1 /* $OpenBSD: libcrux_mlkem768_sha3.h,v 1.2 2024/10/27 02:06:01 djm Exp $ */
2
3 /* Extracted from libcrux revision 84c5d87b3092c59294345aa269ceefe0eb97cc35 */
4
5 /*
6 * MIT License
7 *
8 * Copyright (c) 2024 Cryspen
9 *
10 * Permission is hereby granted, free of charge, to any person obtaining a copy
11 * of this software and associated documentation files (the "Software"), to deal
12 * in the Software without restriction, including without limitation the rights
13 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
14 * copies of the Software, and to permit persons to whom the Software is
15 * furnished to do so, subject to the following conditions:
16 *
17 * The above copyright notice and this permission notice shall be included in all
18 * copies or substantial portions of the Software.
19 *
20 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
21 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
23 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
24 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
25 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
26 * SOFTWARE.
27 */
28
29 #if !defined(__GNUC__) || (__GNUC__ < 2)
30 # define __attribute__(x)
31 #endif
32 #define KRML_MUSTINLINE inline
33 #define KRML_NOINLINE __attribute__((noinline, unused))
34 #define KRML_HOST_EPRINTF(...)
35 #define KRML_HOST_EXIT(x) fatal_f("internal error")
36
37 /* from libcrux/libcrux-ml-kem/cg/eurydice_glue.h */
38 /*
39 * SPDX-FileCopyrightText: 2024 Eurydice Contributors
40 * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
41 *
42 * SPDX-License-Identifier: MIT or Apache-2.0
43 */
44
45 #pragma once
46
47 #if defined(__cplusplus)
48 extern "C" {
49 #endif
50
51
52
53 // SLICES, ARRAYS, ETC.
54
55 // The MSVC C++ compiler does not support compound literals.
56 // This CLITERAL is used to turn `(type){...}` into `type{...}` when using a C++
57 // compiler.
58 #if defined(__cplusplus)
59 #define CLITERAL(type) type
60 #else
61 #define CLITERAL(type) (type)
62 #endif
63
64 // We represent a slice as a pair of an (untyped) pointer, along with the length
65 // of the slice, i.e. the number of elements in the slice (this is NOT the
66 // number of bytes). This design choice has two important consequences.
67 // - if you need to use `ptr`, you MUST cast it to a proper type *before*
68 // performing pointer
69 // arithmetic on it (remember that C desugars pointer arithmetic based on the
70 // type of the address)
71 // - if you need to use `len` for a C style function (e.g. memcpy, memcmp), you
72 // need to multiply it
73 // by sizeof t, where t is the type of the elements.
74 //
75 // Empty slices have `len == 0` and `ptr` always needs to be valid pointer that
76 // is not NULL (otherwise the construction in EURYDICE_SLICE computes `NULL +
77 // start`).
78 typedef struct {
79 void *ptr;
80 size_t len;
81 } Eurydice_slice;
82
83 // Helper macro to create a slice out of a pointer x, a start index in x
84 // (included), and an end index in x (excluded). The argument x must be suitably
85 // cast to something that can decay (see remark above about how pointer
86 // arithmetic works in C), meaning either pointer or array type.
87 #define EURYDICE_SLICE(x, start, end) \
88 (CLITERAL(Eurydice_slice){.ptr = (void *)(x + start), .len = end - start})
89 #define EURYDICE_SLICE_LEN(s, _) s.len
90 // This macro is a pain because in case the dereferenced element type is an
91 // array, you cannot simply write `t x` as it would yield `int[4] x` instead,
92 // which is NOT correct C syntax, so we add a dedicated phase in Eurydice that
93 // adds an extra argument to this macro at the last minute so that we have the
94 // correct type of *pointers* to elements.
95 #define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i])
96 #define Eurydice_slice_subslice(s, r, t, _) \
97 EURYDICE_SLICE((t *)s.ptr, r.start, r.end)
98 // Variant for when the start and end indices are statically known (i.e., the
99 // range argument `r` is a literal).
100 #define Eurydice_slice_subslice2(s, start, end, t) \
101 EURYