absorb_final_35 4925 with types uint64_t 4926 with const generics 4927 - PARALLEL_LANES= 1 4928 - RATE= 136 4929 - DELIMITER= 31 4930 */ 4931 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_xof_absorb_final_35_9e( 4932 libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 *self, 4933 Eurydice_slice *inputs) { 4934 libcrux_sha3_generic_keccak_xof_absorb_35_c6(self, inputs); 4935 Eurydice_slice borrowed[1U]; 4936 for (size_t i = (size_t)0U; i < (size_t)1U; i++) { 4937 uint8_t buf[136U] = {0U}; 4938 borrowed[i] = core_array___Array_T__N___as_slice((size_t)136U, buf, uint8_t, 4939 Eurydice_slice); 4940 } 4941 for (size_t i = (size_t)0U; i < (size_t)1U; i++) { 4942 size_t i0 = i; 4943 borrowed[i0] = 4944 Eurydice_array_to_slice((size_t)136U, self->buf[i0], uint8_t); 4945 } 4946 libcrux_sha3_simd_portable_load_last_a1_ad0(&self->inner, borrowed, 4947 (size_t)0U, self->buf_len); 4948 libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner); 4949 } 4950 4951 /** 4952 Shake256 absorb final 4953 */ 4954 /** 4955 This function found in impl {libcrux_sha3::portable::incremental::Xof<136usize> 4956 for libcrux_sha3::portable::incremental::Shake256Xof} 4957 */ 4958 static inline void libcrux_sha3_portable_incremental_absorb_final_42( 4959 libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 *self, 4960 Eurydice_slice input) { 4961 Eurydice_slice buf[1U] = {input}; 4962 libcrux_sha3_generic_keccak_xof_absorb_final_35_9e(self, buf); 4963 } 4964 4965 /** 4966 This function found in impl 4967 {libcrux_sha3::generic_keccak::xof::KeccakXofState<STATE, PARALLEL_LANES, 4968 RATE>[TraitClause@0, TraitClause@1]} 4969 */ 4970 /** 4971 A monomorphic instance of libcrux_sha3.generic_keccak.xof.zero_block_35 4972 with types uint64_t 4973 with const generics 4974 - PARALLEL_LANES= 1 4975 - RATE= 136 4976 */ 4977 static inline void libcrux_sha3_generic_keccak_xof_zero_block_35_c6( 4978 uint8_t ret[136U]) { 4979 memset(ret, 0U, 136U * sizeof(uint8_t)); 4980 } 4981 4982 /** 4983 This function found in impl 4984 {libcrux_sha3::generic_keccak::xof::KeccakXofState<STATE, PARALLEL_LANES, 4985 RATE>[TraitClause@0, TraitClause@1]} 4986 */ 4987 /** 4988 A monomorphic instance of libcrux_sha3.generic_keccak.xof.new_35 4989 with types uint64_t 4990 with const generics 4991 - PARALLEL_LANES= 1 4992 - RATE= 136 4993 */ 4994 static inline libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 4995 libcrux_sha3_generic_keccak_xof_new_35_c6(void) { 4996 libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 lit; 4997 lit.inner = libcrux_sha3_generic_keccak_new_80_04(); 4998 uint8_t repeat_expression[1U][136U]; 4999 for (size_t i = (size_t)0U; i < (size_t)1U; i++) { 5000 libcrux_sha3_generic_keccak_xof_zero_block_35_c6(repeat_expression[i]); 5001 } 5002 memcpy(lit.buf, repeat_expression, (size_t)1U * sizeof(uint8_t[136U])); 5003 lit.buf_len = (size_t)0U; 5004 lit.sponge = false; 5005 return lit; 5006 } 5007 5008 /** 5009 Shake256 new state 5010 */ 5011 /** 5012 This function found in impl {libcrux_sha3::portable::incremental::Xof<136usize> 5013 for libcrux_sha3::portable::incremental::Shake256Xof} 5014 */ 5015 static inline libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 5016 libcrux_sha3_portable_incremental_new_42(void) { 5017 return libcrux_sha3_generic_keccak_xof_new_35_c6(); 5018 } 5019 5020 /** 5021 Squeeze `N` x `LEN` bytes. Only `N = 1` for now. 5022 */ 5023 /** 5024 This function found in impl 5025 {libcrux_sha3::generic_keccak::xof::KeccakXofState<STATE, 1usize, 5026 RATE>[TraitClause@0, TraitClause@1]} 5027 */ 5028 /** 5029 A monomorphic instance of libcrux_sha3.generic_keccak.xof.squeeze_85 5030 with types uint64_t 5031 with const generics 5032 - RATE= 136 5033 */ 5034 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_xof_squeeze_85_c7( 5035 libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 *self, 5036 Eurydice_slice out) { 5037 if (self->sponge) { 5038 libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner); 5039 } 5040 size_t out_len = Eurydice_slice_len(out, uint8_t); 5041 if (out_len > (size_t)0U) { 5042 if (out_len <= (size_t)136U) { 5043 libcrux_sha3_simd_portable_squeeze_13_5b(&self->inner, out, (size_t)0U, 5044 out_len); 5045 } else { 5046 size_t blocks = out_len / (size_t)136U; 5047 for (size_t i = (size_t)0U; i < blocks; i++) { 5048 size_t i0 = i; 5049 libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner); 5050 libcrux_sha3_simd_portable_squeeze_13_5b( 5051 &self->inner, out, i0 * (size_t)136U, (size_t)136U); 5052 } 5053 size_t remaining = out_len % (size_t)136U; 5054 if (remaining > (size_t)0U) { 5055 libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner); 5056 libcrux_sha3_simd_portable_squeeze_13_5b( 5057 &self->inner, out, blocks * (size_t)136U, remaining); 5058 } 5059 } 5060 self->sponge = true; 5061 } 5062 } 5063 5064 /** 5065 Shake256 squeeze 5066 */ 5067 /** 5068 This function found in impl {libcrux_sha3::portable::incremental::Xof<136usize> 5069 for libcrux_sha3::portable::incremental::Shake256Xof} 5070 */ 5071 static inline void libcrux_sha3_portable_incremental_squeeze_42( 5072 libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 *self, 5073 Eurydice_slice out) { 5074 libcrux_sha3_generic_keccak_xof_squeeze_85_c7(self, out); 5075 } 5076 5077 /** 5078 A monomorphic instance of libcrux_sha3.generic_keccak.xof.KeccakXofState 5079 with types uint64_t 5080 with const generics 5081 - $1size_t 5082 - $168size_t 5083 */ 5084 typedef struct libcrux_sha3_generic_keccak_xof_KeccakXofState_97_s { 5085 libcrux_sha3_generic_keccak_KeccakState_17 inner; 5086 uint8_t buf[1U][168U]; 5087 size_t buf_len; 5088 bool sponge; 5089 } libcrux_sha3_generic_keccak_xof_KeccakXofState_97; 5090 5091 typedef libcrux_sha3_generic_keccak_xof_KeccakXofState_97 5092 libcrux_sha3_portable_incremental_Shake128Xof; 5093 5094 /** 5095 This function found in impl 5096 {libcrux_sha3::generic_keccak::xof::KeccakXofState<STATE, PARALLEL_LANES, 5097 RATE>[TraitClause@0, TraitClause@1]} 5098 */ 5099 /** 5100 A monomorphic instance of libcrux_sha3.generic_keccak.xof.fill_buffer_35 5101 with types uint64_t 5102 with const generics 5103 - PARALLEL_LANES= 1 5104 - RATE= 168 5105 */ 5106 static inline size_t libcrux_sha3_generic_keccak_xof_fill_buffer_35_c60( 5107 libcrux_sha3_generic_keccak_xof_KeccakXofState_97 *self, 5108 Eurydice_slice *inputs) { 5109 size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); 5110 size_t consumed = (size_t)0U; 5111 if (self->buf_len > (size_t)0U) { 5112 if (self->buf_len + input_len >= (size_t)168U) { 5113 consumed = (size_t)168U - self->buf_len; 5114 for (size_t i = (size_t)0U; i < (size_t)1U; i++) { 5115 size_t i0 = i; 5116 Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( 5117 (size_t)168U, self->buf[i0], self->buf_len, uint8_t, size_t, 5118 uint8_t[]); 5119 Eurydice_slice_copy( 5120 uu____0, 5121 Eurydice_slice_subslice_to(inputs[i0], consumed, uint8_t, size_t, 5122 uint8_t[]), 5123 uint8_t); 5124 } 5125 self->buf_len = self->buf_len + consumed; 5126 } 5127 } 5128 return consumed; 5129 } 5130 5131 /** 5132 This function found in impl 5133 {libcrux_sha3::generic_keccak::xof::KeccakXofState<STATE, PARALLEL_LANES, 5134 RATE>[TraitClause@0, TraitClause@1]} 5135 */ 5136 /** 5137 A monomorphic instance of libcrux_sha3.generic_keccak.xof.absorb_full_35 5138 with types uint64_t 5139 with const generics 5140 - PARALLEL_LANES= 1 5141 - RATE= 168 5142 */ 5143 static inline size_t libcrux_sha3_generic_keccak_xof_absorb_full_35_c60( 5144 libcrux_sha3_generic_keccak_xof_KeccakXofState_97 *self, 5145 Eurydice_slice *inputs) { 5146 size_t input_consumed = 5147 libcrux_sha3_generic_keccak_xof_fill_buffer_35_c60(self, inputs); 5148 if (input_consumed > (size_t)0U) { 5149 Eurydice_slice borrowed[1U]; 5150 for (size_t i = (size_t)0U; i < (size_t)1U; i++) { 5151 uint8_t buf[168U] = {0U}; 5152 borrowed[i] = core_array___Array_T__N___as_slice((size_t)168U, buf, 5153 uint8_t, Eurydice_slice); 5154 } 5155 for (size_t i = (size_t)0U; i < (size_t)1U; i++) { 5156 size_t i0 = i; 5157 borrowed[i0] = 5158 Eurydice_array_to_slice((size_t)168U, self->buf[i0], uint8_t); 5159 } 5160 libcrux_sha3_simd_portable_load_block_a1_3a(&self->inner, borrowed, 5161 (size_t)0U); 5162 libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner); 5163 self->buf_len = (size_t)0U; 5164 } 5165 size_t input_to_consume = 5166 Eurydice_slice_len(inputs[0U], uint8_t) - input_consumed; 5167 size_t num_blocks = input_to_consume / (size_t)168U; 5168 size_t remainder = input_to_consume % (size_t)168U; 5169 for (size_t i = (size_t)0U; i < num_blocks; i++) { 5170 size_t i0 = i; 5171 libcrux_sha3_simd_portable_load_block_a1_3a( 5172 &self->inner, inputs, input_consumed + i0 * (size_t)168U); 5173 libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner); 5174 } 5175 return remainder; 5176 } 5177 5178 /** 5179 This function found in impl 5180 {libcrux_sha3::generic_keccak::xof::KeccakXofState<STATE, PARALLEL_LANES, 5181 RATE>[TraitClause@0, TraitClause@1]} 5182 */ 5183 /** 5184 A monomorphic instance of libcrux_sha3.generic_keccak.xof.absorb_35 5185 with types uint64_t 5186 with const generics 5187 - PARALLEL_LANES= 1 5188 - RATE= 168 5189 */ 5190 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_xof_absorb_35_c60( 5191 libcrux_sha3_generic_keccak_xof_KeccakXofState_97 *self, 5192 Eurydice_slice *inputs) { 5193 size_t input_remainder_len = 5194 libcrux_sha3_generic_keccak_xof_absorb_full_35_c60(self, inputs); 5195 if (input_remainder_len > (size_t)0U) { 5196 size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); 5197 for (size_t i = (size_t)0U; i < (size_t)1U; i++) { 5198 size_t i0 = i; 5199 Eurydice_slice_copy(Eurydice_array_to_subslice3( 5200 self->buf[i0], self->buf_len, 5201 self->buf_len + input_remainder_len, uint8_t *), 5202 Eurydice_slice_subslice_from( 5203 inputs[i0], input_len - input_remainder_len, 5204 uint8_t, size_t, uint8_t[]), 5205 uint8_t); 5206 } 5207 self->buf_len = self->buf_len + input_remainder_len; 5208 } 5209 } 5210 5211 /** 5212 This function found in impl {libcrux_sha3::portable::incremental::Xof<168usize> 5213 for libcrux_sha3::portable::incremental::Shake128Xof} 5214 */ 5215 static inline void libcrux_sha3_portable_incremental_absorb_26( 5216 libcrux_sha3_generic_keccak_xof_KeccakXofState_97 *self, 5217 Eurydice_slice input) { 5218 Eurydice_slice buf[1U] = {input}; 5219 libcrux_sha3_generic_keccak_xof_absorb_35_c60(self, buf); 5220 } 5221 5222 /** 5223 This function found in impl 5224 {libcrux_sha3::generic_keccak::xof::KeccakXofState<STATE, PARALLEL_LANES, 5225 RATE>[TraitClause@0, TraitClause@1]} 5226 */ 5227 /** 5228 A monomorphic instance of libcrux_sha3.generic_keccak.xof.absorb_final_35 5229 with types uint64_t 5230 with const generics 5231 - PARALLEL_LANES= 1 5232 - RATE= 168 5233 - DELIMITER= 31 5234 */ 5235 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_xof_absorb_final_35_9e0( 5236 libcrux_sha3_generic_keccak_xof_KeccakXofState_97 *self, 5237 Eurydice_slice *inputs) { 5238 libcrux_sha3_generic_keccak_xof_absorb_35_c60(self, inputs); 5239 Eurydice_slice borrowed[1U]; 5240 for (size_t i = (size_t)0U; i < (size_t)1U; i++) { 5241 uint8_t buf[168U] = {0U}; 5242 borrowed[i] = core_array___Array_T__N___as_slice((size_t)168U, buf, uint8_t, 5243 Eurydice_slice); 5244 } 5245 for (size_t i = (size_t)0U; i < (size_t)1U; i++) { 5246 size_t i0 = i; 5247 borrowed[i0] = 5248 Eurydice_array_to_slice((size_t)168U, self->buf[i0], uint8_t); 5249 } 5250 libcrux_sha3_simd_portable_load_last_a1_c6(&self->inner, borrowed, (size_t)0U, 5251 self->buf_len); 5252 libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner); 5253 } 5254 5255 /** 5256 This function found in impl {libcrux_sha3::portable::incremental::Xof<168usize> 5257 for libcrux_sha3::portable::incremental::Shake128Xof} 5258 */ 5259 static inline void libcrux_sha3_portable_incremental_absorb_final_26( 5260 libcrux_sha3_generic_keccak_xof_KeccakXofState_97 *self, 5261 Eurydice_slice input) { 5262 Eurydice_slice buf[1U] = {input}; 5263 libcrux_sha3_generic_keccak_xof_absorb_final_35_9e0(self, buf); 5264 } 5265 5266 /** 5267 This function found in impl 5268 {libcrux_sha3::generic_keccak::xof::KeccakXofState<STATE, PARALLEL_LANES, 5269 RATE>[TraitClause@0, TraitClause@1]} 5270 */ 5271 /** 5272 A monomorphic instance of libcrux_sha3.generic_keccak.xof.zero_block_35 5273 with types uint64_t 5274 with const generics 5275 - PARALLEL_LANES= 1 5276 - RATE= 168 5277 */ 5278 static inline void libcrux_sha3_generic_keccak_xof_zero_block_35_c60( 5279 uint8_t ret[168U]) { 5280 memset(ret, 0U, 168U * sizeof(uint8_t)); 5281 } 5282 5283 /** 5284 This function found in impl 5285 {libcrux_sha3::generic_keccak::xof::KeccakXofState<STATE, PARALLEL_LANES, 5286 RATE>[TraitClause@0, TraitClause@1]} 5287 */ 5288 /** 5289 A monomorphic instance of libcrux_sha3.generic_keccak.xof.new_35 5290 with types uint64_t 5291 with const generics 5292 - PARALLEL_LANES= 1 5293 - RATE= 168 5294 */ 5295 static inline libcrux_sha3_generic_keccak_xof_KeccakXofState_97 5296 libcrux_sha3_generic_keccak_xof_new_35_c60(void) { 5297 libcrux_sha3_generic_keccak_xof_KeccakXofState_97 lit; 5298 lit.inner = libcrux_sha3_generic_keccak_new_80_04(); 5299 uint8_t repeat_expression[1U][168U]; 5300 for (size_t i = (size_t)0U; i < (size_t)1U; i++) { 5301 libcrux_sha3_generic_keccak_xof_zero_block_35_c60(repeat_expression[i]); 5302 } 5303 memcpy(lit.buf, repeat_expression, (size_t)1U * sizeof(uint8_t[168U])); 5304 lit.buf_len = (size_t)0U; 5305 lit.sponge = false; 5306 return lit; 5307 } 5308 5309 /** 5310 This function found in impl {libcrux_sha3::portable::incremental::Xof<168usize> 5311 for libcrux_sha3::portable::incremental::Shake128Xof} 5312 */ 5313 static inline libcrux_sha3_generic_keccak_xof_KeccakXofState_97 5314 libcrux_sha3_portable_incremental_new_26(void) { 5315 return libcrux_sha3_generic_keccak_xof_new_35_c60(); 5316 } 5317 5318 /** 5319 Squeeze `N` x `LEN` bytes. Only `N = 1` for now. 5320 */ 5321 /** 5322 This function found in impl 5323 {libcrux_sha3::generic_keccak::xof::KeccakXofState<STATE, 1usize, 5324 RATE>[TraitClause@0, TraitClause@1]} 5325 */ 5326 /** 5327 A monomorphic instance of libcrux_sha3.generic_keccak.xof.squeeze_85 5328 with types uint64_t 5329 with const generics 5330 - RATE= 168 5331 */ 5332 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_xof_squeeze_85_13( 5333 libcrux_sha3_generic_keccak_xof_KeccakXofState_97 *self, 5334 Eurydice_slice out) { 5335 if (self->sponge) { 5336 libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner); 5337 } 5338 size_t out_len = Eurydice_slice_len(out, uint8_t); 5339 if (out_len > (size_t)0U) { 5340 if (out_len <= (size_t)168U) { 5341 libcrux_sha3_simd_portable_squeeze_13_3a(&self->inner, out, (size_t)0U, 5342 out_len); 5343 } else { 5344 size_t blocks = out_len / (size_t)168U; 5345 for (size_t i = (size_t)0U; i < blocks; i++) { 5346 size_t i0 = i; 5347 libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner); 5348 libcrux_sha3_simd_portable_squeeze_13_3a( 5349 &self->inner, out, i0 * (size_t)168U, (size_t)168U); 5350 } 5351 size_t remaining = out_len % (size_t)168U; 5352 if (remaining > (size_t)0U) { 5353 libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner); 5354 libcrux_sha3_simd_portable_squeeze_13_3a( 5355 &self->inner, out, blocks * (size_t)168U, remaining); 5356 } 5357 } 5358 self->sponge = true; 5359 } 5360 } 5361 5362 /** 5363 Shake128 squeeze 5364 */ 5365 /** 5366 This function found in impl {libcrux_sha3::portable::incremental::Xof<168usize> 5367 for libcrux_sha3::portable::incremental::Shake128Xof} 5368 */ 5369 static inline void libcrux_sha3_portable_incremental_squeeze_26( 5370 libcrux_sha3_generic_keccak_xof_KeccakXofState_97 *self, 5371 Eurydice_slice out) { 5372 libcrux_sha3_generic_keccak_xof_squeeze_85_13(self, out); 5373 } 5374 5375 /** 5376 This function found in impl {core::clone::Clone for 5377 libcrux_sha3::portable::KeccakState} 5378 */ 5379 static inline libcrux_sha3_generic_keccak_KeccakState_17 5380 libcrux_sha3_portable_clone_fe( 5381 libcrux_sha3_generic_keccak_KeccakState_17 *self) { 5382 return self[0U]; 5383 } 5384 5385 /** 5386 This function found in impl {core::convert::From<libcrux_sha3::Algorithm> for 5387 u32} 5388 */ 5389 static inline uint32_t libcrux_sha3_from_6c(libcrux_sha3_Algorithm v) { 5390 switch (v) { 5391 case libcrux_sha3_Algorithm_Sha224: { 5392 break; 5393 } 5394 case libcrux_sha3_Algorithm_Sha256: { 5395 return 2U; 5396 } 5397 case libcrux_sha3_Algorithm_Sha384: { 5398 return 3U; 5399 } 5400 case libcrux_sha3_Algorithm_Sha512: { 5401 return 4U; 5402 } 5403 default: { 5404 KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, 5405 __LINE__); 5406 KRML_HOST_EXIT(253U); 5407 } 5408 } 5409 return 1U; 5410 } 5411 5412 /** 5413 This function found in impl {core::convert::From<u32> for 5414 libcrux_sha3::Algorithm} 5415 */ 5416 static inline libcrux_sha3_Algorithm libcrux_sha3_from_29(uint32_t v) { 5417 switch (v) { 5418 case 1U: { 5419 break; 5420 } 5421 case 2U: { 5422 return libcrux_sha3_Algorithm_Sha256; 5423 } 5424 case 3U: { 5425 return libcrux_sha3_Algorithm_Sha384; 5426 } 5427 case 4U: { 5428 return libcrux_sha3_Algorithm_Sha512; 5429 } 5430 default: { 5431 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, 5432 "panic!"); 5433 KRML_HOST_EXIT(255U); 5434 } 5435 } 5436 return libcrux_sha3_Algorithm_Sha224; 5437 } 5438 5439 #if defined(__cplusplus) 5440 } 5441 #endif 5442 5443 #define libcrux_sha3_portable_H_DEFINED 5444 #endif /* libcrux_sha3_portable_H */ 5445 5446 /* from libcrux/libcrux-ml-kem/extracts/c_header_only/generated/libcrux_mlkem768_portable.h */ 5447 /* 5448 * SPDX-FileCopyrightText: 2025 Cryspen Sarl <info (at) cryspen.com> 5449 * 5450 * SPDX-License-Identifier: MIT or Apache-2.0 5451 * 5452 * This code was generated with the following revisions: 5453 * Charon: 667d2fc98984ff7f3df989c2367e6c1fa4a000e7 5454 * Eurydice: 2381cbc416ef2ad0b561c362c500bc84f36b6785 5455 * Karamel: 80f5435f2fc505973c469a4afcc8d875cddd0d8b 5456 * F*: 71d8221589d4d438af3706d89cb653cf53e18aab 5457 * Libcrux: 68dfed5a4a9e40277f62828471c029afed1ecdcc 5458 */ 5459 5460 #ifndef libcrux_mlkem768_portable_H 5461 #define libcrux_mlkem768_portable_H 5462 5463 5464 #if defined(__cplusplus) 5465 extern "C" { 5466 #endif 5467 5468 5469 static inline void libcrux_ml_kem_hash_functions_portable_G( 5470 Eurydice_slice input, uint8_t ret[64U]) { 5471 uint8_t digest[64U] = {0U}; 5472 libcrux_sha3_portable_sha512( 5473 Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); 5474 memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); 5475 } 5476 5477 static inline void libcrux_ml_kem_hash_functions_portable_H( 5478 Eurydice_slice input, uint8_t ret[32U]) { 5479 uint8_t digest[32U] = {0U}; 5480 libcrux_sha3_portable_sha256( 5481 Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); 5482 memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); 5483 } 5484 5485 static const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = 5486 {(int16_t)-1044, (int16_t)-758, (int16_t)-359, (int16_t)-1517, 5487 (int16_t)1493, (int16_t)1422, (int16_t)287, (int16_t)202, 5488 (int16_t)-171, (int16_t)622, (int16_t)1577, (int16_t)182, 5489 (int16_t)962, (int16_t)-1202, (int16_t)-1474, (int16_t)1468, 5490 (int16_t)573, (int16_t)-1325, (int16_t)264, (int16_t)383, 5491 (int16_t)-829, (int16_t)1458, (int16_t)-1602, (int16_t)-130, 5492 (int16_t)-681, (int16_t)1017, (int16_t)732, (int16_t)608, 5493 (int16_t)-1542, (int16_t)411, (int16_t)-205, (int16_t)-1571, 5494 (int16_t)1223, (int16_t)652, (int16_t)-552, (int16_t)1015, 5495 (int16_t)-1293, (int16_t)1491, (int16_t)-282, (int16_t)-1544, 5496 (int16_t)516, (int16_t)-8, (int16_t)-320, (int16_t)-666, 5497 (int16_t)-1618, (int16_t)-1162, (int16_t)126, (int16_t)1469, 5498 (int16_t)-853, (int16_t)-90, (int16_t)-271, (int16_t)830, 5499 (int16_t)107, (int16_t)-1421, (int16_t)-247, (int16_t)-951, 5500 (int16_t)-398, (int16_t)961, (int16_t)-1508, (int16_t)-725, 5501 (int16_t)448, (int16_t)-1065, (int16_t)677, (int16_t)-1275, 5502 (int16_t)-1103, (int16_t)430, (int16_t)555, (int16_t)843, 5503 (int16_t)-1251, (int16_t)871, (int16_t)1550, (int16_t)105, 5504 (int16_t)422, (int16_t)587, (int16_t)177, (int16_t)-235, 5505 (int16_t)-291, (int16_t)-460, (int16_t)1574, (int16_t)1653, 5506 (int16_t)-246, (int16_t)778, (int16_t)1159, (int16_t)-147, 5507 (int16_t)-777, (int16_t)1483, (int16_t)-602, (int16_t)1119, 5508 (int16_t)-1590, (int16_t)644, (int16_t)-872, (int16_t)349, 5509 (int16_t)418, (int16_t)329, (int16_t)-156, (int16_t)-75, 5510 (int16_t)817, (int16_t)1097, (int16_t)603, (int16_t)610, 5511 (int16_t)1322, (int16_t)-1285, (int16_t)-1465, (int16_t)384, 5512 (int16_t)-1215, (int16_t)-136, (int16_t)1218, (int16_t)-1335, 5513 (int16_t)-874, (int16_t)220, (int16_t)-1187, (int16_t)-1659, 5514 (int16_t)-1185, (int16_t)-1530, (int16_t)-1278, (int16_t)794, 5515 (int16_t)-1510, (int16_t)-854, (int16_t)-870, (int16_t)478, 5516 (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, 5517 (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; 5518 5519 static KRML_MUSTINLINE int16_t libcrux_ml_kem_polynomial_zeta(size_t i) { 5520 return libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[i]; 5521 } 5522 5523 #define LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT ((size_t)16U) 5524 5525 #define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR ((size_t)16U) 5526 5527 #define LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS \ 5528 ((int16_t)1353) 5529 5530 #define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS ((int16_t)3329) 5531 5532 #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ 5533 (62209U) 5534 5535 typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { 5536 int16_t elements[16U]; 5537 } libcrux_ml_kem_vector_portable_vector_type_PortableVector; 5538 5539 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 5540 libcrux_ml_kem_vector_portable_vector_type_from_i16_array( 5541 Eurydice_slice array) { 5542 libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; 5543 int16_t ret[16U]; 5544 Result_0a dst; 5545 Eurydice_slice_to_array2( 5546 &dst, Eurydice_slice_subslice3(array, (size_t)0U, (size_t)16U, int16_t *), 5547 Eurydice_slice, int16_t[16U], TryFromSliceError); 5548 unwrap_26_00(dst, ret); 5549 memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); 5550 return lit; 5551 } 5552 5553 /** 5554 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 5555 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 5556 */ 5557 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 5558 libcrux_ml_kem_vector_portable_from_i16_array_b8(Eurydice_slice array) { 5559 return libcrux_ml_kem_vector_portable_vector_type_from_i16_array( 5560 libcrux_secrets_int_classify_public_classify_ref_9b_39(array)); 5561 } 5562 5563 typedef struct int16_t_x8_s { 5564 int16_t fst; 5565 int16_t snd; 5566 int16_t thd; 5567 int16_t f3; 5568 int16_t f4; 5569 int16_t f5; 5570 int16_t f6; 5571 int16_t f7; 5572 } int16_t_x8; 5573 5574 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 5575 libcrux_ml_kem_vector_portable_vector_type_zero(void) { 5576 libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; 5577 int16_t ret[16U]; 5578 int16_t buf[16U] = {0U}; 5579 libcrux_secrets_int_public_integers_classify_27_46(buf, ret); 5580 memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); 5581 return lit; 5582 } 5583 5584 /** 5585 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 5586 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 5587 */ 5588 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 5589 libcrux_ml_kem_vector_portable_ZERO_b8(void) { 5590 return libcrux_ml_kem_vector_portable_vector_type_zero(); 5591 } 5592 5593 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 5594 libcrux_ml_kem_vector_portable_arithmetic_add( 5595 libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, 5596 libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { 5597 for (size_t i = (size_t)0U; 5598 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { 5599 size_t i0 = i; 5600 size_t uu____0 = i0; 5601 lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; 5602 } 5603 return lhs; 5604 } 5605 5606 /** 5607 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 5608 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 5609 */ 5610 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 5611 libcrux_ml_kem_vector_portable_add_b8( 5612 libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, 5613 libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { 5614 return libcrux_ml_kem_vector_portable_arithmetic_add(lhs, rhs); 5615 } 5616 5617 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 5618 libcrux_ml_kem_vector_portable_arithmetic_sub( 5619 libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, 5620 libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { 5621 for (size_t i = (size_t)0U; 5622 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { 5623 size_t i0 = i; 5624 size_t uu____0 = i0; 5625 lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; 5626 } 5627 return lhs; 5628 } 5629 5630 /** 5631 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 5632 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 5633 */ 5634 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 5635 libcrux_ml_kem_vector_portable_sub_b8( 5636 libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, 5637 libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { 5638 return libcrux_ml_kem_vector_portable_arithmetic_sub(lhs, rhs); 5639 } 5640 5641 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 5642 libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( 5643 libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) { 5644 for (size_t i = (size_t)0U; 5645 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { 5646 size_t i0 = i; 5647 size_t uu____0 = i0; 5648 vec.elements[uu____0] = vec.elements[uu____0] * c; 5649 } 5650 return vec; 5651 } 5652 5653 /** 5654 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 5655 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 5656 */ 5657 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 5658 libcrux_ml_kem_vector_portable_multiply_by_constant_b8( 5659 libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) { 5660 return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(vec, c); 5661 } 5662 5663 /** 5664 Note: This function is not secret independent 5665 Only use with public values. 5666 */ 5667 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 5668 libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( 5669 libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { 5670 for (size_t i = (size_t)0U; 5671 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { 5672 size_t i0 = i; 5673 if (libcrux_secrets_int_public_integers_declassify_d8_39( 5674 vec.elements[i0]) >= (int16_t)3329) { 5675 size_t uu____0 = i0; 5676 vec.elements[uu____0] = vec.elements[uu____0] - (int16_t)3329; 5677 } 5678 } 5679 return vec; 5680 } 5681 5682 /** 5683 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 5684 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 5685 */ 5686 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 5687 libcrux_ml_kem_vector_portable_cond_subtract_3329_b8( 5688 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { 5689 return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); 5690 } 5691 5692 #define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER \ 5693 ((int32_t)20159) 5694 5695 #define LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_SHIFT ((int32_t)26) 5696 5697 #define LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_R \ 5698 ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_SHIFT) 5699 5700 /** 5701 Signed Barrett Reduction 5702 5703 Given an input `value`, `barrett_reduce` outputs a representative `result` 5704 such that: 5705 5706 - result value (mod FIELD_MODULUS) 5707 - the absolute value of `result` is bound as follows: 5708 5709 `|result| FIELD_MODULUS / 2 (|value|/BARRETT_R + 1) 5710 5711 Note: The input bound is 28296 to prevent overflow in the multiplication of 5712 quotient by FIELD_MODULUS 5713 5714 */ 5715 static inline int16_t 5716 libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( 5717 int16_t value) { 5718 int32_t t = libcrux_secrets_int_as_i32_f5(value) * 5719 LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER + 5720 (LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_R >> 1U); 5721 int16_t quotient = libcrux_secrets_int_as_i16_36( 5722 t >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_SHIFT); 5723 return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; 5724 } 5725 5726 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 5727 libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( 5728 libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { 5729 for (size_t i = (size_t)0U; 5730 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { 5731 size_t i0 = i; 5732 int16_t vi = 5733 libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( 5734 vec.elements[i0]); 5735 vec.elements[i0] = vi; 5736 } 5737 return vec; 5738 } 5739 5740 /** 5741 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 5742 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 5743 */ 5744 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 5745 libcrux_ml_kem_vector_portable_barrett_reduce_b8( 5746 libcrux_ml_kem_vector_portable_vector_type_PortableVector vector) { 5747 return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(vector); 5748 } 5749 5750 #define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT (16U) 5751 5752 /** 5753 Signed Montgomery Reduction 5754 5755 Given an input `value`, `montgomery_reduce` outputs a representative `o` 5756 such that: 5757 5758 - o value MONTGOMERY_R^(-1) (mod FIELD_MODULUS) 5759 - the absolute value of `o` is bound as follows: 5760 5761 `|result| ceil(|value| / MONTGOMERY_R) + 1665 5762 5763 In particular, if `|value| FIELD_MODULUS-1 * FIELD_MODULUS-1`, then `|o| <= 5764 FIELD_MODULUS-1`. And, if `|value| pow2 16 * FIELD_MODULUS-1`, then `|o| <= 5765 FIELD_MODULUS + 1664 5766 5767 */ 5768 static inline int16_t 5769 libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( 5770 int32_t value) { 5771 int32_t k = 5772 libcrux_secrets_int_as_i32_f5(libcrux_secrets_int_as_i16_36(value)) * 5773 libcrux_secrets_int_as_i32_b8( 5774 libcrux_secrets_int_public_integers_classify_27_df( 5775 LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); 5776 int32_t k_times_modulus = 5777 libcrux_secrets_int_as_i32_f5(libcrux_secrets_int_as_i16_36(k)) * 5778 libcrux_secrets_int_as_i32_f5( 5779 libcrux_secrets_int_public_integers_classify_27_39( 5780 LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); 5781 int16_t c = libcrux_secrets_int_as_i16_36( 5782 k_times_modulus >> 5783 (uint32_t)LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); 5784 int16_t value_high = libcrux_secrets_int_as_i16_36( 5785 value >> 5786 (uint32_t)LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); 5787 return value_high - c; 5788 } 5789 5790 /** 5791 If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to 5792 `y MONTGOMERY_R`, this procedure outputs a value that is congruent to 5793 `x y`, as follows: 5794 5795 `fe fer x y MONTGOMERY_R (mod FIELD_MODULUS)` 5796 5797 `montgomery_reduce` takes the value `x y MONTGOMERY_R` and outputs a 5798 representative `x y MONTGOMERY_R * MONTGOMERY_R^{-1} x y (mod 5799 FIELD_MODULUS)`. 5800 */ 5801 static KRML_MUSTINLINE int16_t 5802 libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( 5803 int16_t fe, int16_t fer) { 5804 int32_t product = 5805 libcrux_secrets_int_as_i32_f5(fe) * libcrux_secrets_int_as_i32_f5(fer); 5806 return libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( 5807 product); 5808 } 5809 5810 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 5811 libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( 5812 libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) { 5813 for (size_t i = (size_t)0U; 5814 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { 5815 size_t i0 = i; 5816 vec.elements[i0] = 5817 libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( 5818 vec.elements[i0], c); 5819 } 5820 return vec; 5821 } 5822 5823 /** 5824 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 5825 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 5826 */ 5827 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 5828 libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8( 5829 libcrux_ml_kem_vector_portable_vector_type_PortableVector vector, 5830 int16_t constant) { 5831 return libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( 5832 vector, libcrux_secrets_int_public_integers_classify_27_39(constant)); 5833 } 5834 5835 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 5836 libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( 5837 libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) { 5838 for (size_t i = (size_t)0U; 5839 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { 5840 size_t i0 = i; 5841 size_t uu____0 = i0; 5842 vec.elements[uu____0] = vec.elements[uu____0] & c; 5843 } 5844 return vec; 5845 } 5846 5847 /** 5848 A monomorphic instance of libcrux_ml_kem.vector.portable.arithmetic.shift_right 5849 with const generics 5850 - SHIFT_BY= 15 5851 */ 5852 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 5853 libcrux_ml_kem_vector_portable_arithmetic_shift_right_ef( 5854 libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { 5855 for (size_t i = (size_t)0U; 5856 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { 5857 size_t i0 = i; 5858 vec.elements[i0] = vec.elements[i0] >> (uint32_t)(int32_t)15; 5859 } 5860 return vec; 5861 } 5862 5863 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 5864 libcrux_ml_kem_vector_portable_arithmetic_to_unsigned_representative( 5865 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { 5866 libcrux_ml_kem_vector_portable_vector_type_PortableVector t = 5867 libcrux_ml_kem_vector_portable_arithmetic_shift_right_ef(a); 5868 libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = 5869 libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( 5870 t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); 5871 return libcrux_ml_kem_vector_portable_arithmetic_add(a, &fm); 5872 } 5873 5874 /** 5875 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 5876 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 5877 */ 5878 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 5879 libcrux_ml_kem_vector_portable_to_unsigned_representative_b8( 5880 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { 5881 return libcrux_ml_kem_vector_portable_arithmetic_to_unsigned_representative( 5882 a); 5883 } 5884 5885 /** 5886 The `compress_*` functions implement the `Compress` function specified in the 5887 NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: 5888 5889 ```plaintext 5890 Compress_d: q -> _{2} 5891 Compress_d(x) = (2/q)x 5892 ``` 5893 5894 Since `x = x + 1/2` we have: 5895 5896 ```plaintext 5897 Compress_d(x) = (2/q)x + 1/2 5898 = (2^{d+1}x + q) / 2q 5899 ``` 5900 5901 For further information about the function implementations, consult the 5902 `implementation_notes.pdf` document in this directory. 5903 5904 The NIST FIPS 203 standard can be found at 5905 <https://csrc.nist.gov/pubs/fips/203/ipd>. 5906 */ 5907 static inline uint8_t 5908 libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( 5909 uint16_t fe) { 5910 int16_t shifted = 5911 libcrux_secrets_int_public_integers_classify_27_39((int16_t)1664) - 5912 libcrux_secrets_int_as_i16_ca(fe); 5913 int16_t mask = shifted >> 15U; 5914 int16_t shifted_to_positive = mask ^ shifted; 5915 int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; 5916 int16_t r0 = shifted_positive_in_range >> 15U; 5917 int16_t r1 = r0 & (int16_t)1; 5918 return libcrux_secrets_int_as_u8_f5(r1); 5919 } 5920 5921 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 5922 libcrux_ml_kem_vector_portable_compress_compress_1( 5923 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { 5924 for (size_t i = (size_t)0U; 5925 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { 5926 size_t i0 = i; 5927 a.elements[i0] = libcrux_secrets_int_as_i16_59( 5928 libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( 5929 libcrux_secrets_int_as_u16_f5(a.elements[i0]))); 5930 } 5931 return a; 5932 } 5933 5934 /** 5935 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 5936 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 5937 */ 5938 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 5939 libcrux_ml_kem_vector_portable_compress_1_b8( 5940 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { 5941 return libcrux_ml_kem_vector_portable_compress_compress_1(a); 5942 } 5943 5944 static KRML_MUSTINLINE uint32_t 5945 libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( 5946 uint8_t n, uint32_t value) { 5947 return value & ((1U << (uint32_t)n) - 1U); 5948 } 5949 5950 static inline int16_t 5951 libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( 5952 uint8_t coefficient_bits, uint16_t fe) { 5953 uint64_t compressed = libcrux_secrets_int_as_u64_ca(fe) 5954 << (uint32_t)coefficient_bits; 5955 compressed = compressed + 1664ULL; 5956 compressed = compressed * 10321340ULL; 5957 compressed = compressed >> 35U; 5958 return libcrux_secrets_int_as_i16_b8( 5959 libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( 5960 coefficient_bits, libcrux_secrets_int_as_u32_a3(compressed))); 5961 } 5962 5963 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 5964 libcrux_ml_kem_vector_portable_compress_decompress_1( 5965 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { 5966 libcrux_ml_kem_vector_portable_vector_type_PortableVector z = 5967 libcrux_ml_kem_vector_portable_vector_type_zero(); 5968 libcrux_ml_kem_vector_portable_vector_type_PortableVector s = 5969 libcrux_ml_kem_vector_portable_arithmetic_sub(z, &a); 5970 libcrux_ml_kem_vector_portable_vector_type_PortableVector res = 5971 libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( 5972 s, (int16_t)1665); 5973 return res; 5974 } 5975 5976 /** 5977 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 5978 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 5979 */ 5980 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 5981 libcrux_ml_kem_vector_portable_decompress_1_b8( 5982 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { 5983 return libcrux_ml_kem_vector_portable_compress_decompress_1(a); 5984 } 5985 5986 static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step( 5987 libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec, 5988 int16_t zeta, size_t i, size_t j) { 5989 int16_t t = 5990 libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( 5991 vec->elements[j], 5992 libcrux_secrets_int_public_integers_classify_27_39(zeta)); 5993 int16_t a_minus_t = vec->elements[i] - t; 5994 int16_t a_plus_t = vec->elements[i] + t; 5995 vec->elements[j] = a_minus_t; 5996 vec->elements[i] = a_plus_t; 5997 } 5998 5999 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 6000 libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( 6001 libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, 6002 int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { 6003 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)0U, 6004 (size_t)2U); 6005 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)1U, 6006 (size_t)3U); 6007 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)4U, 6008 (size_t)6U); 6009 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)5U, 6010 (size_t)7U); 6011 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta2, (size_t)8U, 6012 (size_t)10U); 6013 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta2, (size_t)9U, 6014 (size_t)11U); 6015 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta3, (size_t)12U, 6016 (size_t)14U); 6017 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta3, (size_t)13U, 6018 (size_t)15U); 6019 return vec; 6020 } 6021 6022 /** 6023 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 6024 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 6025 */ 6026 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 6027 libcrux_ml_kem_vector_portable_ntt_layer_1_step_b8( 6028 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, 6029 int16_t zeta1, int16_t zeta2, int16_t zeta3) { 6030 return libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(a, zeta0, zeta1, 6031 zeta2, zeta3); 6032 } 6033 6034 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 6035 libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( 6036 libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, 6037 int16_t zeta0, int16_t zeta1) { 6038 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)0U, 6039 (size_t)4U); 6040 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)1U, 6041 (size_t)5U); 6042 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)2U, 6043 (size_t)6U); 6044 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)3U, 6045 (size_t)7U); 6046 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)8U, 6047 (size_t)12U); 6048 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)9U, 6049 (size_t)13U); 6050 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)10U, 6051 (size_t)14U); 6052 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)11U, 6053 (size_t)15U); 6054 return vec; 6055 } 6056 6057 /** 6058 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 6059 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 6060 */ 6061 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 6062 libcrux_ml_kem_vector_portable_ntt_layer_2_step_b8( 6063 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, 6064 int16_t zeta1) { 6065 return libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(a, zeta0, zeta1); 6066 } 6067 6068 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 6069 libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( 6070 libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, 6071 int16_t zeta) { 6072 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)0U, 6073 (size_t)8U); 6074 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)1U, 6075 (size_t)9U); 6076 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)2U, 6077 (size_t)10U); 6078 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)3U, 6079 (size_t)11U); 6080 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)4U, 6081 (size_t)12U); 6082 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)5U, 6083 (size_t)13U); 6084 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)6U, 6085 (size_t)14U); 6086 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)7U, 6087 (size_t)15U); 6088 return vec; 6089 } 6090 6091 /** 6092 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 6093 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 6094 */ 6095 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 6096 libcrux_ml_kem_vector_portable_ntt_layer_3_step_b8( 6097 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { 6098 return libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(a, zeta); 6099 } 6100 6101 static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( 6102 libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec, 6103 int16_t zeta, size_t i, size_t j) { 6104 int16_t a_minus_b = vec->elements[j] - vec->elements[i]; 6105 int16_t a_plus_b = vec->elements[j] + vec->elements[i]; 6106 int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( 6107 a_plus_b); 6108 int16_t o1 = 6109 libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( 6110 a_minus_b, libcrux_secrets_int_public_integers_classify_27_39(zeta)); 6111 vec->elements[i] = o0; 6112 vec->elements[j] = o1; 6113 } 6114 6115 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 6116 libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( 6117 libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, 6118 int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { 6119 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)0U, 6120 (size_t)2U); 6121 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)1U, 6122 (size_t)3U); 6123 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)4U, 6124 (size_t)6U); 6125 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)5U, 6126 (size_t)7U); 6127 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta2, (size_t)8U, 6128 (size_t)10U); 6129 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta2, (size_t)9U, 6130 (size_t)11U); 6131 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta3, (size_t)12U, 6132 (size_t)14U); 6133 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta3, (size_t)13U, 6134 (size_t)15U); 6135 return vec; 6136 } 6137 6138 /** 6139 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 6140 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 6141 */ 6142 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 6143 libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_b8( 6144 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, 6145 int16_t zeta1, int16_t zeta2, int16_t zeta3) { 6146 return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( 6147 a, zeta0, zeta1, zeta2, zeta3); 6148 } 6149 6150 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 6151 libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( 6152 libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, 6153 int16_t zeta0, int16_t zeta1) { 6154 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)0U, 6155 (size_t)4U); 6156 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)1U, 6157 (size_t)5U); 6158 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)2U, 6159 (size_t)6U); 6160 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)3U, 6161 (size_t)7U); 6162 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)8U, 6163 (size_t)12U); 6164 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)9U, 6165 (size_t)13U); 6166 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)10U, 6167 (size_t)14U); 6168 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)11U, 6169 (size_t)15U); 6170 return vec; 6171 } 6172 6173 /** 6174 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 6175 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 6176 */ 6177 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 6178 libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_b8( 6179 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, 6180 int16_t zeta1) { 6181 return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(a, zeta0, 6182 zeta1); 6183 } 6184 6185 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 6186 libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( 6187 libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, 6188 int16_t zeta) { 6189 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)0U, 6190 (size_t)8U); 6191 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)1U, 6192 (size_t)9U); 6193 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)2U, 6194 (size_t)10U); 6195 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)3U, 6196 (size_t)11U); 6197 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)4U, 6198 (size_t)12U); 6199 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)5U, 6200 (size_t)13U); 6201 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)6U, 6202 (size_t)14U); 6203 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)7U, 6204 (size_t)15U); 6205 return vec; 6206 } 6207 6208 /** 6209 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 6210 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 6211 */ 6212 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 6213 libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_b8( 6214 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { 6215 return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); 6216 } 6217 6218 /** 6219 Compute the product of two Kyber binomials with respect to the 6220 modulus `X - zeta`. 6221 6222 This function almost implements <strong>Algorithm 11</strong> of the 6223 NIST FIPS 203 standard, which is reproduced below: 6224 6225 ```plaintext 6226 Input: a, a, b, b q. 6227 Input: q. 6228 Output: c, c q. 6229 6230 c ab + ab 6231 c ab + ab 6232 return c, c 6233 ``` 6234 We say "almost" because the coefficients output by this function are in 6235 the Montgomery domain (unlike in the specification). 6236 6237 The NIST FIPS 203 standard can be found at 6238 <https://csrc.nist.gov/pubs/fips/203/ipd>. 6239 */ 6240 static KRML_MUSTINLINE void 6241 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( 6242 libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, 6243 libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, 6244 size_t i, libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { 6245 int16_t ai = a->elements[(size_t)2U * i]; 6246 int16_t bi = b->elements[(size_t)2U * i]; 6247 int16_t aj = a->elements[(size_t)2U * i + (size_t)1U]; 6248 int16_t bj = b->elements[(size_t)2U * i + (size_t)1U]; 6249 int32_t ai_bi = 6250 libcrux_secrets_int_as_i32_f5(ai) * libcrux_secrets_int_as_i32_f5(bi); 6251 int32_t aj_bj_ = 6252 libcrux_secrets_int_as_i32_f5(aj) * libcrux_secrets_int_as_i32_f5(bj); 6253 int16_t aj_bj = 6254 libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( 6255 aj_bj_); 6256 int32_t aj_bj_zeta = libcrux_secrets_int_as_i32_f5(aj_bj) * 6257 libcrux_secrets_int_as_i32_f5(zeta); 6258 int32_t ai_bi_aj_bj = ai_bi + aj_bj_zeta; 6259 int16_t o0 = 6260 libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( 6261 ai_bi_aj_bj); 6262 int32_t ai_bj = 6263 libcrux_secrets_int_as_i32_f5(ai) * libcrux_secrets_int_as_i32_f5(bj); 6264 int32_t aj_bi = 6265 libcrux_secrets_int_as_i32_f5(aj) * libcrux_secrets_int_as_i32_f5(bi); 6266 int32_t ai_bj_aj_bi = ai_bj + aj_bi; 6267 int16_t o1 = 6268 libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( 6269 ai_bj_aj_bi); 6270 out->elements[(size_t)2U * i] = o0; 6271 out->elements[(size_t)2U * i + (size_t)1U] = o1; 6272 } 6273 6274 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 6275 libcrux_ml_kem_vector_portable_ntt_ntt_multiply( 6276 libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, 6277 libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, 6278 int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { 6279 int16_t nzeta0 = -zeta0; 6280 int16_t nzeta1 = -zeta1; 6281 int16_t nzeta2 = -zeta2; 6282 int16_t nzeta3 = -zeta3; 6283 libcrux_ml_kem_vector_portable_vector_type_PortableVector out = 6284 libcrux_ml_kem_vector_portable_vector_type_zero(); 6285 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( 6286 lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(zeta0), 6287 (size_t)0U, &out); 6288 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( 6289 lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(nzeta0), 6290 (size_t)1U, &out); 6291 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( 6292 lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(zeta1), 6293 (size_t)2U, &out); 6294 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( 6295 lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(nzeta1), 6296 (size_t)3U, &out); 6297 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( 6298 lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(zeta2), 6299 (size_t)4U, &out); 6300 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( 6301 lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(nzeta2), 6302 (size_t)5U, &out); 6303 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( 6304 lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(zeta3), 6305 (size_t)6U, &out); 6306 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( 6307 lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(nzeta3), 6308 (size_t)7U, &out); 6309 return out; 6310 } 6311 6312 /** 6313 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 6314 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 6315 */ 6316 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 6317 libcrux_ml_kem_vector_portable_ntt_multiply_b8( 6318 libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, 6319 libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, 6320 int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { 6321 return libcrux_ml_kem_vector_portable_ntt_ntt_multiply(lhs, rhs, zeta0, zeta1, 6322 zeta2, zeta3); 6323 } 6324 6325 static KRML_MUSTINLINE void 6326 libcrux_ml_kem_vector_portable_serialize_serialize_1( 6327 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, 6328 uint8_t ret[2U]) { 6329 uint8_t result0 = 6330 (((((((uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[0U]) | 6331 (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[1U]) << 1U) | 6332 (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[2U]) << 2U) | 6333 (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[3U]) << 3U) | 6334 (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[4U]) << 4U) | 6335 (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[5U]) << 5U) | 6336 (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[6U]) << 6U) | 6337 (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[7U]) << 7U; 6338 uint8_t result1 = 6339 (((((((uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[8U]) | 6340 (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[9U]) << 1U) | 6341 (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[10U]) << 2U) | 6342 (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[11U]) << 3U) | 6343 (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[12U]) << 4U) | 6344 (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[13U]) << 5U) | 6345 (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[14U]) << 6U) | 6346 (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[15U]) << 7U; 6347 ret[0U] = result0; 6348 ret[1U] = result1; 6349 } 6350 6351 static inline void libcrux_ml_kem_vector_portable_serialize_1( 6352 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, 6353 uint8_t ret[2U]) { 6354 uint8_t ret0[2U]; 6355 libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret0); 6356 libcrux_secrets_int_public_integers_declassify_d8_d4(ret0, ret); 6357 } 6358 6359 /** 6360 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 6361 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 6362 */ 6363 static inline void libcrux_ml_kem_vector_portable_serialize_1_b8( 6364 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, 6365 uint8_t ret[2U]) { 6366 libcrux_ml_kem_vector_portable_serialize_1(a, ret); 6367 } 6368 6369 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 6370 libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { 6371 int16_t result0 = libcrux_secrets_int_as_i16_59( 6372 (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) & 1U); 6373 int16_t result1 = libcrux_secrets_int_as_i16_59( 6374 (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) >> 1U & 6375 1U); 6376 int16_t result2 = libcrux_secrets_int_as_i16_59( 6377 (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) >> 2U & 6378 1U); 6379 int16_t result3 = libcrux_secrets_int_as_i16_59( 6380 (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) >> 3U & 6381 1U); 6382 int16_t result4 = libcrux_secrets_int_as_i16_59( 6383 (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) >> 4U & 6384 1U); 6385 int16_t result5 = libcrux_secrets_int_as_i16_59( 6386 (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) >> 5U & 6387 1U); 6388 int16_t result6 = libcrux_secrets_int_as_i16_59( 6389 (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) >> 6U & 6390 1U); 6391 int16_t result7 = libcrux_secrets_int_as_i16_59( 6392 (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) >> 7U & 6393 1U); 6394 int16_t result8 = libcrux_secrets_int_as_i16_59( 6395 (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) & 1U); 6396 int16_t result9 = libcrux_secrets_int_as_i16_59( 6397 (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) >> 1U & 6398 1U); 6399 int16_t result10 = libcrux_secrets_int_as_i16_59( 6400 (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) >> 2U & 6401 1U); 6402 int16_t result11 = libcrux_secrets_int_as_i16_59( 6403 (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) >> 3U & 6404 1U); 6405 int16_t result12 = libcrux_secrets_int_as_i16_59( 6406 (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) >> 4U & 6407 1U); 6408 int16_t result13 = libcrux_secrets_int_as_i16_59( 6409 (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) >> 5U & 6410 1U); 6411 int16_t result14 = libcrux_secrets_int_as_i16_59( 6412 (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) >> 6U & 6413 1U); 6414 int16_t result15 = libcrux_secrets_int_as_i16_59( 6415 (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) >> 7U & 6416 1U); 6417 return ( 6418 KRML_CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector){ 6419 .elements = {result0, result1, result2, result3, result4, result5, 6420 result6, result7, result8, result9, result10, result11, 6421 result12, result13, result14, result15}}); 6422 } 6423 6424 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 6425 libcrux_ml_kem_vector_portable_deserialize_1(Eurydice_slice a) { 6426 return libcrux_ml_kem_vector_portable_serialize_deserialize_1( 6427 libcrux_secrets_int_classify_public_classify_ref_9b_90(a)); 6428 } 6429 6430 /** 6431 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 6432 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 6433 */ 6434 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 6435 libcrux_ml_kem_vector_portable_deserialize_1_b8(Eurydice_slice a) { 6436 return libcrux_ml_kem_vector_portable_deserialize_1(a); 6437 } 6438 6439 typedef struct uint8_t_x4_s { 6440 uint8_t fst; 6441 uint8_t snd; 6442 uint8_t thd; 6443 uint8_t f3; 6444 } uint8_t_x4; 6445 6446 static KRML_MUSTINLINE uint8_t_x4 6447 libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { 6448 uint8_t result0 = (uint32_t)libcrux_secrets_int_as_u8_f5( 6449 Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *)) 6450 << 4U | 6451 (uint32_t)libcrux_secrets_int_as_u8_f5(Eurydice_slice_index( 6452 v, (size_t)0U, int16_t, int16_t *)); 6453 uint8_t result1 = (uint32_t)libcrux_secrets_int_as_u8_f5( 6454 Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *)) 6455 << 4U | 6456 (uint32_t)libcrux_secrets_int_as_u8_f5(Eurydice_slice_index( 6457 v, (size_t)2U, int16_t, int16_t *)); 6458 uint8_t result2 = (uint32_t)libcrux_secrets_int_as_u8_f5( 6459 Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *)) 6460 << 4U | 6461 (uint32_t)libcrux_secrets_int_as_u8_f5(Eurydice_slice_index( 6462 v, (size_t)4U, int16_t, int16_t *)); 6463 uint8_t result3 = (uint32_t)libcrux_secrets_int_as_u8_f5( 6464 Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *)) 6465 << 4U | 6466 (uint32_t)libcrux_secrets_int_as_u8_f5(Eurydice_slice_index( 6467 v, (size_t)6U, int16_t, int16_t *)); 6468 return (KRML_CLITERAL(uint8_t_x4){ 6469 .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); 6470 } 6471 6472 static KRML_MUSTINLINE void 6473 libcrux_ml_kem_vector_portable_serialize_serialize_4( 6474 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, 6475 uint8_t ret[8U]) { 6476 uint8_t_x4 result0_3 = 6477 libcrux_ml_kem_vector_portable_serialize_serialize_4_int( 6478 Eurydice_array_to_subslice3(v.elements, (size_t)0U, (size_t)8U, 6479 int16_t *)); 6480 uint8_t_x4 result4_7 = 6481 libcrux_ml_kem_vector_portable_serialize_serialize_4_int( 6482 Eurydice_array_to_subslice3(v.elements, (size_t)8U, (size_t)16U, 6483 int16_t *)); 6484 ret[0U] = result0_3.fst; 6485 ret[1U] = result0_3.snd; 6486 ret[2U] = result0_3.thd; 6487 ret[3U] = result0_3.f3; 6488 ret[4U] = result4_7.fst; 6489 ret[5U] = result4_7.snd; 6490 ret[6U] = result4_7.thd; 6491 ret[7U] = result4_7.f3; 6492 } 6493 6494 static inline void libcrux_ml_kem_vector_portable_serialize_4( 6495 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, 6496 uint8_t ret[8U]) { 6497 uint8_t ret0[8U]; 6498 libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret0); 6499 libcrux_secrets_int_public_integers_declassify_d8_76(ret0, ret); 6500 } 6501 6502 /** 6503 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 6504 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 6505 */ 6506 static inline void libcrux_ml_kem_vector_portable_serialize_4_b8( 6507 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, 6508 uint8_t ret[8U]) { 6509 libcrux_ml_kem_vector_portable_serialize_4(a, ret); 6510 } 6511 6512 static KRML_MUSTINLINE int16_t_x8 6513 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( 6514 Eurydice_slice bytes) { 6515 int16_t v0 = libcrux_secrets_int_as_i16_59( 6516 (uint32_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *) & 6517 15U); 6518 int16_t v1 = libcrux_secrets_int_as_i16_59( 6519 (uint32_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *) >> 6520 4U & 6521 15U); 6522 int16_t v2 = libcrux_secrets_int_as_i16_59( 6523 (uint32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & 6524 15U); 6525 int16_t v3 = libcrux_secrets_int_as_i16_59( 6526 (uint32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> 6527 4U & 6528 15U); 6529 int16_t v4 = libcrux_secrets_int_as_i16_59( 6530 (uint32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & 6531 15U); 6532 int16_t v5 = libcrux_secrets_int_as_i16_59( 6533 (uint32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> 6534 4U & 6535 15U); 6536 int16_t v6 = libcrux_secrets_int_as_i16_59( 6537 (uint32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) & 6538 15U); 6539 int16_t v7 = libcrux_secrets_int_as_i16_59( 6540 (uint32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) >> 6541 4U & 6542 15U); 6543 return (KRML_CLITERAL(int16_t_x8){.fst = v0, 6544 .snd = v1, 6545 .thd = v2, 6546 .f3 = v3, 6547 .f4 = v4, 6548 .f5 = v5, 6549 .f6 = v6, 6550 .f7 = v7}); 6551 } 6552 6553 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 6554 libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { 6555 int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( 6556 Eurydice_slice_subslice3(bytes, (size_t)0U, (size_t)4U, uint8_t *)); 6557 int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( 6558 Eurydice_slice_subslice3(bytes, (size_t)4U, (size_t)8U, uint8_t *)); 6559 return ( 6560 KRML_CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector){ 6561 .elements = {v0_7.fst, v0_7.snd, v0_7.thd, v0_7.f3, v0_7.f4, v0_7.f5, 6562 v0_7.f6, v0_7.f7, v8_15.fst, v8_15.snd, v8_15.thd, 6563 v8_15.f3, v8_15.f4, v8_15.f5, v8_15.f6, v8_15.f7}}); 6564 } 6565 6566 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 6567 libcrux_ml_kem_vector_portable_deserialize_4(Eurydice_slice a) { 6568 return libcrux_ml_kem_vector_portable_serialize_deserialize_4( 6569 libcrux_secrets_int_classify_public_classify_ref_9b_90(a)); 6570 } 6571 6572 /** 6573 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 6574 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 6575 */ 6576 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 6577 libcrux_ml_kem_vector_portable_deserialize_4_b8(Eurydice_slice a) { 6578 return libcrux_ml_kem_vector_portable_deserialize_4(a); 6579 } 6580 6581 typedef struct uint8_t_x5_s { 6582 uint8_t fst; 6583 uint8_t snd; 6584 uint8_t thd; 6585 uint8_t f3; 6586 uint8_t f4; 6587 } uint8_t_x5; 6588 6589 static KRML_MUSTINLINE uint8_t_x5 6590 libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { 6591 uint8_t r0 = libcrux_secrets_int_as_u8_f5( 6592 Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & (int16_t)255); 6593 uint8_t r1 = 6594 (uint32_t)libcrux_secrets_int_as_u8_f5( 6595 Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) & (int16_t)63) 6596 << 2U | 6597 (uint32_t)libcrux_secrets_int_as_u8_f5( 6598 Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) >> 8U & 6599 (int16_t)3); 6600 uint8_t r2 = 6601 (uint32_t)libcrux_secrets_int_as_u8_f5( 6602 Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) & (int16_t)15) 6603 << 4U | 6604 (uint32_t)libcrux_secrets_int_as_u8_f5( 6605 Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 6U & 6606 (int16_t)15); 6607 uint8_t r3 = 6608 (uint32_t)libcrux_secrets_int_as_u8_f5( 6609 Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) & (int16_t)3) 6610 << 6U | 6611 (uint32_t)libcrux_secrets_int_as_u8_f5( 6612 Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) >> 4U & 6613 (int16_t)63); 6614 uint8_t r4 = libcrux_secrets_int_as_u8_f5( 6615 Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 2U & 6616 (int16_t)255); 6617 return (KRML_CLITERAL(uint8_t_x5){ 6618 .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); 6619 } 6620 6621 static KRML_MUSTINLINE void 6622 libcrux_ml_kem_vector_portable_serialize_serialize_10( 6623 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, 6624 uint8_t ret[20U]) { 6625 uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( 6626 Eurydice_array_to_subslice3(v.elements, (size_t)0U, (size_t)4U, 6627 int16_t *)); 6628 uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( 6629 Eurydice_array_to_subslice3(v.elements, (size_t)4U, (size_t)8U, 6630 int16_t *)); 6631 uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( 6632 Eurydice_array_to_subslice3(v.elements, (size_t)8U, (size_t)12U, 6633 int16_t *)); 6634 uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( 6635 Eurydice_array_to_subslice3(v.elements, (size_t)12U, (size_t)16U, 6636 int16_t *)); 6637 ret[0U] = r0_4.fst; 6638 ret[1U] = r0_4.snd; 6639 ret[2U] = r0_4.thd; 6640 ret[3U] = r0_4.f3; 6641 ret[4U] = r0_4.f4; 6642 ret[5U] = r5_9.fst; 6643 ret[6U] = r5_9.snd; 6644 ret[7U] = r5_9.thd; 6645 ret[8U] = r5_9.f3; 6646 ret[9U] = r5_9.f4; 6647 ret[10U] = r10_14.fst; 6648 ret[11U] = r10_14.snd; 6649 ret[12U] = r10_14.thd; 6650 ret[13U] = r10_14.f3; 6651 ret[14U] = r10_14.f4; 6652 ret[15U] = r15_19.fst; 6653 ret[16U] = r15_19.snd; 6654 ret[17U] = r15_19.thd; 6655 ret[18U] = r15_19.f3; 6656 ret[19U] = r15_19.f4; 6657 } 6658 6659 static inline void libcrux_ml_kem_vector_portable_serialize_10( 6660 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, 6661 uint8_t ret[20U]) { 6662 uint8_t ret0[20U]; 6663 libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret0); 6664 libcrux_secrets_int_public_integers_declassify_d8_57(ret0, ret); 6665 } 6666 6667 /** 6668 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 6669 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 6670 */ 6671 static inline void libcrux_ml_kem_vector_portable_serialize_10_b8( 6672 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, 6673 uint8_t ret[20U]) { 6674 libcrux_ml_kem_vector_portable_serialize_10(a, ret); 6675 } 6676 6677 static KRML_MUSTINLINE int16_t_x8 6678 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( 6679 Eurydice_slice bytes) { 6680 int16_t r0 = libcrux_secrets_int_as_i16_f5( 6681 (libcrux_secrets_int_as_i16_59( 6682 Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *)) & 6683 (int16_t)3) 6684 << 8U | 6685 (libcrux_secrets_int_as_i16_59( 6686 Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)) & 6687 (int16_t)255)); 6688 int16_t r1 = libcrux_secrets_int_as_i16_f5( 6689 (libcrux_secrets_int_as_i16_59( 6690 Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *)) & 6691 (int16_t)15) 6692 << 6U | 6693 libcrux_secrets_int_as_i16_59( 6694 Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *)) >> 6695 2U); 6696 int16_t r2 = libcrux_secrets_int_as_i16_f5( 6697 (libcrux_secrets_int_as_i16_59( 6698 Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *)) & 6699 (int16_t)63) 6700 << 4U | 6701 libcrux_secrets_int_as_i16_59( 6702 Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *)) >> 6703 4U); 6704 int16_t r3 = libcrux_secrets_int_as_i16_f5( 6705 libcrux_secrets_int_as_i16_59( 6706 Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *)) 6707 << 2U | 6708 libcrux_secrets_int_as_i16_59( 6709 Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *)) >> 6710 6U); 6711 int16_t r4 = libcrux_secrets_int_as_i16_f5( 6712 (libcrux_secrets_int_as_i16_59( 6713 Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *)) & 6714 (int16_t)3) 6715 << 8U | 6716 (libcrux_secrets_int_as_i16_59( 6717 Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *)) & 6718 (int16_t)255)); 6719 int16_t r5 = libcrux_secrets_int_as_i16_f5( 6720 (libcrux_secrets_int_as_i16_59( 6721 Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *)) & 6722 (int16_t)15) 6723 << 6U | 6724 libcrux_secrets_int_as_i16_59( 6725 Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *)) >> 6726 2U); 6727 int16_t r6 = libcrux_secrets_int_as_i16_f5( 6728 (libcrux_secrets_int_as_i16_59( 6729 Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *)) & 6730 (int16_t)63) 6731 << 4U | 6732 libcrux_secrets_int_as_i16_59( 6733 Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *)) >> 6734 4U); 6735 int16_t r7 = libcrux_secrets_int_as_i16_f5( 6736 libcrux_secrets_int_as_i16_59( 6737 Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *)) 6738 << 2U | 6739 libcrux_secrets_int_as_i16_59( 6740 Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *)) >> 6741 6U); 6742 return (KRML_CLITERAL(int16_t_x8){.fst = r0, 6743 .snd = r1, 6744 .thd = r2, 6745 .f3 = r3, 6746 .f4 = r4, 6747 .f5 = r5, 6748 .f6 = r6, 6749 .f7 = r7}); 6750 } 6751 6752 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 6753 libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { 6754 int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( 6755 Eurydice_slice_subslice3(bytes, (size_t)0U, (size_t)10U, uint8_t *)); 6756 int16_t_x8 v8_15 = 6757 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( 6758 Eurydice_slice_subslice3(bytes, (size_t)10U, (size_t)20U, uint8_t *)); 6759 return ( 6760 KRML_CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector){ 6761 .elements = {v0_7.fst, v0_7.snd, v0_7.thd, v0_7.f3, v0_7.f4, v0_7.f5, 6762 v0_7.f6, v0_7.f7, v8_15.fst, v8_15.snd, v8_15.thd, 6763 v8_15.f3, v8_15.f4, v8_15.f5, v8_15.f6, v8_15.f7}}); 6764 } 6765 6766 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 6767 libcrux_ml_kem_vector_portable_deserialize_10(Eurydice_slice a) { 6768 return libcrux_ml_kem_vector_portable_serialize_deserialize_10( 6769 libcrux_secrets_int_classify_public_classify_ref_9b_90(a)); 6770 } 6771 6772 /** 6773 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 6774 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 6775 */ 6776 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 6777 libcrux_ml_kem_vector_portable_deserialize_10_b8(Eurydice_slice a) { 6778 return libcrux_ml_kem_vector_portable_deserialize_10(a); 6779 } 6780 6781 typedef struct uint8_t_x3_s { 6782 uint8_t fst; 6783 uint8_t snd; 6784 uint8_t thd; 6785 } uint8_t_x3; 6786 6787 static KRML_MUSTINLINE uint8_t_x3 6788 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { 6789 uint8_t r0 = libcrux_secrets_int_as_u8_f5( 6790 Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & (int16_t)255); 6791 uint8_t r1 = libcrux_secrets_int_as_u8_f5( 6792 Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) >> 8U | 6793 (Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) & (int16_t)15) 6794 << 4U); 6795 uint8_t r2 = libcrux_secrets_int_as_u8_f5( 6796 Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 4U & 6797 (int16_t)255); 6798 return (KRML_CLITERAL(uint8_t_x3){.fst = r0, .snd = r1, .thd = r2}); 6799 } 6800 6801 static KRML_MUSTINLINE void 6802 libcrux_ml_kem_vector_portable_serialize_serialize_12( 6803 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, 6804 uint8_t ret[24U]) { 6805 uint8_t_x3 r0_2 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( 6806 Eurydice_array_to_subslice3(v.elements, (size_t)0U, (size_t)2U, 6807 int16_t *)); 6808 uint8_t_x3 r3_5 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( 6809 Eurydice_array_to_subslice3(v.elements, (size_t)2U, (size_t)4U, 6810 int16_t *)); 6811 uint8_t_x3 r6_8 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( 6812 Eurydice_array_to_subslice3(v.elements, (size_t)4U, (size_t)6U, 6813 int16_t *)); 6814 uint8_t_x3 r9_11 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( 6815 Eurydice_array_to_subslice3(v.elements, (size_t)6U, (size_t)8U, 6816 int16_t *)); 6817 uint8_t_x3 r12_14 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( 6818 Eurydice_array_to_subslice3(v.elements, (size_t)8U, (size_t)10U, 6819 int16_t *)); 6820 uint8_t_x3 r15_17 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( 6821 Eurydice_array_to_subslice3(v.elements, (size_t)10U, (size_t)12U, 6822 int16_t *)); 6823 uint8_t_x3 r18_20 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( 6824 Eurydice_array_to_subslice3(v.elements, (size_t)12U, (size_t)14U, 6825 int16_t *)); 6826 uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( 6827 Eurydice_array_to_subslice3(v.elements, (size_t)14U, (size_t)16U, 6828 int16_t *)); 6829 ret[0U] = r0_2.fst; 6830 ret[1U] = r0_2.snd; 6831 ret[2U] = r0_2.thd; 6832 ret[3U] = r3_5.fst; 6833 ret[4U] = r3_5.snd; 6834 ret[5U] = r3_5.thd; 6835 ret[6U] = r6_8.fst; 6836 ret[7U] = r6_8.snd; 6837 ret[8U] = r6_8.thd; 6838 ret[9U] = r9_11.fst; 6839 ret[10U] = r9_11.snd; 6840 ret[11U] = r9_11.thd; 6841 ret[12U] = r12_14.fst; 6842 ret[13U] = r12_14.snd; 6843 ret[14U] = r12_14.thd; 6844 ret[15U] = r15_17.fst; 6845 ret[16U] = r15_17.snd; 6846 ret[17U] = r15_17.thd; 6847 ret[18U] = r18_20.fst; 6848 ret[19U] = r18_20.snd; 6849 ret[20U] = r18_20.thd; 6850 ret[21U] = r21_23.fst; 6851 ret[22U] = r21_23.snd; 6852 ret[23U] = r21_23.thd; 6853 } 6854 6855 static inline void libcrux_ml_kem_vector_portable_serialize_12( 6856 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, 6857 uint8_t ret[24U]) { 6858 uint8_t ret0[24U]; 6859 libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret0); 6860 libcrux_secrets_int_public_integers_declassify_d8_d2(ret0, ret); 6861 } 6862 6863 /** 6864 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 6865 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 6866 */ 6867 static inline void libcrux_ml_kem_vector_portable_serialize_12_b8( 6868 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, 6869 uint8_t ret[24U]) { 6870 libcrux_ml_kem_vector_portable_serialize_12(a, ret); 6871 } 6872 6873 typedef struct int16_t_x2_s { 6874 int16_t fst; 6875 int16_t snd; 6876 } int16_t_x2; 6877 6878 static KRML_MUSTINLINE int16_t_x2 6879 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( 6880 Eurydice_slice bytes) { 6881 int16_t byte0 = libcrux_secrets_int_as_i16_59( 6882 Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); 6883 int16_t byte1 = libcrux_secrets_int_as_i16_59( 6884 Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *)); 6885 int16_t byte2 = libcrux_secrets_int_as_i16_59( 6886 Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *)); 6887 int16_t r0 = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); 6888 int16_t r1 = byte2 << 4U | (byte1 >> 4U & (int16_t)15); 6889 return (KRML_CLITERAL(int16_t_x2){.fst = r0, .snd = r1}); 6890 } 6891 6892 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 6893 libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { 6894 int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( 6895 Eurydice_slice_subslice3(bytes, (size_t)0U, (size_t)3U, uint8_t *)); 6896 int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( 6897 Eurydice_slice_subslice3(bytes, (size_t)3U, (size_t)6U, uint8_t *)); 6898 int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( 6899 Eurydice_slice_subslice3(bytes, (size_t)6U, (size_t)9U, uint8_t *)); 6900 int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( 6901 Eurydice_slice_subslice3(bytes, (size_t)9U, (size_t)12U, uint8_t *)); 6902 int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( 6903 Eurydice_slice_subslice3(bytes, (size_t)12U, (size_t)15U, uint8_t *)); 6904 int16_t_x2 v10_11 = 6905 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( 6906 Eurydice_slice_subslice3(bytes, (size_t)15U, (size_t)18U, uint8_t *)); 6907 int16_t_x2 v12_13 = 6908 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( 6909 Eurydice_slice_subslice3(bytes, (size_t)18U, (size_t)21U, uint8_t *)); 6910 int16_t_x2 v14_15 = 6911 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( 6912 Eurydice_slice_subslice3(bytes, (size_t)21U, (size_t)24U, uint8_t *)); 6913 return ( 6914 KRML_CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector){ 6915 .elements = {v0_1.fst, v0_1.snd, v2_3.fst, v2_3.snd, v4_5.fst, 6916 v4_5.snd, v6_7.fst, v6_7.snd, v8_9.fst, v8_9.snd, 6917 v10_11.fst, v10_11.snd, v12_13.fst, v12_13.snd, 6918 v14_15.fst, v14_15.snd}}); 6919 } 6920 6921 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 6922 libcrux_ml_kem_vector_portable_deserialize_12(Eurydice_slice a) { 6923 return libcrux_ml_kem_vector_portable_serialize_deserialize_12( 6924 libcrux_secrets_int_classify_public_classify_ref_9b_90(a)); 6925 } 6926 6927 /** 6928 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 6929 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 6930 */ 6931 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 6932 libcrux_ml_kem_vector_portable_deserialize_12_b8(Eurydice_slice a) { 6933 return libcrux_ml_kem_vector_portable_deserialize_12(a); 6934 } 6935 6936 static KRML_MUSTINLINE size_t 6937 libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, 6938 Eurydice_slice result) { 6939 size_t sampled = (size_t)0U; 6940 for (size_t i = (size_t)0U; i < Eurydice_slice_len(a, uint8_t) / (size_t)3U; 6941 i++) { 6942 size_t i0 = i; 6943 int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, 6944 uint8_t, uint8_t *); 6945 int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, 6946 uint8_t, uint8_t *); 6947 int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, 6948 uint8_t, uint8_t *); 6949 int16_t d1 = (b2 & (int16_t)15) << 8U | b1; 6950 int16_t d2 = b3 << 4U | b2 >> 4U; 6951 if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { 6952 if (sampled < (size_t)16U) { 6953 Eurydice_slice_index(result, sampled, int16_t, int16_t *) = d1; 6954 sampled++; 6955 } 6956 } 6957 if (d2 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { 6958 if (sampled < (size_t)16U) { 6959 Eurydice_slice_index(result, sampled, int16_t, int16_t *) = d2; 6960 sampled++; 6961 } 6962 } 6963 } 6964 return sampled; 6965 } 6966 6967 /** 6968 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 6969 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 6970 */ 6971 static inline size_t libcrux_ml_kem_vector_portable_rej_sample_b8( 6972 Eurydice_slice a, Eurydice_slice out) { 6973 return libcrux_ml_kem_vector_portable_sampling_rej_sample(a, out); 6974 } 6975 6976 #define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR ((size_t)10U) 6977 6978 #define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE \ 6979 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ 6980 LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR / (size_t)8U) 6981 6982 #define LIBCRUX_ML_KEM_MLKEM768_RANK ((size_t)3U) 6983 6984 #define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE \ 6985 (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE * LIBCRUX_ML_KEM_MLKEM768_RANK) 6986 6987 #define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR ((size_t)4U) 6988 6989 #define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE \ 6990 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ 6991 LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR / (size_t)8U) 6992 6993 #define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE \ 6994 (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE) 6995 6996 #define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE \ 6997 (LIBCRUX_ML_KEM_MLKEM768_RANK * \ 6998 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ 6999 LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) 7000 7001 #define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE \ 7002 (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE + (size_t)32U) 7003 7004 #define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE \ 7005 (LIBCRUX_ML_KEM_MLKEM768_RANK * \ 7006 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ 7007 LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) 7008 7009 #define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) 7010 7011 #define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE \ 7012 (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) 7013 7014 #define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) 7015 7016 #define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE \ 7017 (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) 7018 7019 #define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE \ 7020 (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ 7021 LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE) 7022 7023 typedef libcrux_ml_kem_types_MlKemPrivateKey_d9 7024 libcrux_ml_kem_mlkem768_MlKem768PrivateKey; 7025 7026 typedef libcrux_ml_kem_types_MlKemPublicKey_30 7027 libcrux_ml_kem_mlkem768_MlKem768PublicKey; 7028 7029 #define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT \ 7030 (LIBCRUX_ML_KEM_MLKEM768_RANK * \ 7031 LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) 7032 7033 #define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE \ 7034 (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE + \ 7035 LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE + \ 7036 LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ 7037 LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) 7038 7039 /** 7040 A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement 7041 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7042 7043 */ 7044 typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1d_s { 7045 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; 7046 } libcrux_ml_kem_polynomial_PolynomialRingElement_1d; 7047 7048 /** 7049 A monomorphic instance of 7050 libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types 7051 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics 7052 - $3size_t 7053 */ 7054 typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { 7055 libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[3U]; 7056 } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; 7057 7058 /** 7059 This function found in impl 7060 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0, 7061 TraitClause@1]} 7062 */ 7063 /** 7064 A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_d6 7065 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7066 with const generics 7067 7068 */ 7069 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d 7070 libcrux_ml_kem_polynomial_ZERO_d6_ea(void) { 7071 libcrux_ml_kem_polynomial_PolynomialRingElement_1d lit; 7072 libcrux_ml_kem_vector_portable_vector_type_PortableVector 7073 repeat_expression[16U]; 7074 for (size_t i = (size_t)0U; i < (size_t)16U; i++) { 7075 repeat_expression[i] = libcrux_ml_kem_vector_portable_ZERO_b8(); 7076 } 7077 memcpy(lit.coefficients, repeat_expression, 7078 (size_t)16U * 7079 sizeof(libcrux_ml_kem_vector_portable_vector_type_PortableVector)); 7080 return lit; 7081 } 7082 7083 /** 7084 This function found in impl {core::ops::function::FnMut<(usize), 7085 libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0, 7086 TraitClause@1]> for libcrux_ml_kem::ind_cpa::decrypt::closure<Vector, K, 7087 CIPHERTEXT_SIZE, VECTOR_U_ENCODED_SIZE, U_COMPRESSION_FACTOR, 7088 V_COMPRESSION_FACTOR>[TraitClause@0, TraitClause@1]} 7089 */ 7090 /** 7091 A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt.call_mut_0b 7092 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7093 with const generics 7094 - K= 3 7095 - CIPHERTEXT_SIZE= 1088 7096 - VECTOR_U_ENCODED_SIZE= 960 7097 - U_COMPRESSION_FACTOR= 10 7098 - V_COMPRESSION_FACTOR= 4 7099 */ 7100 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d 7101 libcrux_ml_kem_ind_cpa_decrypt_call_mut_0b_42(void **_, size_t tupled_args) { 7102 return libcrux_ml_kem_polynomial_ZERO_d6_ea(); 7103 } 7104 7105 /** 7106 A monomorphic instance of 7107 libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types 7108 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics 7109 7110 */ 7111 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d 7112 libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ea( 7113 Eurydice_slice serialized) { 7114 libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = 7115 libcrux_ml_kem_polynomial_ZERO_d6_ea(); 7116 for (size_t i = (size_t)0U; 7117 i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { 7118 size_t i0 = i; 7119 Eurydice_slice bytes = 7120 Eurydice_slice_subslice3(serialized, i0 * (size_t)24U, 7121 i0 * (size_t)24U + (size_t)24U, uint8_t *); 7122 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = 7123 libcrux_ml_kem_vector_portable_deserialize_12_b8(bytes); 7124 re.coefficients[i0] = uu____0; 7125 } 7126 return re; 7127 } 7128 7129 /** 7130 Call [`deserialize_to_uncompressed_ring_element`] for each ring element. 7131 */ 7132 /** 7133 A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_vector 7134 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7135 with const generics 7136 - K= 3 7137 */ 7138 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_vector_1b( 7139 Eurydice_slice secret_key, 7140 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *secret_as_ntt) { 7141 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 7142 size_t i0 = i; 7143 libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = 7144 libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ea( 7145 Eurydice_slice_subslice3( 7146 secret_key, 7147 i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, 7148 (i0 + (size_t)1U) * 7149 LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, 7150 uint8_t *)); 7151 secret_as_ntt[i0] = uu____0; 7152 } 7153 } 7154 7155 /** 7156 This function found in impl {core::ops::function::FnMut<(usize), 7157 libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0, 7158 TraitClause@1]> for 7159 libcrux_ml_kem::ind_cpa::deserialize_then_decompress_u::closure<Vector, K, 7160 CIPHERTEXT_SIZE, U_COMPRESSION_FACTOR>[TraitClause@0, TraitClause@1]} 7161 */ 7162 /** 7163 A monomorphic instance of 7164 libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.call_mut_35 with types 7165 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics 7166 - K= 3 7167 - CIPHERTEXT_SIZE= 1088 7168 - U_COMPRESSION_FACTOR= 10 7169 */ 7170 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d 7171 libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_call_mut_35_6c( 7172 void **_, size_t tupled_args) { 7173 return libcrux_ml_kem_polynomial_ZERO_d6_ea(); 7174 } 7175 7176 /** 7177 A monomorphic instance of 7178 libcrux_ml_kem.vector.portable.compress.decompress_ciphertext_coefficient with 7179 const generics 7180 - COEFFICIENT_BITS= 10 7181 */ 7182 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 7183 libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_ef( 7184 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { 7185 for (size_t i = (size_t)0U; 7186 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { 7187 size_t i0 = i; 7188 int32_t decompressed = 7189 libcrux_secrets_int_as_i32_f5(a.elements[i0]) * 7190 libcrux_secrets_int_as_i32_f5( 7191 libcrux_secrets_int_public_integers_classify_27_39( 7192 LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); 7193 decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)10); 7194 decompressed = decompressed >> (uint32_t)((int32_t)10 + (int32_t)1); 7195 a.elements[i0] = libcrux_secrets_int_as_i16_36(decompressed); 7196 } 7197 return a; 7198 } 7199 7200 /** 7201 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 7202 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 7203 */ 7204 /** 7205 A monomorphic instance of 7206 libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_b8 with const 7207 generics 7208 - COEFFICIENT_BITS= 10 7209 */ 7210 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 7211 libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_b8_ef( 7212 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { 7213 return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_ef( 7214 a); 7215 } 7216 7217 /** 7218 A monomorphic instance of 7219 libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types 7220 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics 7221 7222 */ 7223 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d 7224 libcrux_ml_kem_serialize_deserialize_then_decompress_10_ea( 7225 Eurydice_slice serialized) { 7226 libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = 7227 libcrux_ml_kem_polynomial_ZERO_d6_ea(); 7228 for (size_t i = (size_t)0U; 7229 i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { 7230 size_t i0 = i; 7231 Eurydice_slice bytes = 7232 Eurydice_slice_subslice3(serialized, i0 * (size_t)20U, 7233 i0 * (size_t)20U + (size_t)20U, uint8_t *); 7234 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = 7235 libcrux_ml_kem_vector_portable_deserialize_10_b8(bytes); 7236 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = 7237 libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_b8_ef( 7238 coefficient); 7239 re.coefficients[i0] = uu____0; 7240 } 7241 return re; 7242 } 7243 7244 /** 7245 A monomorphic instance of 7246 libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types 7247 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics 7248 - COMPRESSION_FACTOR= 10 7249 */ 7250 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d 7251 libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_0a( 7252 Eurydice_slice serialized) { 7253 return libcrux_ml_kem_serialize_deserialize_then_decompress_10_ea(serialized); 7254 } 7255 7256 typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { 7257 libcrux_ml_kem_vector_portable_vector_type_PortableVector fst; 7258 libcrux_ml_kem_vector_portable_vector_type_PortableVector snd; 7259 } libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2; 7260 7261 /** 7262 A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step 7263 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7264 with const generics 7265 7266 */ 7267 static KRML_MUSTINLINE 7268 libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 7269 libcrux_ml_kem_ntt_ntt_layer_int_vec_step_ea( 7270 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, 7271 libcrux_ml_kem_vector_portable_vector_type_PortableVector b, 7272 int16_t zeta_r) { 7273 libcrux_ml_kem_vector_portable_vector_type_PortableVector t = 7274 libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8(b, 7275 zeta_r); 7276 b = libcrux_ml_kem_vector_portable_sub_b8(a, &t); 7277 a = libcrux_ml_kem_vector_portable_add_b8(a, &t); 7278 return (KRML_CLITERAL( 7279 libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){.fst = a, 7280 .snd = b}); 7281 } 7282 7283 /** 7284 A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus 7285 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7286 with const generics 7287 7288 */ 7289 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea( 7290 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, 7291 size_t layer, size_t _initial_coefficient_bound) { 7292 size_t step = (size_t)1U << (uint32_t)layer; 7293 for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { 7294 size_t round = i0; 7295 zeta_i[0U] = zeta_i[0U] + (size_t)1U; 7296 size_t offset = round * step * (size_t)2U; 7297 size_t offset_vec = offset / (size_t)16U; 7298 size_t step_vec = step / (size_t)16U; 7299 for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { 7300 size_t j = i; 7301 libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = 7302 libcrux_ml_kem_ntt_ntt_layer_int_vec_step_ea( 7303 re->coefficients[j], re->coefficients[j + step_vec], 7304 libcrux_ml_kem_polynomial_zeta(zeta_i[0U])); 7305 libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; 7306 libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd; 7307 re->coefficients[j] = x; 7308 re->coefficients[j + step_vec] = y; 7309 } 7310 } 7311 } 7312 7313 /** 7314 A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 7315 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7316 with const generics 7317 7318 */ 7319 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_ea( 7320 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, 7321 size_t _initial_coefficient_bound) { 7322 for (size_t i = (size_t)0U; i < (size_t)16U; i++) { 7323 size_t round = i; 7324 zeta_i[0U] = zeta_i[0U] + (size_t)1U; 7325 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = 7326 libcrux_ml_kem_vector_portable_ntt_layer_3_step_b8( 7327 re->coefficients[round], 7328 libcrux_ml_kem_polynomial_zeta(zeta_i[0U])); 7329 re->coefficients[round] = uu____0; 7330 } 7331 } 7332 7333 /** 7334 A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 7335 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7336 with const generics 7337 7338 */ 7339 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_ea( 7340 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, 7341 size_t _initial_coefficient_bound) { 7342 for (size_t i = (size_t)0U; i < (size_t)16U; i++) { 7343 size_t round = i; 7344 zeta_i[0U] = zeta_i[0U] + (size_t)1U; 7345 re->coefficients[round] = 7346 libcrux_ml_kem_vector_portable_ntt_layer_2_step_b8( 7347 re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]), 7348 libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)1U)); 7349 zeta_i[0U] = zeta_i[0U] + (size_t)1U; 7350 } 7351 } 7352 7353 /** 7354 A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 7355 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7356 with const generics 7357 7358 */ 7359 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_ea( 7360 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, 7361 size_t _initial_coefficient_bound) { 7362 for (size_t i = (size_t)0U; i < (size_t)16U; i++) { 7363 size_t round = i; 7364 zeta_i[0U] = zeta_i[0U] + (size_t)1U; 7365 re->coefficients[round] = 7366 libcrux_ml_kem_vector_portable_ntt_layer_1_step_b8( 7367 re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]), 7368 libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)1U), 7369 libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)2U), 7370 libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)3U)); 7371 zeta_i[0U] = zeta_i[0U] + (size_t)3U; 7372 } 7373 } 7374 7375 /** 7376 A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce 7377 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7378 with const generics 7379 7380 */ 7381 static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ea( 7382 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself) { 7383 for (size_t i = (size_t)0U; 7384 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { 7385 size_t i0 = i; 7386 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = 7387 libcrux_ml_kem_vector_portable_barrett_reduce_b8( 7388 myself->coefficients[i0]); 7389 myself->coefficients[i0] = uu____0; 7390 } 7391 } 7392 7393 /** 7394 This function found in impl 7395 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0, 7396 TraitClause@1]} 7397 */ 7398 /** 7399 A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_d6 7400 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7401 with const generics 7402 7403 */ 7404 static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_ea( 7405 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self) { 7406 libcrux_ml_kem_polynomial_poly_barrett_reduce_ea(self); 7407 } 7408 7409 /** 7410 A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u 7411 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7412 with const generics 7413 - VECTOR_U_COMPRESSION_FACTOR= 10 7414 */ 7415 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_0a( 7416 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { 7417 size_t zeta_i = (size_t)0U; 7418 libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)7U, 7419 (size_t)3328U); 7420 libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)6U, 7421 (size_t)2U * (size_t)3328U); 7422 libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)5U, 7423 (size_t)3U * (size_t)3328U); 7424 libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)4U, 7425 (size_t)4U * (size_t)3328U); 7426 libcrux_ml_kem_ntt_ntt_at_layer_3_ea(&zeta_i, re, (size_t)5U * (size_t)3328U); 7427 libcrux_ml_kem_ntt_ntt_at_layer_2_ea(&zeta_i, re, (size_t)6U * (size_t)3328U); 7428 libcrux_ml_kem_ntt_ntt_at_layer_1_ea(&zeta_i, re, (size_t)7U * (size_t)3328U); 7429 libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_ea(re); 7430 } 7431 7432 /** 7433 Call [`deserialize_then_decompress_ring_element_u`] on each ring element 7434 in the `ciphertext`. 7435 */ 7436 /** 7437 A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u 7438 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7439 with const generics 7440 - K= 3 7441 - CIPHERTEXT_SIZE= 1088 7442 - U_COMPRESSION_FACTOR= 10 7443 */ 7444 static KRML_MUSTINLINE void 7445 libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c( 7446 uint8_t *ciphertext, 7447 libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) { 7448 libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[3U]; 7449 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 7450 /* original Rust expression is not an lvalue in C */ 7451 void *lvalue = (void *)0U; 7452 u_as_ntt[i] = 7453 libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_call_mut_35_6c( 7454 &lvalue, i); 7455 } 7456 for (size_t i = (size_t)0U; 7457 i < Eurydice_slice_len( 7458 Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), 7459 uint8_t) / 7460 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * 7461 (size_t)10U / (size_t)8U); 7462 i++) { 7463 size_t i0 = i; 7464 Eurydice_slice u_bytes = Eurydice_array_to_subslice3( 7465 ciphertext, 7466 i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * 7467 (size_t)10U / (size_t)8U), 7468 i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * 7469 (size_t)10U / (size_t)8U) + 7470 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * 7471 (size_t)10U / (size_t)8U, 7472 uint8_t *); 7473 u_as_ntt[i0] = 7474 libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_0a( 7475 u_bytes); 7476 libcrux_ml_kem_ntt_ntt_vector_u_0a(&u_as_ntt[i0]); 7477 } 7478 memcpy( 7479 ret, u_as_ntt, 7480 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); 7481 } 7482 7483 /** 7484 A monomorphic instance of 7485 libcrux_ml_kem.vector.portable.compress.decompress_ciphertext_coefficient with 7486 const generics 7487 - COEFFICIENT_BITS= 4 7488 */ 7489 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 7490 libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_d1( 7491 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { 7492 for (size_t i = (size_t)0U; 7493 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { 7494 size_t i0 = i; 7495 int32_t decompressed = 7496 libcrux_secrets_int_as_i32_f5(a.elements[i0]) * 7497 libcrux_secrets_int_as_i32_f5( 7498 libcrux_secrets_int_public_integers_classify_27_39( 7499 LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); 7500 decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)4); 7501 decompressed = decompressed >> (uint32_t)((int32_t)4 + (int32_t)1); 7502 a.elements[i0] = libcrux_secrets_int_as_i16_36(decompressed); 7503 } 7504 return a; 7505 } 7506 7507 /** 7508 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 7509 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 7510 */ 7511 /** 7512 A monomorphic instance of 7513 libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_b8 with const 7514 generics 7515 - COEFFICIENT_BITS= 4 7516 */ 7517 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 7518 libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_b8_d1( 7519 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { 7520 return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_d1( 7521 a); 7522 } 7523 7524 /** 7525 A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 7526 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7527 with const generics 7528 7529 */ 7530 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d 7531 libcrux_ml_kem_serialize_deserialize_then_decompress_4_ea( 7532 Eurydice_slice serialized) { 7533 libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = 7534 libcrux_ml_kem_polynomial_ZERO_d6_ea(); 7535 for (size_t i = (size_t)0U; 7536 i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { 7537 size_t i0 = i; 7538 Eurydice_slice bytes = Eurydice_slice_subslice3( 7539 serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t *); 7540 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = 7541 libcrux_ml_kem_vector_portable_deserialize_4_b8(bytes); 7542 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = 7543 libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_b8_d1( 7544 coefficient); 7545 re.coefficients[i0] = uu____0; 7546 } 7547 return re; 7548 } 7549 7550 /** 7551 A monomorphic instance of 7552 libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types 7553 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics 7554 - K= 3 7555 - COMPRESSION_FACTOR= 4 7556 */ 7557 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d 7558 libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_89( 7559 Eurydice_slice serialized) { 7560 return libcrux_ml_kem_serialize_deserialize_then_decompress_4_ea(serialized); 7561 } 7562 7563 /** 7564 A monomorphic instance of libcrux_ml_kem.polynomial.ZERO 7565 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7566 with const generics 7567 7568 */ 7569 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d 7570 libcrux_ml_kem_polynomial_ZERO_ea(void) { 7571 libcrux_ml_kem_polynomial_PolynomialRingElement_1d lit; 7572 libcrux_ml_kem_vector_portable_vector_type_PortableVector 7573 repeat_expression[16U]; 7574 for (size_t i = (size_t)0U; i < (size_t)16U; i++) { 7575 repeat_expression[i] = libcrux_ml_kem_vector_portable_ZERO_b8(); 7576 } 7577 memcpy(lit.coefficients, repeat_expression, 7578 (size_t)16U * 7579 sizeof(libcrux_ml_kem_vector_portable_vector_type_PortableVector)); 7580 return lit; 7581 } 7582 7583 /** 7584 Given two `KyberPolynomialRingElement`s in their NTT representations, 7585 compute their product. Given two polynomials in the NTT domain `f^` and ``, 7586 the `i` coefficient of the product `k` is determined by the calculation: 7587 7588 ```plaintext 7589 [2i] + [2i + 1]X = (f^[2i] + f^[2i + 1]X)([2i] + [2i + 1]X) mod (X 7590 - ^(2BitRev(i) + 1)) 7591 ``` 7592 7593 This function almost implements <strong>Algorithm 10</strong> of the 7594 NIST FIPS 203 standard, which is reproduced below: 7595 7596 ```plaintext 7597 Input: Two arrays f and . 7598 Output: An array q. 7599 7600 for(i 0; i < 128; i++) 7601 ([2i], [2i+1]) BaseCaseMultiply(f[2i], f[2i+1], [2i], [2i+1], 7602 ^(2BitRev(i) + 1)) end for return 7603 ``` 7604 We say "almost" because the coefficients of the ring element output by 7605 this function are in the Montgomery domain. 7606 7607 The NIST FIPS 203 standard can be found at 7608 <https://csrc.nist.gov/pubs/fips/203/ipd>. 7609 */ 7610 /** 7611 A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply 7612 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7613 with const generics 7614 7615 */ 7616 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d 7617 libcrux_ml_kem_polynomial_ntt_multiply_ea( 7618 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself, 7619 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) { 7620 libcrux_ml_kem_polynomial_PolynomialRingElement_1d out = 7621 libcrux_ml_kem_polynomial_ZERO_ea(); 7622 for (size_t i = (size_t)0U; 7623 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { 7624 size_t i0 = i; 7625 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = 7626 libcrux_ml_kem_vector_portable_ntt_multiply_b8( 7627 &myself->coefficients[i0], &rhs->coefficients[i0], 7628 libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0), 7629 libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 + 7630 (size_t)1U), 7631 libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 + 7632 (size_t)2U), 7633 libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 + 7634 (size_t)3U)); 7635 out.coefficients[i0] = uu____0; 7636 } 7637 return out; 7638 } 7639 7640 /** 7641 This function found in impl 7642 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0, 7643 TraitClause@1]} 7644 */ 7645 /** 7646 A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_d6 7647 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7648 with const generics 7649 7650 */ 7651 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d 7652 libcrux_ml_kem_polynomial_ntt_multiply_d6_ea( 7653 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, 7654 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) { 7655 return libcrux_ml_kem_polynomial_ntt_multiply_ea(self, rhs); 7656 } 7657 7658 /** 7659 Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise 7660 sum of their constituent coefficients. 7661 */ 7662 /** 7663 A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element 7664 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7665 with const generics 7666 - K= 3 7667 */ 7668 static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_1b( 7669 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself, 7670 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) { 7671 for (size_t i = (size_t)0U; 7672 i < Eurydice_slice_len( 7673 Eurydice_array_to_slice( 7674 (size_t)16U, myself->coefficients, 7675 libcrux_ml_kem_vector_portable_vector_type_PortableVector), 7676 libcrux_ml_kem_vector_portable_vector_type_PortableVector); 7677 i++) { 7678 size_t i0 = i; 7679 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = 7680 libcrux_ml_kem_vector_portable_add_b8(myself->coefficients[i0], 7681 &rhs->coefficients[i0]); 7682 myself->coefficients[i0] = uu____0; 7683 } 7684 } 7685 7686 /** 7687 This function found in impl 7688 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0, 7689 TraitClause@1]} 7690 */ 7691 /** 7692 A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 7693 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7694 with const generics 7695 - K= 3 7696 */ 7697 static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_d6_1b( 7698 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, 7699 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) { 7700 libcrux_ml_kem_polynomial_add_to_ring_element_1b(self, rhs); 7701 } 7702 7703 /** 7704 A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 7705 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7706 with const generics 7707 7708 */ 7709 static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_ea( 7710 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { 7711 for (size_t i = (size_t)0U; i < (size_t)16U; i++) { 7712 size_t round = i; 7713 zeta_i[0U] = zeta_i[0U] - (size_t)1U; 7714 re->coefficients[round] = 7715 libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_b8( 7716 re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]), 7717 libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)1U), 7718 libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)2U), 7719 libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)3U)); 7720 zeta_i[0U] = zeta_i[0U] - (size_t)3U; 7721 } 7722 } 7723 7724 /** 7725 A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 7726 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7727 with const generics 7728 7729 */ 7730 static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ea( 7731 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { 7732 for (size_t i = (size_t)0U; i < (size_t)16U; i++) { 7733 size_t round = i; 7734 zeta_i[0U] = zeta_i[0U] - (size_t)1U; 7735 re->coefficients[round] = 7736 libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_b8( 7737 re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]), 7738 libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)1U)); 7739 zeta_i[0U] = zeta_i[0U] - (size_t)1U; 7740 } 7741 } 7742 7743 /** 7744 A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 7745 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7746 with const generics 7747 7748 */ 7749 static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_ea( 7750 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { 7751 for (size_t i = (size_t)0U; i < (size_t)16U; i++) { 7752 size_t round = i; 7753 zeta_i[0U] = zeta_i[0U] - (size_t)1U; 7754 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = 7755 libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_b8( 7756 re->coefficients[round], 7757 libcrux_ml_kem_polynomial_zeta(zeta_i[0U])); 7758 re->coefficients[round] = uu____0; 7759 } 7760 } 7761 7762 /** 7763 A monomorphic instance of 7764 libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types 7765 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics 7766 7767 */ 7768 static KRML_MUSTINLINE 7769 libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 7770 libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ea( 7771 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, 7772 libcrux_ml_kem_vector_portable_vector_type_PortableVector b, 7773 int16_t zeta_r) { 7774 libcrux_ml_kem_vector_portable_vector_type_PortableVector a_minus_b = 7775 libcrux_ml_kem_vector_portable_sub_b8(b, &a); 7776 a = libcrux_ml_kem_vector_portable_barrett_reduce_b8( 7777 libcrux_ml_kem_vector_portable_add_b8(a, &b)); 7778 b = libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8( 7779 a_minus_b, zeta_r); 7780 return (KRML_CLITERAL( 7781 libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){.fst = a, 7782 .snd = b}); 7783 } 7784 7785 /** 7786 A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus 7787 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7788 with const generics 7789 7790 */ 7791 static KRML_MUSTINLINE void 7792 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ea( 7793 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, 7794 size_t layer) { 7795 size_t step = (size_t)1U << (uint32_t)layer; 7796 for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { 7797 size_t round = i0; 7798 zeta_i[0U] = zeta_i[0U] - (size_t)1U; 7799 size_t offset = round * step * (size_t)2U; 7800 size_t offset_vec = 7801 offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; 7802 size_t step_vec = 7803 step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; 7804 for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { 7805 size_t j = i; 7806 libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = 7807 libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ea( 7808 re->coefficients[j], re->coefficients[j + step_vec], 7809 libcrux_ml_kem_polynomial_zeta(zeta_i[0U])); 7810 libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; 7811 libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd; 7812 re->coefficients[j] = x; 7813 re->coefficients[j + step_vec] = y; 7814 } 7815 } 7816 } 7817 7818 /** 7819 A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery 7820 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7821 with const generics 7822 - K= 3 7823 */ 7824 static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b( 7825 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { 7826 size_t zeta_i = 7827 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; 7828 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_ea(&zeta_i, re); 7829 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ea(&zeta_i, re); 7830 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_ea(&zeta_i, re); 7831 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ea(&zeta_i, re, 7832 (size_t)4U); 7833 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ea(&zeta_i, re, 7834 (size_t)5U); 7835 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ea(&zeta_i, re, 7836 (size_t)6U); 7837 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ea(&zeta_i, re, 7838 (size_t)7U); 7839 libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_ea(re); 7840 } 7841 7842 /** 7843 A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce 7844 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7845 with const generics 7846 7847 */ 7848 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d 7849 libcrux_ml_kem_polynomial_subtract_reduce_ea( 7850 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself, 7851 libcrux_ml_kem_polynomial_PolynomialRingElement_1d b) { 7852 for (size_t i = (size_t)0U; 7853 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { 7854 size_t i0 = i; 7855 libcrux_ml_kem_vector_portable_vector_type_PortableVector 7856 coefficient_normal_form = 7857 libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8( 7858 b.coefficients[i0], (int16_t)1441); 7859 libcrux_ml_kem_vector_portable_vector_type_PortableVector diff = 7860 libcrux_ml_kem_vector_portable_sub_b8(myself->coefficients[i0], 7861 &coefficient_normal_form); 7862 libcrux_ml_kem_vector_portable_vector_type_PortableVector red = 7863 libcrux_ml_kem_vector_portable_barrett_reduce_b8(diff); 7864 b.coefficients[i0] = red; 7865 } 7866 return b; 7867 } 7868 7869 /** 7870 This function found in impl 7871 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0, 7872 TraitClause@1]} 7873 */ 7874 /** 7875 A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_d6 7876 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7877 with const generics 7878 7879 */ 7880 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d 7881 libcrux_ml_kem_polynomial_subtract_reduce_d6_ea( 7882 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, 7883 libcrux_ml_kem_polynomial_PolynomialRingElement_1d b) { 7884 return libcrux_ml_kem_polynomial_subtract_reduce_ea(self, b); 7885 } 7886 7887 /** 7888 The following functions compute various expressions involving 7889 vectors and matrices. The computation of these expressions has been 7890 abstracted away into these functions in order to save on loop iterations. 7891 Compute v InverseNTT(s NTT(u)) 7892 */ 7893 /** 7894 A monomorphic instance of libcrux_ml_kem.matrix.compute_message 7895 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7896 with const generics 7897 - K= 3 7898 */ 7899 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d 7900 libcrux_ml_kem_matrix_compute_message_1b( 7901 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *v, 7902 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *secret_as_ntt, 7903 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *u_as_ntt) { 7904 libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = 7905 libcrux_ml_kem_polynomial_ZERO_d6_ea(); 7906 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 7907 size_t i0 = i; 7908 libcrux_ml_kem_polynomial_PolynomialRingElement_1d product = 7909 libcrux_ml_kem_polynomial_ntt_multiply_d6_ea(&secret_as_ntt[i0], 7910 &u_as_ntt[i0]); 7911 libcrux_ml_kem_polynomial_add_to_ring_element_d6_1b(&result, &product); 7912 } 7913 libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b(&result); 7914 return libcrux_ml_kem_polynomial_subtract_reduce_d6_ea(v, result); 7915 } 7916 7917 /** 7918 A monomorphic instance of libcrux_ml_kem.serialize.to_unsigned_field_modulus 7919 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7920 with const generics 7921 7922 */ 7923 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 7924 libcrux_ml_kem_serialize_to_unsigned_field_modulus_ea( 7925 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { 7926 return libcrux_ml_kem_vector_portable_to_unsigned_representative_b8(a); 7927 } 7928 7929 /** 7930 A monomorphic instance of 7931 libcrux_ml_kem.serialize.compress_then_serialize_message with types 7932 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics 7933 7934 */ 7935 static KRML_MUSTINLINE void 7936 libcrux_ml_kem_serialize_compress_then_serialize_message_ea( 7937 libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, uint8_t ret[32U]) { 7938 uint8_t serialized[32U] = {0U}; 7939 for (size_t i = (size_t)0U; i < (size_t)16U; i++) { 7940 size_t i0 = i; 7941 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = 7942 libcrux_ml_kem_serialize_to_unsigned_field_modulus_ea( 7943 re.coefficients[i0]); 7944 libcrux_ml_kem_vector_portable_vector_type_PortableVector 7945 coefficient_compressed = 7946 libcrux_ml_kem_vector_portable_compress_1_b8(coefficient); 7947 uint8_t bytes[2U]; 7948 libcrux_ml_kem_vector_portable_serialize_1_b8(coefficient_compressed, 7949 bytes); 7950 Eurydice_slice_copy( 7951 Eurydice_array_to_subslice3(serialized, (size_t)2U * i0, 7952 (size_t)2U * i0 + (size_t)2U, uint8_t *), 7953 Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), uint8_t); 7954 } 7955 memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); 7956 } 7957 7958 /** 7959 This function implements <strong>Algorithm 14</strong> of the 7960 NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. 7961 7962 Algorithm 14 is reproduced below: 7963 7964 ```plaintext 7965 Input: decryption key dk ^{384k}. 7966 Input: ciphertext c ^{32(dk + d)}. 7967 Output: message m ^{32}. 7968 7969 c c[0 : 32dk] 7970 c c[32dk : 32(dk + d)] 7971 u Decompress_{d}(ByteDecode_{d}(c)) 7972 v Decompress_{d}(ByteDecode_{d}(c)) 7973 ByteDecode(dk) 7974 w v - NTT-( NTT(u)) 7975 m ByteEncode(Compress(w)) 7976 return m 7977 ``` 7978 7979 The NIST FIPS 203 standard can be found at 7980 <https://csrc.nist.gov/pubs/fips/203/ipd>. 7981 */ 7982 /** 7983 A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked 7984 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 7985 with const generics 7986 - K= 3 7987 - CIPHERTEXT_SIZE= 1088 7988 - VECTOR_U_ENCODED_SIZE= 960 7989 - U_COMPRESSION_FACTOR= 10 7990 - V_COMPRESSION_FACTOR= 4 7991 */ 7992 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_decrypt_unpacked_42( 7993 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, 7994 uint8_t *ciphertext, uint8_t ret[32U]) { 7995 libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[3U]; 7996 libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c(ciphertext, u_as_ntt); 7997 libcrux_ml_kem_polynomial_PolynomialRingElement_1d v = 7998 libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_89( 7999 Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, 8000 (size_t)960U, uint8_t, size_t, 8001 uint8_t[])); 8002 libcrux_ml_kem_polynomial_PolynomialRingElement_1d message = 8003 libcrux_ml_kem_matrix_compute_message_1b(&v, secret_key->secret_as_ntt, 8004 u_as_ntt); 8005 uint8_t ret0[32U]; 8006 libcrux_ml_kem_serialize_compress_then_serialize_message_ea(message, ret0); 8007 memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); 8008 } 8009 8010 /** 8011 A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt 8012 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 8013 with const generics 8014 - K= 3 8015 - CIPHERTEXT_SIZE= 1088 8016 - VECTOR_U_ENCODED_SIZE= 960 8017 - U_COMPRESSION_FACTOR= 10 8018 - V_COMPRESSION_FACTOR= 4 8019 */ 8020 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_decrypt_42( 8021 Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { 8022 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 8023 secret_key_unpacked; 8024 libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret0[3U]; 8025 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 8026 /* original Rust expression is not an lvalue in C */ 8027 void *lvalue = (void *)0U; 8028 ret0[i] = libcrux_ml_kem_ind_cpa_decrypt_call_mut_0b_42(&lvalue, i); 8029 } 8030 memcpy( 8031 secret_key_unpacked.secret_as_ntt, ret0, 8032 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); 8033 libcrux_ml_kem_ind_cpa_deserialize_vector_1b( 8034 secret_key, secret_key_unpacked.secret_as_ntt); 8035 uint8_t ret1[32U]; 8036 libcrux_ml_kem_ind_cpa_decrypt_unpacked_42(&secret_key_unpacked, ciphertext, 8037 ret1); 8038 memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); 8039 } 8040 8041 /** 8042 This function found in impl {libcrux_ml_kem::hash_functions::Hash<K> for 8043 libcrux_ml_kem::hash_functions::portable::PortableHash<K>} 8044 */ 8045 /** 8046 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_4a 8047 with const generics 8048 - K= 3 8049 */ 8050 static inline void libcrux_ml_kem_hash_functions_portable_G_4a_e0( 8051 Eurydice_slice input, uint8_t ret[64U]) { 8052 libcrux_ml_kem_hash_functions_portable_G(input, ret); 8053 } 8054 8055 /** 8056 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF 8057 with const generics 8058 - LEN= 32 8059 */ 8060 static inline void libcrux_ml_kem_hash_functions_portable_PRF_9e( 8061 Eurydice_slice input, uint8_t ret[32U]) { 8062 uint8_t digest[32U] = {0U}; 8063 libcrux_sha3_portable_shake256( 8064 Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); 8065 memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); 8066 } 8067 8068 /** 8069 This function found in impl {libcrux_ml_kem::hash_functions::Hash<K> for 8070 libcrux_ml_kem::hash_functions::portable::PortableHash<K>} 8071 */ 8072 /** 8073 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF_4a 8074 with const generics 8075 - K= 3 8076 - LEN= 32 8077 */ 8078 static inline void libcrux_ml_kem_hash_functions_portable_PRF_4a_41( 8079 Eurydice_slice input, uint8_t ret[32U]) { 8080 libcrux_ml_kem_hash_functions_portable_PRF_9e(input, ret); 8081 } 8082 8083 /** 8084 A monomorphic instance of 8085 libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types 8086 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics 8087 - $3size_t 8088 */ 8089 typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { 8090 libcrux_ml_kem_polynomial_PolynomialRingElement_1d t_as_ntt[3U]; 8091 uint8_t seed_for_A[32U]; 8092 libcrux_ml_kem_polynomial_PolynomialRingElement_1d A[3U][3U]; 8093 } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; 8094 8095 /** 8096 This function found in impl {core::default::Default for 8097 libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked<Vector, 8098 K>[TraitClause@0, TraitClause@1]} 8099 */ 8100 /** 8101 A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8b 8102 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 8103 with const generics 8104 - K= 3 8105 */ 8106 static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 8107 libcrux_ml_kem_ind_cpa_unpacked_default_8b_1b(void) { 8108 libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[3U]; 8109 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 8110 uu____0[i] = libcrux_ml_kem_polynomial_ZERO_d6_ea(); 8111 } 8112 uint8_t uu____1[32U] = {0U}; 8113 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit; 8114 memcpy( 8115 lit.t_as_ntt, uu____0, 8116 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); 8117 memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); 8118 libcrux_ml_kem_polynomial_PolynomialRingElement_1d repeat_expression0[3U][3U]; 8119 for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { 8120 libcrux_ml_kem_polynomial_PolynomialRingElement_1d repeat_expression[3U]; 8121 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 8122 repeat_expression[i] = libcrux_ml_kem_polynomial_ZERO_d6_ea(); 8123 } 8124 memcpy(repeat_expression0[i0], repeat_expression, 8125 (size_t)3U * 8126 sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); 8127 } 8128 memcpy(lit.A, repeat_expression0, 8129 (size_t)3U * 8130 sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U])); 8131 return lit; 8132 } 8133 8134 /** 8135 Only use with public values. 8136 8137 This MUST NOT be used with secret inputs, like its caller 8138 `deserialize_ring_elements_reduced`. 8139 */ 8140 /** 8141 A monomorphic instance of 8142 libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types 8143 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics 8144 8145 */ 8146 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d 8147 libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ea( 8148 Eurydice_slice serialized) { 8149 libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = 8150 libcrux_ml_kem_polynomial_ZERO_d6_ea(); 8151 for (size_t i = (size_t)0U; 8152 i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { 8153 size_t i0 = i; 8154 Eurydice_slice bytes = 8155 Eurydice_slice_subslice3(serialized, i0 * (size_t)24U, 8156 i0 * (size_t)24U + (size_t)24U, uint8_t *); 8157 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = 8158 libcrux_ml_kem_vector_portable_deserialize_12_b8(bytes); 8159 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = 8160 libcrux_ml_kem_vector_portable_cond_subtract_3329_b8(coefficient); 8161 re.coefficients[i0] = uu____0; 8162 } 8163 return re; 8164 } 8165 8166 /** 8167 See [deserialize_ring_elements_reduced_out]. 8168 */ 8169 /** 8170 A monomorphic instance of 8171 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types 8172 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics 8173 - K= 3 8174 */ 8175 static KRML_MUSTINLINE void 8176 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1b( 8177 Eurydice_slice public_key, 8178 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *deserialized_pk) { 8179 for (size_t i = (size_t)0U; 8180 i < Eurydice_slice_len(public_key, uint8_t) / 8181 LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; 8182 i++) { 8183 size_t i0 = i; 8184 Eurydice_slice ring_element = Eurydice_slice_subslice3( 8185 public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, 8186 i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + 8187 LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, 8188 uint8_t *); 8189 libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = 8190 libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ea( 8191 ring_element); 8192 deserialized_pk[i0] = uu____0; 8193 } 8194 } 8195 8196 /** 8197 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PortableHash 8198 with const generics 8199 - $3size_t 8200 */ 8201 typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash_88_s { 8202 libcrux_sha3_generic_keccak_KeccakState_17 shake128_state[3U]; 8203 } libcrux_ml_kem_hash_functions_portable_PortableHash_88; 8204 8205 /** 8206 A monomorphic instance of 8207 libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_final with const 8208 generics 8209 - K= 3 8210 */ 8211 static inline libcrux_ml_kem_hash_functions_portable_PortableHash_88 8212 libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_e0( 8213 uint8_t (*input)[34U]) { 8214 libcrux_ml_kem_hash_functions_portable_PortableHash_88 shake128_state; 8215 libcrux_sha3_generic_keccak_KeccakState_17 repeat_expression[3U]; 8216 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 8217 repeat_expression[i] = libcrux_sha3_portable_incremental_shake128_init(); 8218 } 8219 memcpy(shake128_state.shake128_state, repeat_expression, 8220 (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_17)); 8221 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 8222 size_t i0 = i; 8223 libcrux_sha3_portable_incremental_shake128_absorb_final( 8224 &shake128_state.shake128_state[i0], 8225 Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t)); 8226 } 8227 return shake128_state; 8228 } 8229 8230 /** 8231 This function found in impl {libcrux_ml_kem::hash_functions::Hash<K> for 8232 libcrux_ml_kem::hash_functions::portable::PortableHash<K>} 8233 */ 8234 /** 8235 A monomorphic instance of 8236 libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_final_4a with const 8237 generics 8238 - K= 3 8239 */ 8240 static inline libcrux_ml_kem_hash_functions_portable_PortableHash_88 8241 libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_4a_e0( 8242 uint8_t (*input)[34U]) { 8243 return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_e0( 8244 input); 8245 } 8246 8247 /** 8248 A monomorphic instance of 8249 libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with 8250 const generics 8251 - K= 3 8252 */ 8253 static inline void 8254 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_e0( 8255 libcrux_ml_kem_hash_functions_portable_PortableHash_88 *st, 8256 uint8_t ret[3U][504U]) { 8257 uint8_t out[3U][504U] = {{0U}}; 8258 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 8259 size_t i0 = i; 8260 libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( 8261 &st->shake128_state[i0], 8262 Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t)); 8263 } 8264 memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); 8265 } 8266 8267 /** 8268 This function found in impl {libcrux_ml_kem::hash_functions::Hash<K> for 8269 libcrux_ml_kem::hash_functions::portable::PortableHash<K>} 8270 */ 8271 /** 8272 A monomorphic instance of 8273 libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_4a 8274 with const generics 8275 - K= 3 8276 */ 8277 static inline void 8278 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_4a_e0( 8279 libcrux_ml_kem_hash_functions_portable_PortableHash_88 *self, 8280 uint8_t ret[3U][504U]) { 8281 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_e0( 8282 self, ret); 8283 } 8284 8285 /** 8286 If `bytes` contains a set of uniformly random bytes, this function 8287 uniformly samples a ring element `` that is treated as being the NTT 8288 representation of the corresponding polynomial `a`. 8289 8290 Since rejection sampling is used, it is possible the supplied bytes are 8291 not enough to sample the element, in which case an `Err` is returned and the 8292 caller must try again with a fresh set of bytes. 8293 8294 This function <strong>partially</strong> implements <strong>Algorithm 8295 6</strong> of the NIST FIPS 203 standard, We say "partially" because this 8296 implementation only accepts a finite set of bytes as input and returns an error 8297 if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other 8298 hand samples from an infinite stream of bytes until the ring element is filled. 8299 Algorithm 6 is reproduced below: 8300 8301 ```plaintext 8302 Input: byte stream B *. 8303 Output: array . 8304 8305 i 0 8306 j 0 8307 while j < 256 do 8308 d B[i] + 256(B[i+1] mod 16) 8309 d B[i+1]/16 + 16B[i+2] 8310 if d < q then 8311 [j] d 8312 j j + 1 8313 end if 8314 if d < q and j < 256 then 8315 [j] d 8316 j j + 1 8317 end if 8318 i i + 3 8319 end while 8320 return 8321 ``` 8322 8323 The NIST FIPS 203 standard can be found at 8324 <https://csrc.nist.gov/pubs/fips/203/ipd>. 8325 */ 8326 /** 8327 A monomorphic instance of 8328 libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types 8329 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics 8330 - K= 3 8331 - N= 504 8332 */ 8333 static KRML_MUSTINLINE bool 8334 libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_89( 8335 uint8_t (*randomness)[504U], size_t *sampled_coefficients, 8336 int16_t (*out)[272U]) { 8337 for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { 8338 size_t i1 = i0; 8339 for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { 8340 size_t r = i; 8341 if (sampled_coefficients[i1] < 8342 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { 8343 size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_b8( 8344 Eurydice_array_to_subslice3(randomness[i1], r * (size_t)24U, 8345 r * (size_t)24U + (size_t)24U, 8346 uint8_t *), 8347 Eurydice_array_to_subslice3(out[i1], sampled_coefficients[i1], 8348 sampled_coefficients[i1] + (size_t)16U, 8349 int16_t *)); 8350 size_t uu____0 = i1; 8351 sampled_coefficients[uu____0] = sampled_coefficients[uu____0] + sampled; 8352 } 8353 } 8354 } 8355 bool done = true; 8356 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 8357 size_t i0 = i; 8358 if (sampled_coefficients[i0] >= 8359 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { 8360 sampled_coefficients[i0] = 8361 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; 8362 } else { 8363 done = false; 8364 } 8365 } 8366 return done; 8367 } 8368 8369 /** 8370 A monomorphic instance of 8371 libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const 8372 generics 8373 - K= 3 8374 */ 8375 static inline void 8376 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_e0( 8377 libcrux_ml_kem_hash_functions_portable_PortableHash_88 *st, 8378 uint8_t ret[3U][168U]) { 8379 uint8_t out[3U][168U] = {{0U}}; 8380 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 8381 size_t i0 = i; 8382 libcrux_sha3_portable_incremental_shake128_squeeze_next_block( 8383 &st->shake128_state[i0], 8384 Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t)); 8385 } 8386 memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); 8387 } 8388 8389 /** 8390 This function found in impl {libcrux_ml_kem::hash_functions::Hash<K> for 8391 libcrux_ml_kem::hash_functions::portable::PortableHash<K>} 8392 */ 8393 /** 8394 A monomorphic instance of 8395 libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_4a with const 8396 generics 8397 - K= 3 8398 */ 8399 static inline void 8400 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_4a_e0( 8401 libcrux_ml_kem_hash_functions_portable_PortableHash_88 *self, 8402 uint8_t ret[3U][168U]) { 8403 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_e0(self, 8404 ret); 8405 } 8406 8407 /** 8408 If `bytes` contains a set of uniformly random bytes, this function 8409 uniformly samples a ring element `` that is treated as being the NTT 8410 representation of the corresponding polynomial `a`. 8411 8412 Since rejection sampling is used, it is possible the supplied bytes are 8413 not enough to sample the element, in which case an `Err` is returned and the 8414 caller must try again with a fresh set of bytes. 8415 8416 This function <strong>partially</strong> implements <strong>Algorithm 8417 6</strong> of the NIST FIPS 203 standard, We say "partially" because this 8418 implementation only accepts a finite set of bytes as input and returns an error 8419 if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other 8420 hand samples from an infinite stream of bytes until the ring element is filled. 8421 Algorithm 6 is reproduced below: 8422 8423 ```plaintext 8424 Input: byte stream B *. 8425 Output: array . 8426 8427 i 0 8428 j 0 8429 while j < 256 do 8430 d B[i] + 256(B[i+1] mod 16) 8431 d B[i+1]/16 + 16B[i+2] 8432 if d < q then 8433 [j] d 8434 j j + 1 8435 end if 8436 if d < q and j < 256 then 8437 [j] d 8438 j j + 1 8439 end if 8440 i i + 3 8441 end while 8442 return 8443 ``` 8444 8445 The NIST FIPS 203 standard can be found at 8446 <https://csrc.nist.gov/pubs/fips/203/ipd>. 8447 */ 8448 /** 8449 A monomorphic instance of 8450 libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types 8451 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics 8452 - K= 3 8453 - N= 168 8454 */ 8455 static KRML_MUSTINLINE bool 8456 libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_890( 8457 uint8_t (*randomness)[168U], size_t *sampled_coefficients, 8458 int16_t (*out)[272U]) { 8459 for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { 8460 size_t i1 = i0; 8461 for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { 8462 size_t r = i; 8463 if (sampled_coefficients[i1] < 8464 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { 8465 size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_b8( 8466 Eurydice_array_to_subslice3(randomness[i1], r * (size_t)24U, 8467 r * (size_t)24U + (size_t)24U, 8468 uint8_t *), 8469 Eurydice_array_to_subslice3(out[i1], sampled_coefficients[i1], 8470 sampled_coefficients[i1] + (size_t)16U, 8471 int16_t *)); 8472 size_t uu____0 = i1; 8473 sampled_coefficients[uu____0] = sampled_coefficients[uu____0] + sampled; 8474 } 8475 } 8476 } 8477 bool done = true; 8478 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 8479 size_t i0 = i; 8480 if (sampled_coefficients[i0] >= 8481 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { 8482 sampled_coefficients[i0] = 8483 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; 8484 } else { 8485 done = false; 8486 } 8487 } 8488 return done; 8489 } 8490 8491 /** 8492 A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array 8493 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 8494 with const generics 8495 8496 */ 8497 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d 8498 libcrux_ml_kem_polynomial_from_i16_array_ea(Eurydice_slice a) { 8499 libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = 8500 libcrux_ml_kem_polynomial_ZERO_ea(); 8501 for (size_t i = (size_t)0U; 8502 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { 8503 size_t i0 = i; 8504 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = 8505 libcrux_ml_kem_vector_portable_from_i16_array_b8( 8506 Eurydice_slice_subslice3(a, i0 * (size_t)16U, 8507 (i0 + (size_t)1U) * (size_t)16U, 8508 int16_t *)); 8509 result.coefficients[i0] = uu____0; 8510 } 8511 return result; 8512 } 8513 8514 /** 8515 This function found in impl 8516 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0, 8517 TraitClause@1]} 8518 */ 8519 /** 8520 A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_d6 8521 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 8522 with const generics 8523 8524 */ 8525 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d 8526 libcrux_ml_kem_polynomial_from_i16_array_d6_ea(Eurydice_slice a) { 8527 return libcrux_ml_kem_polynomial_from_i16_array_ea(a); 8528 } 8529 8530 /** 8531 This function found in impl {core::ops::function::FnMut<(@Array<i16, 272usize>), 8532 libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0, 8533 TraitClause@2]> for libcrux_ml_kem::sampling::sample_from_xof::closure<Vector, 8534 Hasher, K>[TraitClause@0, TraitClause@1, TraitClause@2, TraitClause@3]} 8535 */ 8536 /** 8537 A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.call_mut_e7 8538 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, 8539 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const 8540 generics 8541 - K= 3 8542 */ 8543 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d 8544 libcrux_ml_kem_sampling_sample_from_xof_call_mut_e7_2b( 8545 void **_, int16_t tupled_args[272U]) { 8546 int16_t s[272U]; 8547 memcpy(s, tupled_args, (size_t)272U * sizeof(int16_t)); 8548 return libcrux_ml_kem_polynomial_from_i16_array_d6_ea( 8549 Eurydice_array_to_subslice3(s, (size_t)0U, (size_t)256U, int16_t *)); 8550 } 8551 8552 /** 8553 A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof 8554 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, 8555 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const 8556 generics 8557 - K= 3 8558 */ 8559 static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( 8560 uint8_t (*seeds)[34U], 8561 libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) { 8562 size_t sampled_coefficients[3U] = {0U}; 8563 int16_t out[3U][272U] = {{0U}}; 8564 libcrux_ml_kem_hash_functions_portable_PortableHash_88 xof_state = 8565 libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_4a_e0( 8566 seeds); 8567 uint8_t randomness0[3U][504U]; 8568 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_4a_e0( 8569 &xof_state, randomness0); 8570 bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_89( 8571 randomness0, sampled_coefficients, out); 8572 while (true) { 8573 if (done) { 8574 break; 8575 } else { 8576 uint8_t randomness[3U][168U]; 8577 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_4a_e0( 8578 &xof_state, randomness); 8579 done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_890( 8580 randomness, sampled_coefficients, out); 8581 } 8582 } 8583 /* Passing arrays by value in Rust generates a copy in C */ 8584 int16_t copy_of_out[3U][272U]; 8585 memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); 8586 libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret0[3U]; 8587 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 8588 /* original Rust expression is not an lvalue in C */ 8589 void *lvalue = (void *)0U; 8590 ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_call_mut_e7_2b( 8591 &lvalue, copy_of_out[i]); 8592 } 8593 memcpy( 8594 ret, ret0, 8595 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); 8596 } 8597 8598 /** 8599 A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A 8600 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, 8601 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const 8602 generics 8603 - K= 3 8604 */ 8605 static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_2b( 8606 libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*A_transpose)[3U], 8607 uint8_t *seed, bool transpose) { 8608 for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { 8609 size_t i1 = i0; 8610 uint8_t seeds[3U][34U]; 8611 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 8612 core_array__core__clone__Clone_for__Array_T__N___clone( 8613 (size_t)34U, seed, seeds[i], uint8_t, void *); 8614 } 8615 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 8616 size_t j = i; 8617 seeds[j][32U] = (uint8_t)i1; 8618 seeds[j][33U] = (uint8_t)j; 8619 } 8620 libcrux_ml_kem_polynomial_PolynomialRingElement_1d sampled[3U]; 8621 libcrux_ml_kem_sampling_sample_from_xof_2b(seeds, sampled); 8622 for (size_t i = (size_t)0U; 8623 i < Eurydice_slice_len( 8624 Eurydice_array_to_slice( 8625 (size_t)3U, sampled, 8626 libcrux_ml_kem_polynomial_PolynomialRingElement_1d), 8627 libcrux_ml_kem_polynomial_PolynomialRingElement_1d); 8628 i++) { 8629 size_t j = i; 8630 libcrux_ml_kem_polynomial_PolynomialRingElement_1d sample = sampled[j]; 8631 if (transpose) { 8632 A_transpose[j][i1] = sample; 8633 } else { 8634 A_transpose[i1][j] = sample; 8635 } 8636 } 8637 } 8638 } 8639 8640 /** 8641 A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key_mut 8642 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, 8643 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const 8644 generics 8645 - K= 3 8646 - T_AS_NTT_ENCODED_SIZE= 1152 8647 */ 8648 static KRML_MUSTINLINE void 8649 libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_3f( 8650 Eurydice_slice public_key, 8651 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 8652 *unpacked_public_key) { 8653 Eurydice_slice uu____0 = Eurydice_slice_subslice_to( 8654 public_key, (size_t)1152U, uint8_t, size_t, uint8_t[]); 8655 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1b( 8656 uu____0, unpacked_public_key->t_as_ntt); 8657 Eurydice_slice seed = Eurydice_slice_subslice_from( 8658 public_key, (size_t)1152U, uint8_t, size_t, uint8_t[]); 8659 libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[3U] = 8660 unpacked_public_key->A; 8661 uint8_t ret[34U]; 8662 libcrux_ml_kem_utils_into_padded_array_b6(seed, ret); 8663 libcrux_ml_kem_matrix_sample_matrix_A_2b(uu____1, ret, false); 8664 } 8665 8666 /** 8667 A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key 8668 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, 8669 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const 8670 generics 8671 - K= 3 8672 - T_AS_NTT_ENCODED_SIZE= 1152 8673 */ 8674 static KRML_MUSTINLINE 8675 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 8676 libcrux_ml_kem_ind_cpa_build_unpacked_public_key_3f( 8677 Eurydice_slice public_key) { 8678 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 8679 unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8b_1b(); 8680 libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_3f(public_key, 8681 &unpacked_public_key); 8682 return unpacked_public_key; 8683 } 8684 8685 /** 8686 A monomorphic instance of K. 8687 with types libcrux_ml_kem_polynomial_PolynomialRingElement 8688 libcrux_ml_kem_vector_portable_vector_type_PortableVector[3size_t], 8689 libcrux_ml_kem_polynomial_PolynomialRingElement 8690 libcrux_ml_kem_vector_portable_vector_type_PortableVector 8691 8692 */ 8693 typedef struct tuple_ed_s { 8694 libcrux_ml_kem_polynomial_PolynomialRingElement_1d fst[3U]; 8695 libcrux_ml_kem_polynomial_PolynomialRingElement_1d snd; 8696 } tuple_ed; 8697 8698 /** 8699 This function found in impl {core::ops::function::FnMut<(usize), 8700 libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0, 8701 TraitClause@2]> for libcrux_ml_kem::ind_cpa::encrypt_c1::closure<Vector, Hasher, 8702 K, C1_LEN, U_COMPRESSION_FACTOR, BLOCK_LEN, ETA1, ETA1_RANDOMNESS_SIZE, ETA2, 8703 ETA2_RANDOMNESS_SIZE>[TraitClause@0, TraitClause@1, TraitClause@2, 8704 TraitClause@3]} 8705 */ 8706 /** 8707 A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_c1.call_mut_f1 8708 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, 8709 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const 8710 generics 8711 - K= 3 8712 - C1_LEN= 960 8713 - U_COMPRESSION_FACTOR= 10 8714 - BLOCK_LEN= 320 8715 - ETA1= 2 8716 - ETA1_RANDOMNESS_SIZE= 128 8717 - ETA2= 2 8718 - ETA2_RANDOMNESS_SIZE= 128 8719 */ 8720 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d 8721 libcrux_ml_kem_ind_cpa_encrypt_c1_call_mut_f1_85(void **_, size_t tupled_args) { 8722 return libcrux_ml_kem_polynomial_ZERO_d6_ea(); 8723 } 8724 8725 /** 8726 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN 8727 with const generics 8728 - K= 3 8729 - LEN= 128 8730 */ 8731 static inline void libcrux_ml_kem_hash_functions_portable_PRFxN_41( 8732 uint8_t (*input)[33U], uint8_t ret[3U][128U]) { 8733 uint8_t out[3U][128U] = {{0U}}; 8734 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 8735 size_t i0 = i; 8736 libcrux_sha3_portable_shake256( 8737 Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), 8738 Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t)); 8739 } 8740 memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); 8741 } 8742 8743 /** 8744 This function found in impl {libcrux_ml_kem::hash_functions::Hash<K> for 8745 libcrux_ml_kem::hash_functions::portable::PortableHash<K>} 8746 */ 8747 /** 8748 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN_4a 8749 with const generics 8750 - K= 3 8751 - LEN= 128 8752 */ 8753 static inline void libcrux_ml_kem_hash_functions_portable_PRFxN_4a_41( 8754 uint8_t (*input)[33U], uint8_t ret[3U][128U]) { 8755 libcrux_ml_kem_hash_functions_portable_PRFxN_41(input, ret); 8756 } 8757 8758 /** 8759 Given a series of uniformly random bytes in `randomness`, for some number 8760 `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring 8761 element from a binomial distribution centered at 0 that uses two sets of `eta` 8762 coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` 8763 such such that `v {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: 8764 8765 ```plaintext 8766 - If v < 0, Pr[v] = Pr[-v] 8767 - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) 8768 ``` 8769 8770 The values `v < 0` are mapped to the appropriate `KyberFieldElement`. 8771 8772 The expected value is: 8773 8774 ```plaintext 8775 E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] 8776 + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. 8777 ``` 8778 8779 And the variance is: 8780 8781 ```plaintext 8782 Var(X) = E[(X - E[X])^2] 8783 = E[X^2] 8784 = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 8785 2^(2 * ETA)) = ETA / 2 8786 ``` 8787 8788 This function implements <strong>Algorithm 7</strong> of the NIST FIPS 203 8789 standard, which is reproduced below: 8790 8791 ```plaintext 8792 Input: byte array B ^{64}. 8793 Output: array f . 8794 8795 b BytesToBits(B) 8796 for (i 0; i < 256; i++) 8797 x (j=0 to - 1) b[2i + j] 8798 y (j=0 to - 1) b[2i + + j] 8799 f[i] xy mod q 8800 end for 8801 return f 8802 ``` 8803 8804 The NIST FIPS 203 standard can be found at 8805 <https://csrc.nist.gov/pubs/fips/203/ipd>. 8806 */ 8807 /** 8808 A monomorphic instance of 8809 libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types 8810 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics 8811 8812 */ 8813 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d 8814 libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ea( 8815 Eurydice_slice randomness) { 8816 int16_t sampled_i16s[256U] = {0U}; 8817 for (size_t i0 = (size_t)0U; 8818 i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { 8819 size_t chunk_number = i0; 8820 Eurydice_slice byte_chunk = Eurydice_slice_subslice3( 8821 randomness, chunk_number * (size_t)4U, 8822 chunk_number * (size_t)4U + (size_t)4U, uint8_t *); 8823 uint32_t random_bits_as_u32 = 8824 (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, 8825 uint8_t *) | 8826 (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, 8827 uint8_t *) 8828 << 8U) | 8829 (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, 8830 uint8_t *) 8831 << 16U) | 8832 (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, 8833 uint8_t *) 8834 << 24U; 8835 uint32_t even_bits = random_bits_as_u32 & 1431655765U; 8836 uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; 8837 uint32_t coin_toss_outcomes = even_bits + odd_bits; 8838 for (uint32_t i = 0U; i < 32U / 4U; i++) { 8839 uint32_t outcome_set = i; 8840 uint32_t outcome_set0 = outcome_set * 4U; 8841 int16_t outcome_1 = 8842 (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); 8843 int16_t outcome_2 = 8844 (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); 8845 size_t offset = (size_t)(outcome_set0 >> 2U); 8846 sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; 8847 } 8848 } 8849 return libcrux_ml_kem_polynomial_from_i16_array_d6_ea( 8850 Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); 8851 } 8852 8853 /** 8854 A monomorphic instance of 8855 libcrux_ml_kem.sampling.sample_from_binomial_distribution with types 8856 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics 8857 - ETA= 2 8858 */ 8859 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d 8860 libcrux_ml_kem_sampling_sample_from_binomial_distribution_a0( 8861 Eurydice_slice randomness) { 8862 return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ea( 8863 randomness); 8864 } 8865 8866 /** 8867 A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 8868 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 8869 with const generics 8870 8871 */ 8872 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_ea( 8873 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { 8874 size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; 8875 for (size_t i = (size_t)0U; i < step; i++) { 8876 size_t j = i; 8877 libcrux_ml_kem_vector_portable_vector_type_PortableVector t = 8878 libcrux_ml_kem_vector_portable_multiply_by_constant_b8( 8879 re->coefficients[j + step], (int16_t)-1600); 8880 re->coefficients[j + step] = 8881 libcrux_ml_kem_vector_portable_sub_b8(re->coefficients[j], &t); 8882 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = 8883 libcrux_ml_kem_vector_portable_add_b8(re->coefficients[j], &t); 8884 re->coefficients[j] = uu____1; 8885 } 8886 } 8887 8888 /** 8889 A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element 8890 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 8891 with const generics 8892 8893 */ 8894 static KRML_MUSTINLINE void 8895 libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_ea( 8896 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { 8897 libcrux_ml_kem_ntt_ntt_at_layer_7_ea(re); 8898 size_t zeta_i = (size_t)1U; 8899 libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)6U, 8900 (size_t)11207U); 8901 libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)5U, 8902 (size_t)11207U + (size_t)3328U); 8903 libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea( 8904 &zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U); 8905 libcrux_ml_kem_ntt_ntt_at_layer_3_ea( 8906 &zeta_i, re, (size_t)11207U + (size_t)3U * (size_t)3328U); 8907 libcrux_ml_kem_ntt_ntt_at_layer_2_ea( 8908 &zeta_i, re, (size_t)11207U + (size_t)4U * (size_t)3328U); 8909 libcrux_ml_kem_ntt_ntt_at_layer_1_ea( 8910 &zeta_i, re, (size_t)11207U + (size_t)5U * (size_t)3328U); 8911 libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_ea(re); 8912 } 8913 8914 /** 8915 Sample a vector of ring elements from a centered binomial distribution and 8916 convert them into their NTT representations. 8917 */ 8918 /** 8919 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt 8920 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, 8921 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const 8922 generics 8923 - K= 3 8924 - ETA= 2 8925 - ETA_RANDOMNESS_SIZE= 128 8926 */ 8927 static KRML_MUSTINLINE uint8_t 8928 libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b( 8929 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re_as_ntt, 8930 uint8_t *prf_input, uint8_t domain_separator) { 8931 uint8_t prf_inputs[3U][33U]; 8932 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 8933 core_array__core__clone__Clone_for__Array_T__N___clone( 8934 (size_t)33U, prf_input, prf_inputs[i], uint8_t, void *); 8935 } 8936 domain_separator = 8937 libcrux_ml_kem_utils_prf_input_inc_e0(prf_inputs, domain_separator); 8938 uint8_t prf_outputs[3U][128U]; 8939 libcrux_ml_kem_hash_functions_portable_PRFxN_4a_41(prf_inputs, prf_outputs); 8940 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 8941 size_t i0 = i; 8942 re_as_ntt[i0] = 8943 libcrux_ml_kem_sampling_sample_from_binomial_distribution_a0( 8944 Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); 8945 libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_ea(&re_as_ntt[i0]); 8946 } 8947 return domain_separator; 8948 } 8949 8950 /** 8951 This function found in impl {core::ops::function::FnMut<(usize), 8952 libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0, 8953 TraitClause@2]> for libcrux_ml_kem::ind_cpa::encrypt_c1::closure#1<Vector, 8954 Hasher, K, C1_LEN, U_COMPRESSION_FACTOR, BLOCK_LEN, ETA1, ETA1_RANDOMNESS_SIZE, 8955 ETA2, ETA2_RANDOMNESS_SIZE>[TraitClause@0, TraitClause@1, TraitClause@2, 8956 TraitClause@3]} 8957 */ 8958 /** 8959 A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_c1.call_mut_dd 8960 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, 8961 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const 8962 generics 8963 - K= 3 8964 - C1_LEN= 960 8965 - U_COMPRESSION_FACTOR= 10 8966 - BLOCK_LEN= 320 8967 - ETA1= 2 8968 - ETA1_RANDOMNESS_SIZE= 128 8969 - ETA2= 2 8970 - ETA2_RANDOMNESS_SIZE= 128 8971 */ 8972 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d 8973 libcrux_ml_kem_ind_cpa_encrypt_c1_call_mut_dd_85(void **_, size_t tupled_args) { 8974 return libcrux_ml_kem_polynomial_ZERO_d6_ea(); 8975 } 8976 8977 /** 8978 Sample a vector of ring elements from a centered binomial distribution. 8979 */ 8980 /** 8981 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd 8982 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, 8983 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const 8984 generics 8985 - K= 3 8986 - ETA2_RANDOMNESS_SIZE= 128 8987 - ETA2= 2 8988 */ 8989 static KRML_MUSTINLINE uint8_t 8990 libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_3b( 8991 uint8_t *prf_input, uint8_t domain_separator, 8992 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_1) { 8993 uint8_t prf_inputs[3U][33U]; 8994 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 8995 core_array__core__clone__Clone_for__Array_T__N___clone( 8996 (size_t)33U, prf_input, prf_inputs[i], uint8_t, void *); 8997 } 8998 domain_separator = 8999 libcrux_ml_kem_utils_prf_input_inc_e0(prf_inputs, domain_separator); 9000 uint8_t prf_outputs[3U][128U]; 9001 libcrux_ml_kem_hash_functions_portable_PRFxN_4a_41(prf_inputs, prf_outputs); 9002 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 9003 size_t i0 = i; 9004 libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = 9005 libcrux_ml_kem_sampling_sample_from_binomial_distribution_a0( 9006 Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); 9007 error_1[i0] = uu____0; 9008 } 9009 return domain_separator; 9010 } 9011 9012 /** 9013 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF 9014 with const generics 9015 - LEN= 128 9016 */ 9017 static inline void libcrux_ml_kem_hash_functions_portable_PRF_a6( 9018 Eurydice_slice input, uint8_t ret[128U]) { 9019 uint8_t digest[128U] = {0U}; 9020 libcrux_sha3_portable_shake256( 9021 Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); 9022 memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); 9023 } 9024 9025 /** 9026 This function found in impl {libcrux_ml_kem::hash_functions::Hash<K> for 9027 libcrux_ml_kem::hash_functions::portable::PortableHash<K>} 9028 */ 9029 /** 9030 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF_4a 9031 with const generics 9032 - K= 3 9033 - LEN= 128 9034 */ 9035 static inline void libcrux_ml_kem_hash_functions_portable_PRF_4a_410( 9036 Eurydice_slice input, uint8_t ret[128U]) { 9037 libcrux_ml_kem_hash_functions_portable_PRF_a6(input, ret); 9038 } 9039 9040 /** 9041 This function found in impl {core::ops::function::FnMut<(usize), 9042 libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0, 9043 TraitClause@1]> for libcrux_ml_kem::matrix::compute_vector_u::closure<Vector, 9044 K>[TraitClause@0, TraitClause@1]} 9045 */ 9046 /** 9047 A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u.call_mut_a8 9048 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 9049 with const generics 9050 - K= 3 9051 */ 9052 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d 9053 libcrux_ml_kem_matrix_compute_vector_u_call_mut_a8_1b(void **_, 9054 size_t tupled_args) { 9055 return libcrux_ml_kem_polynomial_ZERO_d6_ea(); 9056 } 9057 9058 /** 9059 A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce 9060 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 9061 with const generics 9062 9063 */ 9064 static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ea( 9065 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself, 9066 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) { 9067 for (size_t i = (size_t)0U; 9068 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { 9069 size_t j = i; 9070 libcrux_ml_kem_vector_portable_vector_type_PortableVector 9071 coefficient_normal_form = 9072 libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8( 9073 myself->coefficients[j], (int16_t)1441); 9074 libcrux_ml_kem_vector_portable_vector_type_PortableVector sum = 9075 libcrux_ml_kem_vector_portable_add_b8(coefficient_normal_form, 9076 &error->coefficients[j]); 9077 libcrux_ml_kem_vector_portable_vector_type_PortableVector red = 9078 libcrux_ml_kem_vector_portable_barrett_reduce_b8(sum); 9079 myself->coefficients[j] = red; 9080 } 9081 } 9082 9083 /** 9084 This function found in impl 9085 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0, 9086 TraitClause@1]} 9087 */ 9088 /** 9089 A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_d6 9090 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 9091 with const generics 9092 9093 */ 9094 static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_ea( 9095 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, 9096 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) { 9097 libcrux_ml_kem_polynomial_add_error_reduce_ea(self, error); 9098 } 9099 9100 /** 9101 Compute u := InvertNTT(A r) + e 9102 */ 9103 /** 9104 A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u 9105 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 9106 with const generics 9107 - K= 3 9108 */ 9109 static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_1b( 9110 libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*a_as_ntt)[3U], 9111 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt, 9112 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_1, 9113 libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) { 9114 libcrux_ml_kem_polynomial_PolynomialRingElement_1d result[3U]; 9115 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 9116 /* original Rust expression is not an lvalue in C */ 9117 void *lvalue = (void *)0U; 9118 result[i] = 9119 libcrux_ml_kem_matrix_compute_vector_u_call_mut_a8_1b(&lvalue, i); 9120 } 9121 for (size_t i0 = (size_t)0U; 9122 i0 < Eurydice_slice_len( 9123 Eurydice_array_to_slice( 9124 (size_t)3U, a_as_ntt, 9125 libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]), 9126 libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]); 9127 i0++) { 9128 size_t i1 = i0; 9129 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = a_as_ntt[i1]; 9130 for (size_t i = (size_t)0U; 9131 i < Eurydice_slice_len( 9132 Eurydice_array_to_slice( 9133 (size_t)3U, row, 9134 libcrux_ml_kem_polynomial_PolynomialRingElement_1d), 9135 libcrux_ml_kem_polynomial_PolynomialRingElement_1d); 9136 i++) { 9137 size_t j = i; 9138 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *a_element = &row[j]; 9139 libcrux_ml_kem_polynomial_PolynomialRingElement_1d product = 9140 libcrux_ml_kem_polynomial_ntt_multiply_d6_ea(a_element, &r_as_ntt[j]); 9141 libcrux_ml_kem_polynomial_add_to_ring_element_d6_1b(&result[i1], 9142 &product); 9143 } 9144 libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b(&result[i1]); 9145 libcrux_ml_kem_polynomial_add_error_reduce_d6_ea(&result[i1], &error_1[i1]); 9146 } 9147 memcpy( 9148 ret, result, 9149 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); 9150 } 9151 9152 /** 9153 A monomorphic instance of libcrux_ml_kem.vector.portable.compress.compress 9154 with const generics 9155 - COEFFICIENT_BITS= 10 9156 */ 9157 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 9158 libcrux_ml_kem_vector_portable_compress_compress_ef( 9159 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { 9160 for (size_t i = (size_t)0U; 9161 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { 9162 size_t i0 = i; 9163 int16_t uu____0 = libcrux_secrets_int_as_i16_f5( 9164 libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( 9165 (uint8_t)(int32_t)10, 9166 libcrux_secrets_int_as_u16_f5(a.elements[i0]))); 9167 a.elements[i0] = uu____0; 9168 } 9169 return a; 9170 } 9171 9172 /** 9173 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 9174 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 9175 */ 9176 /** 9177 A monomorphic instance of libcrux_ml_kem.vector.portable.compress_b8 9178 with const generics 9179 - COEFFICIENT_BITS= 10 9180 */ 9181 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 9182 libcrux_ml_kem_vector_portable_compress_b8_ef( 9183 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { 9184 return libcrux_ml_kem_vector_portable_compress_compress_ef(a); 9185 } 9186 9187 /** 9188 A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 9189 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 9190 with const generics 9191 - OUT_LEN= 320 9192 */ 9193 static KRML_MUSTINLINE void 9194 libcrux_ml_kem_serialize_compress_then_serialize_10_ff( 9195 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[320U]) { 9196 uint8_t serialized[320U] = {0U}; 9197 for (size_t i = (size_t)0U; 9198 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { 9199 size_t i0 = i; 9200 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = 9201 libcrux_ml_kem_vector_portable_compress_b8_ef( 9202 libcrux_ml_kem_serialize_to_unsigned_field_modulus_ea( 9203 re->coefficients[i0])); 9204 uint8_t bytes[20U]; 9205 libcrux_ml_kem_vector_portable_serialize_10_b8(coefficient, bytes); 9206 Eurydice_slice_copy( 9207 Eurydice_array_to_subslice3(serialized, (size_t)20U * i0, 9208 (size_t)20U * i0 + (size_t)20U, uint8_t *), 9209 Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); 9210 } 9211 memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); 9212 } 9213 9214 /** 9215 A monomorphic instance of 9216 libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types 9217 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics 9218 - COMPRESSION_FACTOR= 10 9219 - OUT_LEN= 320 9220 */ 9221 static KRML_MUSTINLINE void 9222 libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_fe( 9223 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[320U]) { 9224 uint8_t uu____0[320U]; 9225 libcrux_ml_kem_serialize_compress_then_serialize_10_ff(re, uu____0); 9226 memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); 9227 } 9228 9229 /** 9230 Call [`compress_then_serialize_ring_element_u`] on each ring element. 9231 */ 9232 /** 9233 A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u 9234 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 9235 with const generics 9236 - K= 3 9237 - OUT_LEN= 960 9238 - COMPRESSION_FACTOR= 10 9239 - BLOCK_LEN= 320 9240 */ 9241 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_43( 9242 libcrux_ml_kem_polynomial_PolynomialRingElement_1d input[3U], 9243 Eurydice_slice out) { 9244 for (size_t i = (size_t)0U; 9245 i < Eurydice_slice_len( 9246 Eurydice_array_to_slice( 9247 (size_t)3U, input, 9248 libcrux_ml_kem_polynomial_PolynomialRingElement_1d), 9249 libcrux_ml_kem_polynomial_PolynomialRingElement_1d); 9250 i++) { 9251 size_t i0 = i; 9252 libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = input[i0]; 9253 Eurydice_slice uu____0 = Eurydice_slice_subslice3( 9254 out, i0 * ((size_t)960U / (size_t)3U), 9255 (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t *); 9256 uint8_t ret[320U]; 9257 libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_fe(&re, 9258 ret); 9259 Eurydice_slice_copy( 9260 uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); 9261 } 9262 } 9263 9264 /** 9265 A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_c1 9266 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, 9267 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const 9268 generics 9269 - K= 3 9270 - C1_LEN= 960 9271 - U_COMPRESSION_FACTOR= 10 9272 - BLOCK_LEN= 320 9273 - ETA1= 2 9274 - ETA1_RANDOMNESS_SIZE= 128 9275 - ETA2= 2 9276 - ETA2_RANDOMNESS_SIZE= 128 9277 */ 9278 static KRML_MUSTINLINE tuple_ed libcrux_ml_kem_ind_cpa_encrypt_c1_85( 9279 Eurydice_slice randomness, 9280 libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*matrix)[3U], 9281 Eurydice_slice ciphertext) { 9282 uint8_t prf_input[33U]; 9283 libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input); 9284 libcrux_ml_kem_polynomial_PolynomialRingElement_1d r_as_ntt[3U]; 9285 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 9286 /* original Rust expression is not an lvalue in C */ 9287 void *lvalue = (void *)0U; 9288 r_as_ntt[i] = libcrux_ml_kem_ind_cpa_encrypt_c1_call_mut_f1_85(&lvalue, i); 9289 } 9290 uint8_t domain_separator0 = 9291 libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b(r_as_ntt, prf_input, 9292 0U); 9293 libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_1[3U]; 9294 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 9295 /* original Rust expression is not an lvalue in C */ 9296 void *lvalue = (void *)0U; 9297 error_1[i] = libcrux_ml_kem_ind_cpa_encrypt_c1_call_mut_dd_85(&lvalue, i); 9298 } 9299 uint8_t domain_separator = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_3b( 9300 prf_input, domain_separator0, error_1); 9301 prf_input[32U] = domain_separator; 9302 uint8_t prf_output[128U]; 9303 libcrux_ml_kem_hash_functions_portable_PRF_4a_410( 9304 Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); 9305 libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_2 = 9306 libcrux_ml_kem_sampling_sample_from_binomial_distribution_a0( 9307 Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); 9308 libcrux_ml_kem_polynomial_PolynomialRingElement_1d u[3U]; 9309 libcrux_ml_kem_matrix_compute_vector_u_1b(matrix, r_as_ntt, error_1, u); 9310 libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[3U]; 9311 memcpy( 9312 uu____0, u, 9313 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); 9314 libcrux_ml_kem_ind_cpa_compress_then_serialize_u_43(uu____0, ciphertext); 9315 /* Passing arrays by value in Rust generates a copy in C */ 9316 libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_r_as_ntt[3U]; 9317 memcpy( 9318 copy_of_r_as_ntt, r_as_ntt, 9319 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); 9320 tuple_ed lit; 9321 memcpy( 9322 lit.fst, copy_of_r_as_ntt, 9323 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); 9324 lit.snd = error_2; 9325 return lit; 9326 } 9327 9328 /** 9329 A monomorphic instance of 9330 libcrux_ml_kem.serialize.deserialize_then_decompress_message with types 9331 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics 9332 9333 */ 9334 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d 9335 libcrux_ml_kem_serialize_deserialize_then_decompress_message_ea( 9336 uint8_t *serialized) { 9337 libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = 9338 libcrux_ml_kem_polynomial_ZERO_d6_ea(); 9339 for (size_t i = (size_t)0U; i < (size_t)16U; i++) { 9340 size_t i0 = i; 9341 libcrux_ml_kem_vector_portable_vector_type_PortableVector 9342 coefficient_compressed = 9343 libcrux_ml_kem_vector_portable_deserialize_1_b8( 9344 Eurydice_array_to_subslice3(serialized, (size_t)2U * i0, 9345 (size_t)2U * i0 + (size_t)2U, 9346 uint8_t *)); 9347 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = 9348 libcrux_ml_kem_vector_portable_decompress_1_b8(coefficient_compressed); 9349 re.coefficients[i0] = uu____0; 9350 } 9351 return re; 9352 } 9353 9354 /** 9355 A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce 9356 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 9357 with const generics 9358 9359 */ 9360 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d 9361 libcrux_ml_kem_polynomial_add_message_error_reduce_ea( 9362 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself, 9363 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message, 9364 libcrux_ml_kem_polynomial_PolynomialRingElement_1d result) { 9365 for (size_t i = (size_t)0U; 9366 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { 9367 size_t i0 = i; 9368 libcrux_ml_kem_vector_portable_vector_type_PortableVector 9369 coefficient_normal_form = 9370 libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8( 9371 result.coefficients[i0], (int16_t)1441); 9372 libcrux_ml_kem_vector_portable_vector_type_PortableVector sum1 = 9373 libcrux_ml_kem_vector_portable_add_b8(myself->coefficients[i0], 9374 &message->coefficients[i0]); 9375 libcrux_ml_kem_vector_portable_vector_type_PortableVector sum2 = 9376 libcrux_ml_kem_vector_portable_add_b8(coefficient_normal_form, &sum1); 9377 libcrux_ml_kem_vector_portable_vector_type_PortableVector red = 9378 libcrux_ml_kem_vector_portable_barrett_reduce_b8(sum2); 9379 result.coefficients[i0] = red; 9380 } 9381 return result; 9382 } 9383 9384 /** 9385 This function found in impl 9386 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0, 9387 TraitClause@1]} 9388 */ 9389 /** 9390 A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_d6 9391 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 9392 with const generics 9393 9394 */ 9395 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d 9396 libcrux_ml_kem_polynomial_add_message_error_reduce_d6_ea( 9397 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, 9398 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message, 9399 libcrux_ml_kem_polynomial_PolynomialRingElement_1d result) { 9400 return libcrux_ml_kem_polynomial_add_message_error_reduce_ea(self, message, 9401 result); 9402 } 9403 9404 /** 9405 Compute InverseNTT(t r) + e + message 9406 */ 9407 /** 9408 A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v 9409 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 9410 with const generics 9411 - K= 3 9412 */ 9413 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d 9414 libcrux_ml_kem_matrix_compute_ring_element_v_1b( 9415 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt, 9416 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt, 9417 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_2, 9418 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message) { 9419 libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = 9420 libcrux_ml_kem_polynomial_ZERO_d6_ea(); 9421 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 9422 size_t i0 = i; 9423 libcrux_ml_kem_polynomial_PolynomialRingElement_1d product = 9424 libcrux_ml_kem_polynomial_ntt_multiply_d6_ea(&t_as_ntt[i0], 9425 &r_as_ntt[i0]); 9426 libcrux_ml_kem_polynomial_add_to_ring_element_d6_1b(&result, &product); 9427 } 9428 libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b(&result); 9429 return libcrux_ml_kem_polynomial_add_message_error_reduce_d6_ea( 9430 error_2, message, result); 9431 } 9432 9433 /** 9434 A monomorphic instance of libcrux_ml_kem.vector.portable.compress.compress 9435 with const generics 9436 - COEFFICIENT_BITS= 4 9437 */ 9438 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 9439 libcrux_ml_kem_vector_portable_compress_compress_d1( 9440 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { 9441 for (size_t i = (size_t)0U; 9442 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { 9443 size_t i0 = i; 9444 int16_t uu____0 = libcrux_secrets_int_as_i16_f5( 9445 libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( 9446 (uint8_t)(int32_t)4, 9447 libcrux_secrets_int_as_u16_f5(a.elements[i0]))); 9448 a.elements[i0] = uu____0; 9449 } 9450 return a; 9451 } 9452 9453 /** 9454 This function found in impl {libcrux_ml_kem::vector::traits::Operations for 9455 libcrux_ml_kem::vector::portable::vector_type::PortableVector} 9456 */ 9457 /** 9458 A monomorphic instance of libcrux_ml_kem.vector.portable.compress_b8 9459 with const generics 9460 - COEFFICIENT_BITS= 4 9461 */ 9462 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector 9463 libcrux_ml_kem_vector_portable_compress_b8_d1( 9464 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { 9465 return libcrux_ml_kem_vector_portable_compress_compress_d1(a); 9466 } 9467 9468 /** 9469 A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 9470 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 9471 with const generics 9472 9473 */ 9474 static KRML_MUSTINLINE void 9475 libcrux_ml_kem_serialize_compress_then_serialize_4_ea( 9476 libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, 9477 Eurydice_slice serialized) { 9478 for (size_t i = (size_t)0U; 9479 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { 9480 size_t i0 = i; 9481 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = 9482 libcrux_ml_kem_vector_portable_compress_b8_d1( 9483 libcrux_ml_kem_serialize_to_unsigned_field_modulus_ea( 9484 re.coefficients[i0])); 9485 uint8_t bytes[8U]; 9486 libcrux_ml_kem_vector_portable_serialize_4_b8(coefficient, bytes); 9487 Eurydice_slice_copy( 9488 Eurydice_slice_subslice3(serialized, (size_t)8U * i0, 9489 (size_t)8U * i0 + (size_t)8U, uint8_t *), 9490 Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); 9491 } 9492 } 9493 9494 /** 9495 A monomorphic instance of 9496 libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types 9497 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics 9498 - K= 3 9499 - COMPRESSION_FACTOR= 4 9500 - OUT_LEN= 128 9501 */ 9502 static KRML_MUSTINLINE void 9503 libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6c( 9504 libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, Eurydice_slice out) { 9505 libcrux_ml_kem_serialize_compress_then_serialize_4_ea(re, out); 9506 } 9507 9508 /** 9509 A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_c2 9510 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 9511 with const generics 9512 - K= 3 9513 - V_COMPRESSION_FACTOR= 4 9514 - C2_LEN= 128 9515 */ 9516 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_c2_6c( 9517 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt, 9518 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt, 9519 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_2, 9520 uint8_t *message, Eurydice_slice ciphertext) { 9521 libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element = 9522 libcrux_ml_kem_serialize_deserialize_then_decompress_message_ea(message); 9523 libcrux_ml_kem_polynomial_PolynomialRingElement_1d v = 9524 libcrux_ml_kem_matrix_compute_ring_element_v_1b( 9525 t_as_ntt, r_as_ntt, error_2, &message_as_ring_element); 9526 libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6c( 9527 v, ciphertext); 9528 } 9529 9530 /** 9531 This function implements <strong>Algorithm 13</strong> of the 9532 NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. 9533 9534 Algorithm 13 is reproduced below: 9535 9536 ```plaintext 9537 Input: encryption key ek ^{384k+32}. 9538 Input: message m ^{32}. 9539 Input: encryption randomness r ^{32}. 9540 Output: ciphertext c ^{32(dk + d)}. 9541 9542 N 0 9543 t ByteDecode(ek[0:384k]) 9544 ek[384k: 384k + 32] 9545 for (i 0; i < k; i++) 9546 for(j 0; j < k; j++) 9547 [i,j] SampleNTT(XOF(, i, j)) 9548 end for 9549 end for 9550 for(i 0; i < k; i++) 9551 r[i] SamplePolyCBD_{}(PRF_{}(r,N)) 9552 N N + 1 9553 end for 9554 for(i 0; i < k; i++) 9555 e[i] SamplePolyCBD_{}(PRF_{}(r,N)) 9556 N N + 1 9557 end for 9558 e SamplePolyCBD_{}(PRF_{}(r,N)) 9559 r NTT(r) 9560 u NTT-( r) + e 9561 Decompress(ByteDecode(m))) 9562 v NTT-(t r) + e + 9563 c ByteEncode_{d}(Compress_{d}(u)) 9564 c ByteEncode_{d}(Compress_{d}(v)) 9565 return c (c c) 9566 ``` 9567 9568 The NIST FIPS 203 standard can be found at 9569 <https://csrc.nist.gov/pubs/fips/203/ipd>. 9570 */ 9571 /** 9572 A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked 9573 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, 9574 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const 9575 generics 9576 - K= 3 9577 - CIPHERTEXT_SIZE= 1088 9578 - T_AS_NTT_ENCODED_SIZE= 1152 9579 - C1_LEN= 960 9580 - C2_LEN= 128 9581 - U_COMPRESSION_FACTOR= 10 9582 - V_COMPRESSION_FACTOR= 4 9583 - BLOCK_LEN= 320 9584 - ETA1= 2 9585 - ETA1_RANDOMNESS_SIZE= 128 9586 - ETA2= 2 9587 - ETA2_RANDOMNESS_SIZE= 128 9588 */ 9589 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a( 9590 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, 9591 uint8_t *message, Eurydice_slice randomness, uint8_t ret[1088U]) { 9592 uint8_t ciphertext[1088U] = {0U}; 9593 tuple_ed uu____0 = libcrux_ml_kem_ind_cpa_encrypt_c1_85( 9594 randomness, public_key->A, 9595 Eurydice_array_to_subslice3(ciphertext, (size_t)0U, (size_t)960U, 9596 uint8_t *)); 9597 libcrux_ml_kem_polynomial_PolynomialRingElement_1d r_as_ntt[3U]; 9598 memcpy( 9599 r_as_ntt, uu____0.fst, 9600 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); 9601 libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_2 = uu____0.snd; 9602 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____1 = 9603 public_key->t_as_ntt; 9604 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____2 = r_as_ntt; 9605 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____3 = &error_2; 9606 uint8_t *uu____4 = message; 9607 libcrux_ml_kem_ind_cpa_encrypt_c2_6c( 9608 uu____1, uu____2, uu____3, uu____4, 9609 Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, 9610 uint8_t, size_t, uint8_t[])); 9611 memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); 9612 } 9613 9614 /** 9615 A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt 9616 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, 9617 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const 9618 generics 9619 - K= 3 9620 - CIPHERTEXT_SIZE= 1088 9621 - T_AS_NTT_ENCODED_SIZE= 1152 9622 - C1_LEN= 960 9623 - C2_LEN= 128 9624 - U_COMPRESSION_FACTOR= 10 9625 - V_COMPRESSION_FACTOR= 4 9626 - BLOCK_LEN= 320 9627 - ETA1= 2 9628 - ETA1_RANDOMNESS_SIZE= 128 9629 - ETA2= 2 9630 - ETA2_RANDOMNESS_SIZE= 128 9631 */ 9632 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_2a( 9633 Eurydice_slice public_key, uint8_t *message, Eurydice_slice randomness, 9634 uint8_t ret[1088U]) { 9635 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 9636 unpacked_public_key = 9637 libcrux_ml_kem_ind_cpa_build_unpacked_public_key_3f(public_key); 9638 uint8_t ret0[1088U]; 9639 libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(&unpacked_public_key, message, 9640 randomness, ret0); 9641 memcpy(ret, ret0, (size_t)1088U * sizeof(uint8_t)); 9642 } 9643 9644 /** 9645 This function found in impl {libcrux_ml_kem::variant::Variant for 9646 libcrux_ml_kem::variant::MlKem} 9647 */ 9648 /** 9649 A monomorphic instance of libcrux_ml_kem.variant.kdf_39 9650 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] 9651 with const generics 9652 - K= 3 9653 - CIPHERTEXT_SIZE= 1088 9654 */ 9655 static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_39_d6( 9656 Eurydice_slice shared_secret, uint8_t *_, uint8_t ret[32U]) { 9657 uint8_t out[32U] = {0U}; 9658 Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), 9659 shared_secret, uint8_t); 9660 memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); 9661 } 9662 9663 /** 9664 This code verifies on some machines, runs out of memory on others 9665 */ 9666 /** 9667 A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate 9668 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, 9669 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], 9670 libcrux_ml_kem_variant_MlKem with const generics 9671 - K= 3 9672 - SECRET_KEY_SIZE= 2400 9673 - CPA_SECRET_KEY_SIZE= 1152 9674 - PUBLIC_KEY_SIZE= 1184 9675 - CIPHERTEXT_SIZE= 1088 9676 - T_AS_NTT_ENCODED_SIZE= 1152 9677 - C1_SIZE= 960 9678 - C2_SIZE= 128 9679 - VECTOR_U_COMPRESSION_FACTOR= 10 9680 - VECTOR_V_COMPRESSION_FACTOR= 4 9681 - C1_BLOCK_SIZE= 320 9682 - ETA1= 2 9683 - ETA1_RANDOMNESS_SIZE= 128 9684 - ETA2= 2 9685 - ETA2_RANDOMNESS_SIZE= 128 9686 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 9687 */ 9688 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_decapsulate_62( 9689 libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, 9690 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { 9691 Eurydice_slice_uint8_t_x4 uu____0 = 9692 libcrux_ml_kem_types_unpack_private_key_b4( 9693 Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t)); 9694 Eurydice_slice ind_cpa_secret_key = uu____0.fst; 9695 Eurydice_slice ind_cpa_public_key = uu____0.snd; 9696 Eurydice_slice ind_cpa_public_key_hash = uu____0.thd; 9697 Eurydice_slice implicit_rejection_value = uu____0.f3; 9698 uint8_t decrypted[32U]; 9699 libcrux_ml_kem_ind_cpa_decrypt_42(ind_cpa_secret_key, ciphertext->value, 9700 decrypted); 9701 uint8_t to_hash0[64U]; 9702 libcrux_ml_kem_utils_into_padded_array_24( 9703 Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); 9704 Eurydice_slice_copy( 9705 Eurydice_array_to_subslice_from( 9706 (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, 9707 uint8_t, size_t, uint8_t[]), 9708 ind_cpa_public_key_hash, uint8_t); 9709 uint8_t hashed[64U]; 9710 libcrux_ml_kem_hash_functions_portable_G_4a_e0( 9711 Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); 9712 Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( 9713 Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), 9714 LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, 9715 Eurydice_slice_uint8_t_x2); 9716 Eurydice_slice shared_secret0 = uu____1.fst; 9717 Eurydice_slice pseudorandomness = uu____1.snd; 9718 uint8_t to_hash[1120U]; 9719 libcrux_ml_kem_utils_into_padded_array_15(implicit_rejection_value, to_hash); 9720 Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( 9721 (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, 9722 uint8_t, size_t, uint8_t[]); 9723 Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_d3_80(ciphertext), 9724 uint8_t); 9725 uint8_t implicit_rejection_shared_secret0[32U]; 9726 libcrux_ml_kem_hash_functions_portable_PRF_4a_41( 9727 Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), 9728 implicit_rejection_shared_secret0); 9729 uint8_t expected_ciphertext[1088U]; 9730 libcrux_ml_kem_ind_cpa_encrypt_2a(ind_cpa_public_key, decrypted, 9731 pseudorandomness, expected_ciphertext); 9732 uint8_t implicit_rejection_shared_secret[32U]; 9733 libcrux_ml_kem_variant_kdf_39_d6( 9734 Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, 9735 uint8_t), 9736 libcrux_ml_kem_types_as_slice_a9_80(ciphertext), 9737 implicit_rejection_shared_secret); 9738 uint8_t shared_secret[32U]; 9739 libcrux_ml_kem_variant_kdf_39_d6( 9740 shared_secret0, libcrux_ml_kem_types_as_slice_a9_80(ciphertext), 9741 shared_secret); 9742 uint8_t ret0[32U]; 9743 libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( 9744 libcrux_ml_kem_types_as_ref_d3_80(ciphertext), 9745 Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), 9746 Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), 9747 Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, 9748 uint8_t), 9749 ret0); 9750 memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); 9751 } 9752 9753 /** 9754 Portable decapsulate 9755 */ 9756 /** 9757 A monomorphic instance of 9758 libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics 9759 - K= 3 9760 - SECRET_KEY_SIZE= 2400 9761 - CPA_SECRET_KEY_SIZE= 1152 9762 - PUBLIC_KEY_SIZE= 1184 9763 - CIPHERTEXT_SIZE= 1088 9764 - T_AS_NTT_ENCODED_SIZE= 1152 9765 - C1_SIZE= 960 9766 - C2_SIZE= 128 9767 - VECTOR_U_COMPRESSION_FACTOR= 10 9768 - VECTOR_V_COMPRESSION_FACTOR= 4 9769 - C1_BLOCK_SIZE= 320 9770 - ETA1= 2 9771 - ETA1_RANDOMNESS_SIZE= 128 9772 - ETA2= 2 9773 - ETA2_RANDOMNESS_SIZE= 128 9774 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 9775 */ 9776 static inline void 9777 libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_35( 9778 libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, 9779 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { 9780 libcrux_ml_kem_ind_cca_decapsulate_62(private_key, ciphertext, ret); 9781 } 9782 9783 /** 9784 Decapsulate ML-KEM 768 9785 9786 Generates an [`MlKemSharedSecret`]. 9787 The input is a reference to an [`MlKem768PrivateKey`] and an 9788 [`MlKem768Ciphertext`]. 9789 */ 9790 static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( 9791 libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, 9792 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { 9793 libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_35( 9794 private_key, ciphertext, ret); 9795 } 9796 9797 /** 9798 This function found in impl {libcrux_ml_kem::variant::Variant for 9799 libcrux_ml_kem::variant::MlKem} 9800 */ 9801 /** 9802 A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_39 9803 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] 9804 with const generics 9805 - K= 3 9806 */ 9807 static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_39_9c( 9808 Eurydice_slice randomness, uint8_t ret[32U]) { 9809 uint8_t out[32U] = {0U}; 9810 Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), 9811 randomness, uint8_t); 9812 memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); 9813 } 9814 9815 /** 9816 This function found in impl {libcrux_ml_kem::hash_functions::Hash<K> for 9817 libcrux_ml_kem::hash_functions::portable::PortableHash<K>} 9818 */ 9819 /** 9820 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_4a 9821 with const generics 9822 - K= 3 9823 */ 9824 static inline void libcrux_ml_kem_hash_functions_portable_H_4a_e0( 9825 Eurydice_slice input, uint8_t ret[32U]) { 9826 libcrux_ml_kem_hash_functions_portable_H(input, ret); 9827 } 9828 9829 /** 9830 A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate 9831 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, 9832 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], 9833 libcrux_ml_kem_variant_MlKem with const generics 9834 - K= 3 9835 - CIPHERTEXT_SIZE= 1088 9836 - PUBLIC_KEY_SIZE= 1184 9837 - T_AS_NTT_ENCODED_SIZE= 1152 9838 - C1_SIZE= 960 9839 - C2_SIZE= 128 9840 - VECTOR_U_COMPRESSION_FACTOR= 10 9841 - VECTOR_V_COMPRESSION_FACTOR= 4 9842 - C1_BLOCK_SIZE= 320 9843 - ETA1= 2 9844 - ETA1_RANDOMNESS_SIZE= 128 9845 - ETA2= 2 9846 - ETA2_RANDOMNESS_SIZE= 128 9847 */ 9848 static KRML_MUSTINLINE tuple_c2 libcrux_ml_kem_ind_cca_encapsulate_ca( 9849 libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, uint8_t *randomness) { 9850 uint8_t randomness0[32U]; 9851 libcrux_ml_kem_variant_entropy_preprocess_39_9c( 9852 Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); 9853 uint8_t to_hash[64U]; 9854 libcrux_ml_kem_utils_into_padded_array_24( 9855 Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); 9856 Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( 9857 (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, 9858 size_t, uint8_t[]); 9859 uint8_t ret0[32U]; 9860 libcrux_ml_kem_hash_functions_portable_H_4a_e0( 9861 Eurydice_array_to_slice((size_t)1184U, 9862 libcrux_ml_kem_types_as_slice_e6_d0(public_key), 9863 uint8_t), 9864 ret0); 9865 Eurydice_slice_copy( 9866 uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); 9867 uint8_t hashed[64U]; 9868 libcrux_ml_kem_hash_functions_portable_G_4a_e0( 9869 Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); 9870 Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( 9871 Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), 9872 LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, 9873 Eurydice_slice_uint8_t_x2); 9874 Eurydice_slice shared_secret = uu____1.fst; 9875 Eurydice_slice pseudorandomness = uu____1.snd; 9876 uint8_t ciphertext[1088U]; 9877 libcrux_ml_kem_ind_cpa_encrypt_2a( 9878 Eurydice_array_to_slice((size_t)1184U, 9879 libcrux_ml_kem_types_as_slice_e6_d0(public_key), 9880 uint8_t), 9881 randomness0, pseudorandomness, ciphertext); 9882 /* Passing arrays by value in Rust generates a copy in C */ 9883 uint8_t copy_of_ciphertext[1088U]; 9884 memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); 9885 tuple_c2 lit; 9886 lit.fst = libcrux_ml_kem_types_from_e0_80(copy_of_ciphertext); 9887 uint8_t ret[32U]; 9888 libcrux_ml_kem_variant_kdf_39_d6(shared_secret, ciphertext, ret); 9889 memcpy(lit.snd, ret, (size_t)32U * sizeof(uint8_t)); 9890 return lit; 9891 } 9892 9893 /** 9894 A monomorphic instance of 9895 libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics 9896 - K= 3 9897 - CIPHERTEXT_SIZE= 1088 9898 - PUBLIC_KEY_SIZE= 1184 9899 - T_AS_NTT_ENCODED_SIZE= 1152 9900 - C1_SIZE= 960 9901 - C2_SIZE= 128 9902 - VECTOR_U_COMPRESSION_FACTOR= 10 9903 - VECTOR_V_COMPRESSION_FACTOR= 4 9904 - C1_BLOCK_SIZE= 320 9905 - ETA1= 2 9906 - ETA1_RANDOMNESS_SIZE= 128 9907 - ETA2= 2 9908 - ETA2_RANDOMNESS_SIZE= 128 9909 */ 9910 static inline tuple_c2 9911 libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_cd( 9912 libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, uint8_t *randomness) { 9913 return libcrux_ml_kem_ind_cca_encapsulate_ca(public_key, randomness); 9914 } 9915 9916 /** 9917 Encapsulate ML-KEM 768 9918 9919 Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. 9920 The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] 9921 bytes of `randomness`. 9922 */ 9923 static inline tuple_c2 libcrux_ml_kem_mlkem768_portable_encapsulate( 9924 libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, 9925 uint8_t randomness[32U]) { 9926 return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_cd( 9927 public_key, randomness); 9928 } 9929 9930 /** 9931 This function found in impl {core::default::Default for 9932 libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked<Vector, 9933 K>[TraitClause@0, TraitClause@1]} 9934 */ 9935 /** 9936 A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_70 9937 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 9938 with const generics 9939 - K= 3 9940 */ 9941 static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 9942 libcrux_ml_kem_ind_cpa_unpacked_default_70_1b(void) { 9943 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 lit; 9944 libcrux_ml_kem_polynomial_PolynomialRingElement_1d repeat_expression[3U]; 9945 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 9946 repeat_expression[i] = libcrux_ml_kem_polynomial_ZERO_d6_ea(); 9947 } 9948 memcpy( 9949 lit.secret_as_ntt, repeat_expression, 9950 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); 9951 return lit; 9952 } 9953 9954 /** 9955 This function found in impl {libcrux_ml_kem::variant::Variant for 9956 libcrux_ml_kem::variant::MlKem} 9957 */ 9958 /** 9959 A monomorphic instance of libcrux_ml_kem.variant.cpa_keygen_seed_39 9960 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] 9961 with const generics 9962 - K= 3 9963 */ 9964 static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_39_9c( 9965 Eurydice_slice key_generation_seed, uint8_t ret[64U]) { 9966 uint8_t seed[33U] = {0U}; 9967 Eurydice_slice_copy( 9968 Eurydice_array_to_subslice3( 9969 seed, (size_t)0U, 9970 LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t *), 9971 key_generation_seed, uint8_t); 9972 seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = 9973 (uint8_t)(size_t)3U; 9974 uint8_t ret0[64U]; 9975 libcrux_ml_kem_hash_functions_portable_G_4a_e0( 9976 Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); 9977 memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); 9978 } 9979 9980 /** 9981 This function found in impl {core::ops::function::FnMut<(usize), 9982 libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0, 9983 TraitClause@3]> for 9984 libcrux_ml_kem::ind_cpa::generate_keypair_unpacked::closure<Vector, Hasher, 9985 Scheme, K, ETA1, ETA1_RANDOMNESS_SIZE>[TraitClause@0, TraitClause@1, 9986 TraitClause@2, TraitClause@3, TraitClause@4, TraitClause@5]} 9987 */ 9988 /** 9989 A monomorphic instance of 9990 libcrux_ml_kem.ind_cpa.generate_keypair_unpacked.call_mut_73 with types 9991 libcrux_ml_kem_vector_portable_vector_type_PortableVector, 9992 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], 9993 libcrux_ml_kem_variant_MlKem with const generics 9994 - K= 3 9995 - ETA1= 2 9996 - ETA1_RANDOMNESS_SIZE= 128 9997 */ 9998 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d 9999 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_call_mut_73_1c( 10000 void **_, size_t tupled_args) { 10001 return libcrux_ml_kem_polynomial_ZERO_d6_ea(); 10002 } 10003 10004 /** 10005 A monomorphic instance of libcrux_ml_kem.polynomial.to_standard_domain 10006 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 10007 with const generics 10008 10009 */ 10010 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector 10011 libcrux_ml_kem_polynomial_to_standard_domain_ea( 10012 libcrux_ml_kem_vector_portable_vector_type_PortableVector vector) { 10013 return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8( 10014 vector, 10015 LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); 10016 } 10017 10018 /** 10019 A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce 10020 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 10021 with const generics 10022 10023 */ 10024 static KRML_MUSTINLINE void 10025 libcrux_ml_kem_polynomial_add_standard_error_reduce_ea( 10026 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself, 10027 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) { 10028 for (size_t i = (size_t)0U; 10029 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { 10030 size_t j = i; 10031 libcrux_ml_kem_vector_portable_vector_type_PortableVector 10032 coefficient_normal_form = 10033 libcrux_ml_kem_polynomial_to_standard_domain_ea( 10034 myself->coefficients[j]); 10035 libcrux_ml_kem_vector_portable_vector_type_PortableVector sum = 10036 libcrux_ml_kem_vector_portable_add_b8(coefficient_normal_form, 10037 &error->coefficients[j]); 10038 libcrux_ml_kem_vector_portable_vector_type_PortableVector red = 10039 libcrux_ml_kem_vector_portable_barrett_reduce_b8(sum); 10040 myself->coefficients[j] = red; 10041 } 10042 } 10043 10044 /** 10045 This function found in impl 10046 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0, 10047 TraitClause@1]} 10048 */ 10049 /** 10050 A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_d6 10051 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 10052 with const generics 10053 10054 */ 10055 static KRML_MUSTINLINE void 10056 libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_ea( 10057 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, 10058 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) { 10059 libcrux_ml_kem_polynomial_add_standard_error_reduce_ea(self, error); 10060 } 10061 10062 /** 10063 Compute + 10064 */ 10065 /** 10066 A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e 10067 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 10068 with const generics 10069 - K= 3 10070 */ 10071 static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_1b( 10072 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt, 10073 libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*matrix_A)[3U], 10074 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *s_as_ntt, 10075 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_as_ntt) { 10076 for (size_t i = (size_t)0U; 10077 i < Eurydice_slice_len( 10078 Eurydice_array_to_slice( 10079 (size_t)3U, matrix_A, 10080 libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]), 10081 libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]); 10082 i++) { 10083 size_t i0 = i; 10084 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0]; 10085 libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = 10086 libcrux_ml_kem_polynomial_ZERO_d6_ea(); 10087 t_as_ntt[i0] = uu____0; 10088 for (size_t i1 = (size_t)0U; 10089 i1 < Eurydice_slice_len( 10090 Eurydice_array_to_slice( 10091 (size_t)3U, row, 10092 libcrux_ml_kem_polynomial_PolynomialRingElement_1d), 10093 libcrux_ml_kem_polynomial_PolynomialRingElement_1d); 10094 i1++) { 10095 size_t j = i1; 10096 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *matrix_element = 10097 &row[j]; 10098 libcrux_ml_kem_polynomial_PolynomialRingElement_1d product = 10099 libcrux_ml_kem_polynomial_ntt_multiply_d6_ea(matrix_element, 10100 &s_as_ntt[j]); 10101 libcrux_ml_kem_polynomial_add_to_ring_element_d6_1b(&t_as_ntt[i0], 10102 &product); 10103 } 10104 libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_ea( 10105 &t_as_ntt[i0], &error_as_ntt[i0]); 10106 } 10107 } 10108 10109 /** 10110 This function implements most of <strong>Algorithm 12</strong> of the 10111 NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation 10112 algorithm. 10113 10114 We say "most of" since Algorithm 12 samples the required randomness within 10115 the function itself, whereas this implementation expects it to be provided 10116 through the `key_generation_seed` parameter. 10117 10118 Algorithm 12 is reproduced below: 10119 10120 ```plaintext 10121 Output: encryption key ek ^{384k+32}. 10122 Output: decryption key dk ^{384k}. 10123 10124 d $ B 10125 (,) G(d) 10126 N 0 10127 for (i 0; i < k; i++) 10128 for(j 0; j < k; j++) 10129 [i,j] SampleNTT(XOF(, i, j)) 10130 end for 10131 end for 10132 for(i 0; i < k; i++) 10133 s[i] SamplePolyCBD_{}(PRF_{}(,N)) 10134 N N + 1 10135 end for 10136 for(i 0; i < k; i++) 10137 e[i] SamplePolyCBD_{}(PRF_{}(,N)) 10138 N N + 1 10139 end for 10140 NTT(s) 10141 NTT(e) 10142 t + 10143 ek ByteEncode(t) 10144 dk ByteEncode() 10145 ``` 10146 10147 The NIST FIPS 203 standard can be found at 10148 <https://csrc.nist.gov/pubs/fips/203/ipd>. 10149 */ 10150 /** 10151 A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked 10152 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, 10153 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], 10154 libcrux_ml_kem_variant_MlKem with const generics 10155 - K= 3 10156 - ETA1= 2 10157 - ETA1_RANDOMNESS_SIZE= 128 10158 */ 10159 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c( 10160 Eurydice_slice key_generation_seed, 10161 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key, 10162 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) { 10163 uint8_t hashed[64U]; 10164 libcrux_ml_kem_variant_cpa_keygen_seed_39_9c(key_generation_seed, hashed); 10165 Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( 10166 Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, 10167 uint8_t, Eurydice_slice_uint8_t_x2); 10168 Eurydice_slice seed_for_A = uu____0.fst; 10169 Eurydice_slice seed_for_secret_and_error = uu____0.snd; 10170 libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[3U] = 10171 public_key->A; 10172 uint8_t ret[34U]; 10173 libcrux_ml_kem_utils_into_padded_array_b6(seed_for_A, ret); 10174 libcrux_ml_kem_matrix_sample_matrix_A_2b(uu____1, ret, true); 10175 uint8_t prf_input[33U]; 10176 libcrux_ml_kem_utils_into_padded_array_c8(seed_for_secret_and_error, 10177 prf_input); 10178 uint8_t domain_separator = 10179 libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b( 10180 private_key->secret_as_ntt, prf_input, 0U); 10181 libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_as_ntt[3U]; 10182 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 10183 /* original Rust expression is not an lvalue in C */ 10184 void *lvalue = (void *)0U; 10185 error_as_ntt[i] = 10186 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_call_mut_73_1c(&lvalue, 10187 i); 10188 } 10189 libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b(error_as_ntt, prf_input, 10190 domain_separator); 10191 libcrux_ml_kem_matrix_compute_As_plus_e_1b( 10192 public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, 10193 error_as_ntt); 10194 uint8_t uu____2[32U]; 10195 Result_fb dst; 10196 Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U], 10197 TryFromSliceError); 10198 unwrap_26_b3(dst, uu____2); 10199 memcpy(public_key->seed_for_A, uu____2, (size_t)32U * sizeof(uint8_t)); 10200 } 10201 10202 /** 10203 A monomorphic instance of 10204 libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types 10205 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics 10206 10207 */ 10208 static KRML_MUSTINLINE void 10209 libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_ea( 10210 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[384U]) { 10211 uint8_t serialized[384U] = {0U}; 10212 for (size_t i = (size_t)0U; 10213 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { 10214 size_t i0 = i; 10215 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = 10216 libcrux_ml_kem_serialize_to_unsigned_field_modulus_ea( 10217 re->coefficients[i0]); 10218 uint8_t bytes[24U]; 10219 libcrux_ml_kem_vector_portable_serialize_12_b8(coefficient, bytes); 10220 Eurydice_slice_copy( 10221 Eurydice_array_to_subslice3(serialized, (size_t)24U * i0, 10222 (size_t)24U * i0 + (size_t)24U, uint8_t *), 10223 Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); 10224 } 10225 memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); 10226 } 10227 10228 /** 10229 Call [`serialize_uncompressed_ring_element`] for each ring element. 10230 */ 10231 /** 10232 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_vector 10233 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 10234 with const generics 10235 - K= 3 10236 */ 10237 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_vector_1b( 10238 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *key, 10239 Eurydice_slice out) { 10240 for (size_t i = (size_t)0U; 10241 i < Eurydice_slice_len( 10242 Eurydice_array_to_slice( 10243 (size_t)3U, key, 10244 libcrux_ml_kem_polynomial_PolynomialRingElement_1d), 10245 libcrux_ml_kem_polynomial_PolynomialRingElement_1d); 10246 i++) { 10247 size_t i0 = i; 10248 libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = key[i0]; 10249 Eurydice_slice uu____0 = Eurydice_slice_subslice3( 10250 out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, 10251 (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, 10252 uint8_t *); 10253 uint8_t ret[384U]; 10254 libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_ea(&re, ret); 10255 Eurydice_slice_copy( 10256 uu____0, Eurydice_array_to_slice((size_t)384U, ret, uint8_t), uint8_t); 10257 } 10258 } 10259 10260 /** 10261 Concatenate `t` and `` into the public key. 10262 */ 10263 /** 10264 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut 10265 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 10266 with const generics 10267 - K= 3 10268 - PUBLIC_KEY_SIZE= 1184 10269 */ 10270 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_89( 10271 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt, 10272 Eurydice_slice seed_for_a, uint8_t *serialized) { 10273 libcrux_ml_kem_ind_cpa_serialize_vector_1b( 10274 t_as_ntt, 10275 Eurydice_array_to_subslice3( 10276 serialized, (size_t)0U, 10277 libcrux_ml_kem_constants_ranked_bytes_per_ring_element((size_t)3U), 10278 uint8_t *)); 10279 Eurydice_slice_copy( 10280 Eurydice_array_to_subslice_from( 10281 (size_t)1184U, serialized, 10282 libcrux_ml_kem_constants_ranked_bytes_per_ring_element((size_t)3U), 10283 uint8_t, size_t, uint8_t[]), 10284 seed_for_a, uint8_t); 10285 } 10286 10287 /** 10288 Concatenate `t` and `` into the public key. 10289 */ 10290 /** 10291 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key 10292 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 10293 with const generics 10294 - K= 3 10295 - PUBLIC_KEY_SIZE= 1184 10296 */ 10297 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_89( 10298 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt, 10299 Eurydice_slice seed_for_a, uint8_t ret[1184U]) { 10300 uint8_t public_key_serialized[1184U] = {0U}; 10301 libcrux_ml_kem_ind_cpa_serialize_public_key_mut_89(t_as_ntt, seed_for_a, 10302 public_key_serialized); 10303 memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); 10304 } 10305 10306 /** 10307 Serialize the secret key from the unpacked key pair generation. 10308 */ 10309 /** 10310 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_unpacked_secret_key 10311 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 10312 with const generics 10313 - K= 3 10314 - PRIVATE_KEY_SIZE= 1152 10315 - PUBLIC_KEY_SIZE= 1184 10316 */ 10317 static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 10318 libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_6c( 10319 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, 10320 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key) { 10321 uint8_t public_key_serialized[1184U]; 10322 libcrux_ml_kem_ind_cpa_serialize_public_key_89( 10323 public_key->t_as_ntt, 10324 Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t), 10325 public_key_serialized); 10326 uint8_t secret_key_serialized[1152U] = {0U}; 10327 libcrux_ml_kem_ind_cpa_serialize_vector_1b( 10328 private_key->secret_as_ntt, 10329 Eurydice_array_to_slice((size_t)1152U, secret_key_serialized, uint8_t)); 10330 /* Passing arrays by value in Rust generates a copy in C */ 10331 uint8_t copy_of_secret_key_serialized[1152U]; 10332 memcpy(copy_of_secret_key_serialized, secret_key_serialized, 10333 (size_t)1152U * sizeof(uint8_t)); 10334 /* Passing arrays by value in Rust generates a copy in C */ 10335 uint8_t copy_of_public_key_serialized[1184U]; 10336 memcpy(copy_of_public_key_serialized, public_key_serialized, 10337 (size_t)1184U * sizeof(uint8_t)); 10338 libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; 10339 memcpy(lit.fst, copy_of_secret_key_serialized, 10340 (size_t)1152U * sizeof(uint8_t)); 10341 memcpy(lit.snd, copy_of_public_key_serialized, 10342 (size_t)1184U * sizeof(uint8_t)); 10343 return lit; 10344 } 10345 10346 /** 10347 A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair 10348 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, 10349 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], 10350 libcrux_ml_kem_variant_MlKem with const generics 10351 - K= 3 10352 - PRIVATE_KEY_SIZE= 1152 10353 - PUBLIC_KEY_SIZE= 1184 10354 - ETA1= 2 10355 - ETA1_RANDOMNESS_SIZE= 128 10356 */ 10357 static KRML_MUSTINLINE libcrux_ml_kem_utils_extraction_helper_Keypair768 10358 libcrux_ml_kem_ind_cpa_generate_keypair_ea(Eurydice_slice key_generation_seed) { 10359 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = 10360 libcrux_ml_kem_ind_cpa_unpacked_default_70_1b(); 10361 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = 10362 libcrux_ml_kem_ind_cpa_unpacked_default_8b_1b(); 10363 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c( 10364 key_generation_seed, &private_key, &public_key); 10365 return libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_6c(&public_key, 10366 &private_key); 10367 } 10368 10369 /** 10370 Serialize the secret key. 10371 */ 10372 /** 10373 A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key_mut 10374 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] 10375 with const generics 10376 - K= 3 10377 - SERIALIZED_KEY_LEN= 2400 10378 */ 10379 static KRML_MUSTINLINE void 10380 libcrux_ml_kem_ind_cca_serialize_kem_secret_key_mut_d6( 10381 Eurydice_slice private_key, Eurydice_slice public_key, 10382 Eurydice_slice implicit_rejection_value, uint8_t *serialized) { 10383 size_t pointer = (size_t)0U; 10384 uint8_t *uu____0 = serialized; 10385 size_t uu____1 = pointer; 10386 size_t uu____2 = pointer; 10387 Eurydice_slice_copy( 10388 Eurydice_array_to_subslice3( 10389 uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), 10390 uint8_t *), 10391 private_key, uint8_t); 10392 pointer = pointer + Eurydice_slice_len(private_key, uint8_t); 10393 uint8_t *uu____3 = serialized; 10394 size_t uu____4 = pointer; 10395 size_t uu____5 = pointer; 10396 Eurydice_slice_copy( 10397 Eurydice_array_to_subslice3( 10398 uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), 10399 uint8_t *), 10400 public_key, uint8_t); 10401 pointer = pointer + Eurydice_slice_len(public_key, uint8_t); 10402 Eurydice_slice uu____6 = Eurydice_array_to_subslice3( 10403 serialized, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, 10404 uint8_t *); 10405 uint8_t ret[32U]; 10406 libcrux_ml_kem_hash_functions_portable_H_4a_e0(public_key, ret); 10407 Eurydice_slice_copy( 10408 uu____6, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); 10409 pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; 10410 uint8_t *uu____7 = serialized; 10411 size_t uu____8 = pointer; 10412 size_t uu____9 = pointer; 10413 Eurydice_slice_copy( 10414 Eurydice_array_to_subslice3( 10415 uu____7, uu____8, 10416 uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), 10417 uint8_t *), 10418 implicit_rejection_value, uint8_t); 10419 } 10420 10421 /** 10422 A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key 10423 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] 10424 with const generics 10425 - K= 3 10426 - SERIALIZED_KEY_LEN= 2400 10427 */ 10428 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d6( 10429 Eurydice_slice private_key, Eurydice_slice public_key, 10430 Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { 10431 uint8_t out[2400U] = {0U}; 10432 libcrux_ml_kem_ind_cca_serialize_kem_secret_key_mut_d6( 10433 private_key, public_key, implicit_rejection_value, out); 10434 memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); 10435 } 10436 10437 /** 10438 Packed API 10439 10440 Generate a key pair. 10441 10442 Depending on the `Vector` and `Hasher` used, this requires different hardware 10443 features 10444 */ 10445 /** 10446 A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair 10447 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, 10448 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], 10449 libcrux_ml_kem_variant_MlKem with const generics 10450 - K= 3 10451 - CPA_PRIVATE_KEY_SIZE= 1152 10452 - PRIVATE_KEY_SIZE= 2400 10453 - PUBLIC_KEY_SIZE= 1184 10454 - ETA1= 2 10455 - ETA1_RANDOMNESS_SIZE= 128 10456 */ 10457 static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_MlKem768KeyPair 10458 libcrux_ml_kem_ind_cca_generate_keypair_15(uint8_t *randomness) { 10459 Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice3( 10460 randomness, (size_t)0U, 10461 LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t *); 10462 Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( 10463 (size_t)64U, randomness, 10464 LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, 10465 size_t, uint8_t[]); 10466 libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = 10467 libcrux_ml_kem_ind_cpa_generate_keypair_ea(ind_cpa_keypair_randomness); 10468 uint8_t ind_cpa_private_key[1152U]; 10469 memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); 10470 uint8_t public_key[1184U]; 10471 memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); 10472 uint8_t secret_key_serialized[2400U]; 10473 libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d6( 10474 Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), 10475 Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), 10476 implicit_rejection_value, secret_key_serialized); 10477 /* Passing arrays by value in Rust generates a copy in C */ 10478 uint8_t copy_of_secret_key_serialized[2400U]; 10479 memcpy(copy_of_secret_key_serialized, secret_key_serialized, 10480 (size_t)2400U * sizeof(uint8_t)); 10481 libcrux_ml_kem_types_MlKemPrivateKey_d9 private_key = 10482 libcrux_ml_kem_types_from_77_28(copy_of_secret_key_serialized); 10483 libcrux_ml_kem_types_MlKemPrivateKey_d9 uu____2 = private_key; 10484 /* Passing arrays by value in Rust generates a copy in C */ 10485 uint8_t copy_of_public_key[1184U]; 10486 memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); 10487 return libcrux_ml_kem_types_from_17_74( 10488 uu____2, libcrux_ml_kem_types_from_fd_d0(copy_of_public_key)); 10489 } 10490 10491 /** 10492 Portable generate key pair. 10493 */ 10494 /** 10495 A monomorphic instance of 10496 libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const 10497 generics 10498 - K= 3 10499 - CPA_PRIVATE_KEY_SIZE= 1152 10500 - PRIVATE_KEY_SIZE= 2400 10501 - PUBLIC_KEY_SIZE= 1184 10502 - ETA1= 2 10503 - ETA1_RANDOMNESS_SIZE= 128 10504 */ 10505 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair 10506 libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ce( 10507 uint8_t *randomness) { 10508 return libcrux_ml_kem_ind_cca_generate_keypair_15(randomness); 10509 } 10510 10511 /** 10512 Generate ML-KEM 768 Key Pair 10513 */ 10514 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair 10515 libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { 10516 return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ce( 10517 randomness); 10518 } 10519 10520 /** 10521 Validate an ML-KEM private key. 10522 10523 This implements the Hash check in 7.3 3. 10524 */ 10525 /** 10526 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only 10527 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] 10528 with const generics 10529 - K= 3 10530 - SECRET_KEY_SIZE= 2400 10531 */ 10532 static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_only_d6( 10533 libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) { 10534 uint8_t t[32U]; 10535 libcrux_ml_kem_hash_functions_portable_H_4a_e0( 10536 Eurydice_array_to_subslice3(private_key->value, (size_t)384U * (size_t)3U, 10537 (size_t)768U * (size_t)3U + (size_t)32U, 10538 uint8_t *), 10539 t); 10540 Eurydice_slice expected = Eurydice_array_to_subslice3( 10541 private_key->value, (size_t)768U * (size_t)3U + (size_t)32U, 10542 (size_t)768U * (size_t)3U + (size_t)64U, uint8_t *); 10543 return Eurydice_array_eq_slice((size_t)32U, t, &expected, uint8_t, bool); 10544 } 10545 10546 /** 10547 Validate an ML-KEM private key. 10548 10549 This implements the Hash check in 7.3 3. 10550 Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` 10551 and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. 10552 */ 10553 /** 10554 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key 10555 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] 10556 with const generics 10557 - K= 3 10558 - SECRET_KEY_SIZE= 2400 10559 - CIPHERTEXT_SIZE= 1088 10560 */ 10561 static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_37( 10562 libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, 10563 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { 10564 return libcrux_ml_kem_ind_cca_validate_private_key_only_d6(private_key); 10565 } 10566 10567 /** 10568 Private key validation 10569 */ 10570 /** 10571 A monomorphic instance of 10572 libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key with const 10573 generics 10574 - K= 3 10575 - SECRET_KEY_SIZE= 2400 10576 - CIPHERTEXT_SIZE= 1088 10577 */ 10578 static KRML_MUSTINLINE bool 10579 libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_31( 10580 libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, 10581 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { 10582 return libcrux_ml_kem_ind_cca_validate_private_key_37(private_key, 10583 ciphertext); 10584 } 10585 10586 /** 10587 Validate a private key. 10588 10589 Returns `true` if valid, and `false` otherwise. 10590 */ 10591 static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key( 10592 libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, 10593 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { 10594 return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_31( 10595 private_key, ciphertext); 10596 } 10597 10598 /** 10599 Private key validation 10600 */ 10601 /** 10602 A monomorphic instance of 10603 libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key_only with 10604 const generics 10605 - K= 3 10606 - SECRET_KEY_SIZE= 2400 10607 */ 10608 static KRML_MUSTINLINE bool 10609 libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_only_41( 10610 libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) { 10611 return libcrux_ml_kem_ind_cca_validate_private_key_only_d6(private_key); 10612 } 10613 10614 /** 10615 Validate the private key only. 10616 10617 Returns `true` if valid, and `false` otherwise. 10618 */ 10619 static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key_only( 10620 libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) { 10621 return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_only_41( 10622 private_key); 10623 } 10624 10625 /** 10626 This function found in impl {core::ops::function::FnMut<(usize), 10627 libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0, 10628 TraitClause@1]> for 10629 libcrux_ml_kem::serialize::deserialize_ring_elements_reduced_out::closure<Vector, 10630 K>[TraitClause@0, TraitClause@1]} 10631 */ 10632 /** 10633 A monomorphic instance of 10634 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out.call_mut_0b with 10635 types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const 10636 generics 10637 - K= 3 10638 */ 10639 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d 10640 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_call_mut_0b_1b( 10641 void **_, size_t tupled_args) { 10642 return libcrux_ml_kem_polynomial_ZERO_d6_ea(); 10643 } 10644 10645 /** 10646 This function deserializes ring elements and reduces the result by the field 10647 modulus. 10648 10649 This function MUST NOT be used on secret inputs. 10650 */ 10651 /** 10652 A monomorphic instance of 10653 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types 10654 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics 10655 - K= 3 10656 */ 10657 static KRML_MUSTINLINE void 10658 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_1b( 10659 Eurydice_slice public_key, 10660 libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) { 10661 libcrux_ml_kem_polynomial_PolynomialRingElement_1d deserialized_pk[3U]; 10662 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 10663 /* original Rust expression is not an lvalue in C */ 10664 void *lvalue = (void *)0U; 10665 deserialized_pk[i] = 10666 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_call_mut_0b_1b( 10667 &lvalue, i); 10668 } 10669 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1b( 10670 public_key, deserialized_pk); 10671 memcpy( 10672 ret, deserialized_pk, 10673 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); 10674 } 10675 10676 /** 10677 Validate an ML-KEM public key. 10678 10679 This implements the Modulus check in 7.2 2. 10680 Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the 10681 `public_key` type. 10682 */ 10683 /** 10684 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key 10685 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 10686 with const generics 10687 - K= 3 10688 - PUBLIC_KEY_SIZE= 1184 10689 */ 10690 static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_89( 10691 uint8_t *public_key) { 10692 libcrux_ml_kem_polynomial_PolynomialRingElement_1d deserialized_pk[3U]; 10693 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_1b( 10694 Eurydice_array_to_subslice_to( 10695 (size_t)1184U, public_key, 10696 libcrux_ml_kem_constants_ranked_bytes_per_ring_element((size_t)3U), 10697 uint8_t, size_t, uint8_t[]), 10698 deserialized_pk); 10699 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____0 = deserialized_pk; 10700 uint8_t public_key_serialized[1184U]; 10701 libcrux_ml_kem_ind_cpa_serialize_public_key_89( 10702 uu____0, 10703 Eurydice_array_to_subslice_from( 10704 (size_t)1184U, public_key, 10705 libcrux_ml_kem_constants_ranked_bytes_per_ring_element((size_t)3U), 10706 uint8_t, size_t, uint8_t[]), 10707 public_key_serialized); 10708 return Eurydice_array_eq((size_t)1184U, public_key, public_key_serialized, 10709 uint8_t); 10710 } 10711 10712 /** 10713 Public key validation 10714 */ 10715 /** 10716 A monomorphic instance of 10717 libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const 10718 generics 10719 - K= 3 10720 - PUBLIC_KEY_SIZE= 1184 10721 */ 10722 static KRML_MUSTINLINE bool 10723 libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_41( 10724 uint8_t *public_key) { 10725 return libcrux_ml_kem_ind_cca_validate_public_key_89(public_key); 10726 } 10727 10728 /** 10729 Validate a public key. 10730 10731 Returns `true` if valid, and `false` otherwise. 10732 */ 10733 static inline bool libcrux_ml_kem_mlkem768_portable_validate_public_key( 10734 libcrux_ml_kem_types_MlKemPublicKey_30 *public_key) { 10735 return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_41( 10736 public_key->value); 10737 } 10738 10739 /** 10740 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked 10741 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 10742 with const generics 10743 - $3size_t 10744 */ 10745 typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { 10746 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; 10747 uint8_t public_key_hash[32U]; 10748 } libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; 10749 10750 typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 10751 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768PublicKeyUnpacked; 10752 10753 /** 10754 A monomorphic instance of 10755 libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types 10756 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics 10757 - $3size_t 10758 */ 10759 typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { 10760 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 10761 ind_cpa_private_key; 10762 uint8_t implicit_rejection_value[32U]; 10763 } libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; 10764 10765 typedef struct 10766 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked_s { 10767 libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; 10768 libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; 10769 } libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked; 10770 10771 /** 10772 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate 10773 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, 10774 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const 10775 generics 10776 - K= 3 10777 - SECRET_KEY_SIZE= 2400 10778 - CPA_SECRET_KEY_SIZE= 1152 10779 - PUBLIC_KEY_SIZE= 1184 10780 - CIPHERTEXT_SIZE= 1088 10781 - T_AS_NTT_ENCODED_SIZE= 1152 10782 - C1_SIZE= 960 10783 - C2_SIZE= 128 10784 - VECTOR_U_COMPRESSION_FACTOR= 10 10785 - VECTOR_V_COMPRESSION_FACTOR= 4 10786 - C1_BLOCK_SIZE= 320 10787 - ETA1= 2 10788 - ETA1_RANDOMNESS_SIZE= 128 10789 - ETA2= 2 10790 - ETA2_RANDOMNESS_SIZE= 128 10791 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 10792 */ 10793 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_unpacked_decapsulate_51( 10794 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, 10795 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { 10796 uint8_t decrypted[32U]; 10797 libcrux_ml_kem_ind_cpa_decrypt_unpacked_42( 10798 &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); 10799 uint8_t to_hash0[64U]; 10800 libcrux_ml_kem_utils_into_padded_array_24( 10801 Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); 10802 Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( 10803 (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, 10804 uint8_t, size_t, uint8_t[]); 10805 Eurydice_slice_copy( 10806 uu____0, 10807 Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, 10808 uint8_t), 10809 uint8_t); 10810 uint8_t hashed[64U]; 10811 libcrux_ml_kem_hash_functions_portable_G_4a_e0( 10812 Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); 10813 Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( 10814 Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), 10815 LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, 10816 Eurydice_slice_uint8_t_x2); 10817 Eurydice_slice shared_secret = uu____1.fst; 10818 Eurydice_slice pseudorandomness = uu____1.snd; 10819 uint8_t to_hash[1120U]; 10820 libcrux_ml_kem_utils_into_padded_array_15( 10821 Eurydice_array_to_slice( 10822 (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), 10823 to_hash); 10824 Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( 10825 (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, 10826 uint8_t, size_t, uint8_t[]); 10827 Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_d3_80(ciphertext), 10828 uint8_t); 10829 uint8_t implicit_rejection_shared_secret[32U]; 10830 libcrux_ml_kem_hash_functions_portable_PRF_4a_41( 10831 Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), 10832 implicit_rejection_shared_secret); 10833 uint8_t expected_ciphertext[1088U]; 10834 libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a( 10835 &key_pair->public_key.ind_cpa_public_key, decrypted, pseudorandomness, 10836 expected_ciphertext); 10837 uint8_t selector = 10838 libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( 10839 libcrux_ml_kem_types_as_ref_d3_80(ciphertext), 10840 Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); 10841 uint8_t ret0[32U]; 10842 libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( 10843 shared_secret, 10844 Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, 10845 uint8_t), 10846 selector, ret0); 10847 memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); 10848 } 10849 10850 /** 10851 Unpacked decapsulate 10852 */ 10853 /** 10854 A monomorphic instance of 10855 libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.decapsulate with const 10856 generics 10857 - K= 3 10858 - SECRET_KEY_SIZE= 2400 10859 - CPA_SECRET_KEY_SIZE= 1152 10860 - PUBLIC_KEY_SIZE= 1184 10861 - CIPHERTEXT_SIZE= 1088 10862 - T_AS_NTT_ENCODED_SIZE= 1152 10863 - C1_SIZE= 960 10864 - C2_SIZE= 128 10865 - VECTOR_U_COMPRESSION_FACTOR= 10 10866 - VECTOR_V_COMPRESSION_FACTOR= 4 10867 - C1_BLOCK_SIZE= 320 10868 - ETA1= 2 10869 - ETA1_RANDOMNESS_SIZE= 128 10870 - ETA2= 2 10871 - ETA2_RANDOMNESS_SIZE= 128 10872 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 10873 */ 10874 static KRML_MUSTINLINE void 10875 libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_35( 10876 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, 10877 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { 10878 libcrux_ml_kem_ind_cca_unpacked_decapsulate_51(key_pair, ciphertext, ret); 10879 } 10880 10881 /** 10882 Decapsulate ML-KEM 768 (unpacked) 10883 10884 Generates an [`MlKemSharedSecret`]. 10885 The input is a reference to an unpacked key pair of type 10886 [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. 10887 */ 10888 static inline void libcrux_ml_kem_mlkem768_portable_unpacked_decapsulate( 10889 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked 10890 *private_key, 10891 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { 10892 libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_35( 10893 private_key, ciphertext, ret); 10894 } 10895 10896 /** 10897 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encaps_prepare 10898 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] 10899 with const generics 10900 - K= 3 10901 */ 10902 static inline void libcrux_ml_kem_ind_cca_unpacked_encaps_prepare_9c( 10903 Eurydice_slice randomness, Eurydice_slice pk_hash, uint8_t ret[64U]) { 10904 uint8_t to_hash[64U]; 10905 libcrux_ml_kem_utils_into_padded_array_24(randomness, to_hash); 10906 Eurydice_slice_copy( 10907 Eurydice_array_to_subslice_from((size_t)64U, to_hash, 10908 LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, 10909 uint8_t, size_t, uint8_t[]), 10910 pk_hash, uint8_t); 10911 uint8_t ret0[64U]; 10912 libcrux_ml_kem_hash_functions_portable_G_4a_e0( 10913 Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), ret0); 10914 memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); 10915 } 10916 10917 /** 10918 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate 10919 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, 10920 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const 10921 generics 10922 - K= 3 10923 - CIPHERTEXT_SIZE= 1088 10924 - PUBLIC_KEY_SIZE= 1184 10925 - T_AS_NTT_ENCODED_SIZE= 1152 10926 - C1_SIZE= 960 10927 - C2_SIZE= 128 10928 - VECTOR_U_COMPRESSION_FACTOR= 10 10929 - VECTOR_V_COMPRESSION_FACTOR= 4 10930 - VECTOR_U_BLOCK_LEN= 320 10931 - ETA1= 2 10932 - ETA1_RANDOMNESS_SIZE= 128 10933 - ETA2= 2 10934 - ETA2_RANDOMNESS_SIZE= 128 10935 */ 10936 static KRML_MUSTINLINE tuple_c2 libcrux_ml_kem_ind_cca_unpacked_encapsulate_0c( 10937 libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, 10938 uint8_t *randomness) { 10939 uint8_t hashed[64U]; 10940 libcrux_ml_kem_ind_cca_unpacked_encaps_prepare_9c( 10941 Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), 10942 Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, 10943 uint8_t), 10944 hashed); 10945 Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( 10946 Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), 10947 LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, 10948 Eurydice_slice_uint8_t_x2); 10949 Eurydice_slice shared_secret = uu____0.fst; 10950 Eurydice_slice pseudorandomness = uu____0.snd; 10951 uint8_t ciphertext[1088U]; 10952 libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(&public_key->ind_cpa_public_key, 10953 randomness, pseudorandomness, 10954 ciphertext); 10955 uint8_t shared_secret_array[32U] = {0U}; 10956 Eurydice_slice_copy( 10957 Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), 10958 shared_secret, uint8_t); 10959 /* Passing arrays by value in Rust generates a copy in C */ 10960 uint8_t copy_of_ciphertext[1088U]; 10961 memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); 10962 libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____2 = 10963 libcrux_ml_kem_types_from_e0_80(copy_of_ciphertext); 10964 /* Passing arrays by value in Rust generates a copy in C */ 10965 uint8_t copy_of_shared_secret_array[32U]; 10966 memcpy(copy_of_shared_secret_array, shared_secret_array, 10967 (size_t)32U * sizeof(uint8_t)); 10968 tuple_c2 lit; 10969 lit.fst = uu____2; 10970 memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); 10971 return lit; 10972 } 10973 10974 /** 10975 Unpacked encapsulate 10976 */ 10977 /** 10978 A monomorphic instance of 10979 libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.encapsulate with const 10980 generics 10981 - K= 3 10982 - CIPHERTEXT_SIZE= 1088 10983 - PUBLIC_KEY_SIZE= 1184 10984 - T_AS_NTT_ENCODED_SIZE= 1152 10985 - C1_SIZE= 960 10986 - C2_SIZE= 128 10987 - VECTOR_U_COMPRESSION_FACTOR= 10 10988 - VECTOR_V_COMPRESSION_FACTOR= 4 10989 - VECTOR_U_BLOCK_LEN= 320 10990 - ETA1= 2 10991 - ETA1_RANDOMNESS_SIZE= 128 10992 - ETA2= 2 10993 - ETA2_RANDOMNESS_SIZE= 128 10994 */ 10995 static KRML_MUSTINLINE tuple_c2 10996 libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_cd( 10997 libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, 10998 uint8_t *randomness) { 10999 return libcrux_ml_kem_ind_cca_unpacked_encapsulate_0c(public_key, randomness); 11000 } 11001 11002 /** 11003 Encapsulate ML-KEM 768 (unpacked) 11004 11005 Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. 11006 The input is a reference to an unpacked public key of type 11007 [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and 11008 [`SHARED_SECRET_SIZE`] bytes of `randomness`. 11009 */ 11010 static inline tuple_c2 libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate( 11011 libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, 11012 uint8_t randomness[32U]) { 11013 return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_cd( 11014 public_key, randomness); 11015 } 11016 11017 /** 11018 This function found in impl {core::ops::function::FnMut<(usize), 11019 libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0, 11020 TraitClause@1]> for 11021 libcrux_ml_kem::ind_cca::unpacked::transpose_a::closure::closure<Vector, 11022 K>[TraitClause@0, TraitClause@1]} 11023 */ 11024 /** 11025 A monomorphic instance of 11026 libcrux_ml_kem.ind_cca.unpacked.transpose_a.closure.call_mut_b4 with types 11027 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics 11028 - K= 3 11029 */ 11030 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d 11031 libcrux_ml_kem_ind_cca_unpacked_transpose_a_closure_call_mut_b4_1b( 11032 void **_, size_t tupled_args) { 11033 return libcrux_ml_kem_polynomial_ZERO_d6_ea(); 11034 } 11035 11036 /** 11037 This function found in impl {core::ops::function::FnMut<(usize), 11038 @Array<libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0, 11039 TraitClause@1], K>> for 11040 libcrux_ml_kem::ind_cca::unpacked::transpose_a::closure<Vector, 11041 K>[TraitClause@0, TraitClause@1]} 11042 */ 11043 /** 11044 A monomorphic instance of 11045 libcrux_ml_kem.ind_cca.unpacked.transpose_a.call_mut_7b with types 11046 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics 11047 - K= 3 11048 */ 11049 static inline void libcrux_ml_kem_ind_cca_unpacked_transpose_a_call_mut_7b_1b( 11050 void **_, size_t tupled_args, 11051 libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) { 11052 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 11053 /* original Rust expression is not an lvalue in C */ 11054 void *lvalue = (void *)0U; 11055 ret[i] = libcrux_ml_kem_ind_cca_unpacked_transpose_a_closure_call_mut_b4_1b( 11056 &lvalue, i); 11057 } 11058 } 11059 11060 /** 11061 This function found in impl {core::clone::Clone for 11062 libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0, 11063 TraitClause@2]} 11064 */ 11065 /** 11066 A monomorphic instance of libcrux_ml_kem.polynomial.clone_c1 11067 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 11068 with const generics 11069 11070 */ 11071 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d 11072 libcrux_ml_kem_polynomial_clone_c1_ea( 11073 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self) { 11074 libcrux_ml_kem_polynomial_PolynomialRingElement_1d lit; 11075 libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; 11076 core_array__core__clone__Clone_for__Array_T__N___clone( 11077 (size_t)16U, self->coefficients, ret, 11078 libcrux_ml_kem_vector_portable_vector_type_PortableVector, void *); 11079 memcpy(lit.coefficients, ret, 11080 (size_t)16U * 11081 sizeof(libcrux_ml_kem_vector_portable_vector_type_PortableVector)); 11082 return lit; 11083 } 11084 11085 /** 11086 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.transpose_a 11087 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 11088 with const generics 11089 - K= 3 11090 */ 11091 static inline void libcrux_ml_kem_ind_cca_unpacked_transpose_a_1b( 11092 libcrux_ml_kem_polynomial_PolynomialRingElement_1d ind_cpa_a[3U][3U], 11093 libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U][3U]) { 11094 libcrux_ml_kem_polynomial_PolynomialRingElement_1d A[3U][3U]; 11095 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 11096 /* original Rust expression is not an lvalue in C */ 11097 void *lvalue = (void *)0U; 11098 libcrux_ml_kem_ind_cca_unpacked_transpose_a_call_mut_7b_1b(&lvalue, i, 11099 A[i]); 11100 } 11101 for (size_t i = (size_t)0U; i < (size_t)3U; i++) { 11102 size_t i0 = i; 11103 libcrux_ml_kem_polynomial_PolynomialRingElement_1d _a_i[3U][3U]; 11104 memcpy(_a_i, A, 11105 (size_t)3U * 11106 sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U])); 11107 for (size_t i1 = (size_t)0U; i1 < (size_t)3U; i1++) { 11108 size_t j = i1; 11109 libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = 11110 libcrux_ml_kem_polynomial_clone_c1_ea(&ind_cpa_a[j][i0]); 11111 A[i0][j] = uu____0; 11112 } 11113 } 11114 memcpy(ret, A, 11115 (size_t)3U * 11116 sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U])); 11117 } 11118 11119 /** 11120 Generate Unpacked Keys 11121 */ 11122 /** 11123 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.generate_keypair 11124 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, 11125 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], 11126 libcrux_ml_kem_variant_MlKem with const generics 11127 - K= 3 11128 - CPA_PRIVATE_KEY_SIZE= 1152 11129 - PRIVATE_KEY_SIZE= 2400 11130 - PUBLIC_KEY_SIZE= 1184 11131 - ETA1= 2 11132 - ETA1_RANDOMNESS_SIZE= 128 11133 */ 11134 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_15( 11135 uint8_t randomness[64U], 11136 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { 11137 Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice3( 11138 randomness, (size_t)0U, 11139 LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t *); 11140 Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( 11141 (size_t)64U, randomness, 11142 LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, 11143 size_t, uint8_t[]); 11144 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c( 11145 ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key, 11146 &out->public_key.ind_cpa_public_key); 11147 libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[3U][3U]; 11148 memcpy(uu____0, out->public_key.ind_cpa_public_key.A, 11149 (size_t)3U * 11150 sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U])); 11151 libcrux_ml_kem_polynomial_PolynomialRingElement_1d A[3U][3U]; 11152 libcrux_ml_kem_ind_cca_unpacked_transpose_a_1b(uu____0, A); 11153 libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____1[3U][3U]; 11154 memcpy(uu____1, A, 11155 (size_t)3U * 11156 sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U])); 11157 memcpy(out->public_key.ind_cpa_public_key.A, uu____1, 11158 (size_t)3U * 11159 sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U])); 11160 uint8_t pk_serialized[1184U]; 11161 libcrux_ml_kem_ind_cpa_serialize_public_key_89( 11162 out->public_key.ind_cpa_public_key.t_as_ntt, 11163 Eurydice_array_to_slice( 11164 (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t), 11165 pk_serialized); 11166 uint8_t uu____2[32U]; 11167 libcrux_ml_kem_hash_functions_portable_H_4a_e0( 11168 Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), uu____2); 11169 memcpy(out->public_key.public_key_hash, uu____2, 11170 (size_t)32U * sizeof(uint8_t)); 11171 uint8_t uu____3[32U]; 11172 Result_fb dst; 11173 Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, 11174 uint8_t[32U], TryFromSliceError); 11175 unwrap_26_b3(dst, uu____3); 11176 memcpy(out->private_key.implicit_rejection_value, uu____3, 11177 (size_t)32U * sizeof(uint8_t)); 11178 } 11179 11180 /** 11181 Generate a key pair 11182 */ 11183 /** 11184 A monomorphic instance of 11185 libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.generate_keypair with 11186 const generics 11187 - K= 3 11188 - CPA_PRIVATE_KEY_SIZE= 1152 11189 - PRIVATE_KEY_SIZE= 2400 11190 - PUBLIC_KEY_SIZE= 1184 11191 - ETA1= 2 11192 - ETA1_RANDOMNESS_SIZE= 128 11193 */ 11194 static KRML_MUSTINLINE void 11195 libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_ce( 11196 uint8_t randomness[64U], 11197 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { 11198 /* Passing arrays by value in Rust generates a copy in C */ 11199 uint8_t copy_of_randomness[64U]; 11200 memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); 11201 libcrux_ml_kem_ind_cca_unpacked_generate_keypair_15(copy_of_randomness, out); 11202 } 11203 11204 /** 11205 Generate ML-KEM 768 Key Pair in "unpacked" form. 11206 */ 11207 static inline void 11208 libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair_mut( 11209 uint8_t randomness[64U], 11210 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked 11211 *key_pair) { 11212 /* Passing arrays by value in Rust generates a copy in C */ 11213 uint8_t copy_of_randomness[64U]; 11214 memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); 11215 libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_ce( 11216 copy_of_randomness, key_pair); 11217 } 11218 11219 /** 11220 This function found in impl {core::default::Default for 11221 libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked<Vector, 11222 K>[TraitClause@0, TraitClause@1]} 11223 */ 11224 /** 11225 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_30 11226 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 11227 with const generics 11228 - K= 3 11229 */ 11230 static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 11231 libcrux_ml_kem_ind_cca_unpacked_default_30_1b(void) { 11232 return ( 11233 KRML_CLITERAL(libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0){ 11234 .ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8b_1b(), 11235 .public_key_hash = {0U}}); 11236 } 11237 11238 /** 11239 This function found in impl {core::default::Default for 11240 libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked<Vector, 11241 K>[TraitClause@0, TraitClause@1]} 11242 */ 11243 /** 11244 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_7b 11245 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 11246 with const generics 11247 - K= 3 11248 */ 11249 static KRML_MUSTINLINE 11250 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked 11251 libcrux_ml_kem_ind_cca_unpacked_default_7b_1b(void) { 11252 libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____0 = { 11253 .ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_70_1b(), 11254 .implicit_rejection_value = {0U}}; 11255 return (KRML_CLITERAL( 11256 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked){ 11257 .private_key = uu____0, 11258 .public_key = libcrux_ml_kem_ind_cca_unpacked_default_30_1b()}); 11259 } 11260 11261 /** 11262 Generate ML-KEM 768 Key Pair in "unpacked" form. 11263 */ 11264 static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked 11265 libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair( 11266 uint8_t randomness[64U]) { 11267 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked key_pair = 11268 libcrux_ml_kem_ind_cca_unpacked_default_7b_1b(); 11269 uint8_t uu____0[64U]; 11270 memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); 11271 libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair_mut(uu____0, 11272 &key_pair); 11273 return key_pair; 11274 } 11275 11276 /** 11277 Create a new, empty unpacked key. 11278 */ 11279 static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked 11280 libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { 11281 return libcrux_ml_kem_ind_cca_unpacked_default_7b_1b(); 11282 } 11283 11284 /** 11285 Create a new, empty unpacked public key. 11286 */ 11287 static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 11288 libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) { 11289 return libcrux_ml_kem_ind_cca_unpacked_default_30_1b(); 11290 } 11291 11292 /** 11293 Take a serialized private key and generate an unpacked key pair from it. 11294 */ 11295 /** 11296 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.keys_from_private_key 11297 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 11298 with const generics 11299 - K= 3 11300 - SECRET_KEY_SIZE= 2400 11301 - CPA_SECRET_KEY_SIZE= 1152 11302 - PUBLIC_KEY_SIZE= 1184 11303 - T_AS_NTT_ENCODED_SIZE= 1152 11304 */ 11305 static KRML_MUSTINLINE void 11306 libcrux_ml_kem_ind_cca_unpacked_keys_from_private_key_42( 11307 libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, 11308 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked 11309 *key_pair) { 11310 Eurydice_slice_uint8_t_x4 uu____0 = 11311 libcrux_ml_kem_types_unpack_private_key_b4( 11312 Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t)); 11313 Eurydice_slice ind_cpa_secret_key = uu____0.fst; 11314 Eurydice_slice ind_cpa_public_key = uu____0.snd; 11315 Eurydice_slice ind_cpa_public_key_hash = uu____0.thd; 11316 Eurydice_slice implicit_rejection_value = uu____0.f3; 11317 libcrux_ml_kem_ind_cpa_deserialize_vector_1b( 11318 ind_cpa_secret_key, 11319 key_pair->private_key.ind_cpa_private_key.secret_as_ntt); 11320 libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_3f( 11321 ind_cpa_public_key, &key_pair->public_key.ind_cpa_public_key); 11322 Eurydice_slice_copy( 11323 Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, 11324 uint8_t), 11325 ind_cpa_public_key_hash, uint8_t); 11326 Eurydice_slice_copy( 11327 Eurydice_array_to_slice( 11328 (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), 11329 implicit_rejection_value, uint8_t); 11330 Eurydice_slice_copy( 11331 Eurydice_array_to_slice( 11332 (size_t)32U, key_pair->public_key.ind_cpa_public_key.seed_for_A, 11333 uint8_t), 11334 Eurydice_slice_subslice_from(ind_cpa_public_key, (size_t)1152U, uint8_t, 11335 size_t, uint8_t[]), 11336 uint8_t); 11337 } 11338 11339 /** 11340 Take a serialized private key and generate an unpacked key pair from it. 11341 */ 11342 /** 11343 A monomorphic instance of 11344 libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.keypair_from_private_key 11345 with const generics 11346 - K= 3 11347 - SECRET_KEY_SIZE= 2400 11348 - CPA_SECRET_KEY_SIZE= 1152 11349 - PUBLIC_KEY_SIZE= 1184 11350 - T_AS_NTT_ENCODED_SIZE= 1152 11351 */ 11352 static KRML_MUSTINLINE void 11353 libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_keypair_from_private_key_fd( 11354 libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, 11355 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked 11356 *key_pair) { 11357 libcrux_ml_kem_ind_cca_unpacked_keys_from_private_key_42(private_key, 11358 key_pair); 11359 } 11360 11361 /** 11362 Get an unpacked key from a private key. 11363 */ 11364 static inline void 11365 libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_from_private_mut( 11366 libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, 11367 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked 11368 *key_pair) { 11369 libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_keypair_from_private_key_fd( 11370 private_key, key_pair); 11371 } 11372 11373 /** 11374 This function found in impl 11375 {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked<Vector, 11376 K>[TraitClause@0, TraitClause@1]} 11377 */ 11378 /** 11379 A monomorphic instance of 11380 libcrux_ml_kem.ind_cca.unpacked.serialized_private_key_mut_11 with types 11381 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics 11382 - K= 3 11383 - CPA_PRIVATE_KEY_SIZE= 1152 11384 - PRIVATE_KEY_SIZE= 2400 11385 - PUBLIC_KEY_SIZE= 1184 11386 */ 11387 static KRML_MUSTINLINE void 11388 libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_11_43( 11389 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self, 11390 libcrux_ml_kem_types_MlKemPrivateKey_d9 *serialized) { 11391 libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = 11392 libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_6c( 11393 &self->public_key.ind_cpa_public_key, 11394 &self->private_key.ind_cpa_private_key); 11395 uint8_t ind_cpa_private_key[1152U]; 11396 memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); 11397 uint8_t ind_cpa_public_key[1184U]; 11398 memcpy(ind_cpa_public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); 11399 libcrux_ml_kem_ind_cca_serialize_kem_secret_key_mut_d6( 11400 Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), 11401 Eurydice_array_to_slice((size_t)1184U, ind_cpa_public_key, uint8_t), 11402 Eurydice_array_to_slice( 11403 (size_t)32U, self->private_key.implicit_rejection_value, uint8_t), 11404 serialized->value); 11405 } 11406 11407 /** 11408 This function found in impl 11409 {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked<Vector, 11410 K>[TraitClause@0, TraitClause@1]} 11411 */ 11412 /** 11413 A monomorphic instance of 11414 libcrux_ml_kem.ind_cca.unpacked.serialized_private_key_11 with types 11415 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics 11416 - K= 3 11417 - CPA_PRIVATE_KEY_SIZE= 1152 11418 - PRIVATE_KEY_SIZE= 2400 11419 - PUBLIC_KEY_SIZE= 1184 11420 */ 11421 static KRML_MUSTINLINE libcrux_ml_kem_types_MlKemPrivateKey_d9 11422 libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_11_43( 11423 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) { 11424 libcrux_ml_kem_types_MlKemPrivateKey_d9 sk = 11425 libcrux_ml_kem_types_default_d3_28(); 11426 libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_11_43(self, &sk); 11427 return sk; 11428 } 11429 11430 /** 11431 Get the serialized private key. 11432 */ 11433 static inline libcrux_ml_kem_types_MlKemPrivateKey_d9 11434 libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_private_key( 11435 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked 11436 *key_pair) { 11437 return libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_11_43(key_pair); 11438 } 11439 11440 /** 11441 Get the serialized private key. 11442 */ 11443 static inline void 11444 libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_private_key_mut( 11445 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, 11446 libcrux_ml_kem_types_MlKemPrivateKey_d9 *serialized) { 11447 libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_11_43(key_pair, 11448 serialized); 11449 } 11450 11451 /** 11452 This function found in impl 11453 {libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked<Vector, 11454 K>[TraitClause@0, TraitClause@1]} 11455 */ 11456 /** 11457 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.serialized_dd 11458 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 11459 with const generics 11460 - K= 3 11461 - PUBLIC_KEY_SIZE= 1184 11462 */ 11463 static KRML_MUSTINLINE libcrux_ml_kem_types_MlKemPublicKey_30 11464 libcrux_ml_kem_ind_cca_unpacked_serialized_dd_89( 11465 libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) { 11466 uint8_t ret[1184U]; 11467 libcrux_ml_kem_ind_cpa_serialize_public_key_89( 11468 self->ind_cpa_public_key.t_as_ntt, 11469 Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A, 11470 uint8_t), 11471 ret); 11472 return libcrux_ml_kem_types_from_fd_d0(ret); 11473 } 11474 11475 /** 11476 This function found in impl 11477 {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked<Vector, 11478 K>[TraitClause@0, TraitClause@1]} 11479 */ 11480 /** 11481 A monomorphic instance of 11482 libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_11 with types 11483 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics 11484 - K= 3 11485 - PUBLIC_KEY_SIZE= 1184 11486 */ 11487 static KRML_MUSTINLINE libcrux_ml_kem_types_MlKemPublicKey_30 11488 libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_11_89( 11489 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) { 11490 return libcrux_ml_kem_ind_cca_unpacked_serialized_dd_89(&self->public_key); 11491 } 11492 11493 /** 11494 Get the serialized public key. 11495 */ 11496 static inline libcrux_ml_kem_types_MlKemPublicKey_30 11497 libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key( 11498 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked 11499 *key_pair) { 11500 return libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_11_89(key_pair); 11501 } 11502 11503 /** 11504 This function found in impl 11505 {libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked<Vector, 11506 K>[TraitClause@0, TraitClause@1]} 11507 */ 11508 /** 11509 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.serialized_mut_dd 11510 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 11511 with const generics 11512 - K= 3 11513 - PUBLIC_KEY_SIZE= 1184 11514 */ 11515 static KRML_MUSTINLINE void 11516 libcrux_ml_kem_ind_cca_unpacked_serialized_mut_dd_89( 11517 libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self, 11518 libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) { 11519 libcrux_ml_kem_ind_cpa_serialize_public_key_mut_89( 11520 self->ind_cpa_public_key.t_as_ntt, 11521 Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A, 11522 uint8_t), 11523 serialized->value); 11524 } 11525 11526 /** 11527 This function found in impl 11528 {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked<Vector, 11529 K>[TraitClause@0, TraitClause@1]} 11530 */ 11531 /** 11532 A monomorphic instance of 11533 libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_11 with types 11534 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics 11535 - K= 3 11536 - PUBLIC_KEY_SIZE= 1184 11537 */ 11538 static KRML_MUSTINLINE void 11539 libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_11_89( 11540 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self, 11541 libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) { 11542 libcrux_ml_kem_ind_cca_unpacked_serialized_mut_dd_89(&self->public_key, 11543 serialized); 11544 } 11545 11546 /** 11547 Get the serialized public key. 11548 */ 11549 static inline void 11550 libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key_mut( 11551 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, 11552 libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) { 11553 libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_11_89(key_pair, 11554 serialized); 11555 } 11556 11557 /** 11558 This function found in impl {core::clone::Clone for 11559 libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked<Vector, 11560 K>[TraitClause@0, TraitClause@2]} 11561 */ 11562 /** 11563 A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_91 11564 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 11565 with const generics 11566 - K= 3 11567 */ 11568 static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 11569 libcrux_ml_kem_ind_cpa_unpacked_clone_91_1b( 11570 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) { 11571 libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[3U]; 11572 core_array__core__clone__Clone_for__Array_T__N___clone( 11573 (size_t)3U, self->t_as_ntt, uu____0, 11574 libcrux_ml_kem_polynomial_PolynomialRingElement_1d, void *); 11575 uint8_t uu____1[32U]; 11576 core_array__core__clone__Clone_for__Array_T__N___clone( 11577 (size_t)32U, self->seed_for_A, uu____1, uint8_t, void *); 11578 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit; 11579 memcpy( 11580 lit.t_as_ntt, uu____0, 11581 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); 11582 memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); 11583 libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U][3U]; 11584 core_array__core__clone__Clone_for__Array_T__N___clone( 11585 (size_t)3U, self->A, ret, 11586 libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U], void *); 11587 memcpy(lit.A, ret, 11588 (size_t)3U * 11589 sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U])); 11590 return lit; 11591 } 11592 11593 /** 11594 This function found in impl {core::clone::Clone for 11595 libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked<Vector, 11596 K>[TraitClause@0, TraitClause@2]} 11597 */ 11598 /** 11599 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_d7 11600 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 11601 with const generics 11602 - K= 3 11603 */ 11604 static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 11605 libcrux_ml_kem_ind_cca_unpacked_clone_d7_1b( 11606 libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) { 11607 libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; 11608 lit.ind_cpa_public_key = 11609 libcrux_ml_kem_ind_cpa_unpacked_clone_91_1b(&self->ind_cpa_public_key); 11610 uint8_t ret[32U]; 11611 core_array__core__clone__Clone_for__Array_T__N___clone( 11612 (size_t)32U, self->public_key_hash, ret, uint8_t, void *); 11613 memcpy(lit.public_key_hash, ret, (size_t)32U * sizeof(uint8_t)); 11614 return lit; 11615 } 11616 11617 /** 11618 This function found in impl 11619 {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked<Vector, 11620 K>[TraitClause@0, TraitClause@1]} 11621 */ 11622 /** 11623 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_11 11624 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector 11625 with const generics 11626 - K= 3 11627 */ 11628 static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * 11629 libcrux_ml_kem_ind_cca_unpacked_public_key_11_1b( 11630 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) { 11631 return &self->public_key; 11632 } 11633 11634 /** 11635 Get the unpacked public key. 11636 */ 11637 static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key( 11638 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, 11639 libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *pk) { 11640 libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 uu____0 = 11641 libcrux_ml_kem_ind_cca_unpacked_clone_d7_1b( 11642 libcrux_ml_kem_ind_cca_unpacked_public_key_11_1b(key_pair)); 11643 pk[0U] = uu____0; 11644 } 11645 11646 /** 11647 Get the serialized public key. 11648 */ 11649 static inline void 11650 libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key( 11651 libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, 11652 libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) { 11653 libcrux_ml_kem_ind_cca_unpacked_serialized_mut_dd_89(public_key, serialized); 11654 } 11655 11656 /** 11657 Generate an unpacked key from a serialized key. 11658 */ 11659 /** 11660 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.unpack_public_key 11661 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], 11662 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics 11663 - K= 3 11664 - T_AS_NTT_ENCODED_SIZE= 1152 11665 - PUBLIC_KEY_SIZE= 1184 11666 */ 11667 static KRML_MUSTINLINE void 11668 libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_0a( 11669 libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, 11670 libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 11671 *unpacked_public_key) { 11672 Eurydice_slice uu____0 = 11673 Eurydice_array_to_subslice_to((size_t)1184U, public_key->value, 11674 (size_t)1152U, uint8_t, size_t, uint8_t[]); 11675 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1b( 11676 uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt); 11677 uint8_t uu____1[32U]; 11678 libcrux_ml_kem_utils_into_padded_array_9e( 11679 Eurydice_array_to_subslice_from((size_t)1184U, public_key->value, 11680 (size_t)1152U, uint8_t, size_t, 11681 uint8_t[]), 11682 uu____1); 11683 memcpy(unpacked_public_key->ind_cpa_public_key.seed_for_A, uu____1, 11684 (size_t)32U * sizeof(uint8_t)); 11685 libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____2)[3U] = 11686 unpacked_public_key->ind_cpa_public_key.A; 11687 uint8_t ret[34U]; 11688 libcrux_ml_kem_utils_into_padded_array_b6( 11689 Eurydice_array_to_subslice_from((size_t)1184U, public_key->value, 11690 (size_t)1152U, uint8_t, size_t, 11691 uint8_t[]), 11692 ret); 11693 libcrux_ml_kem_matrix_sample_matrix_A_2b(uu____2, ret, false); 11694 uint8_t uu____3[32U]; 11695 libcrux_ml_kem_hash_functions_portable_H_4a_e0( 11696 Eurydice_array_to_slice((size_t)1184U, 11697 libcrux_ml_kem_types_as_slice_e6_d0(public_key), 11698 uint8_t), 11699 uu____3); 11700 memcpy(unpacked_public_key->public_key_hash, uu____3, 11701 (size_t)32U * sizeof(uint8_t)); 11702 } 11703 11704 /** 11705 Get the unpacked public key. 11706 */ 11707 /** 11708 A monomorphic instance of 11709 libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.unpack_public_key with 11710 const generics 11711 - K= 3 11712 - T_AS_NTT_ENCODED_SIZE= 1152 11713 - PUBLIC_KEY_SIZE= 1184 11714 */ 11715 static KRML_MUSTINLINE void 11716 libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_31( 11717 libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, 11718 libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 11719 *unpacked_public_key) { 11720 libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_0a(public_key, 11721 unpacked_public_key); 11722 } 11723 11724 /** 11725 Get the unpacked public key. 11726 */ 11727 static inline void 11728 libcrux_ml_kem_mlkem768_portable_unpacked_unpacked_public_key( 11729 libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, 11730 libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 11731 *unpacked_public_key) { 11732 libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_31( 11733 public_key, unpacked_public_key); 11734 } 11735 11736 #if defined(__cplusplus) 11737 } 11738 #endif 11739 11740 #define libcrux_mlkem768_portable_H_DEFINED 11741 #endif /* libcrux_mlkem768_portable_H */ 11742 11743 11744 /* rename some types to be a bit more ergonomic */ 11745 #define libcrux_mlkem768_keypair libcrux_ml_kem_mlkem768_MlKem768KeyPair_s 11746 #define libcrux_mlkem768_pk libcrux_ml_kem_types_MlKemPublicKey_30_s 11747 #define libcrux_mlkem768_sk libcrux_ml_kem_types_MlKemPrivateKey_d9_s 11748 #define libcrux_mlkem768_ciphertext libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s 11749 #define libcrux_mlkem768_enc_result tuple_c2_s 11750 /* defines for PRNG inputs */ 11751 #define LIBCRUX_ML_KEM_KEY_PAIR_PRNG_LEN 64U 11752 #define LIBCRUX_ML_KEM_ENC_PRNG_LEN 32 11753
Indexes created Sun Jun 21 00:25:28 UTC 2026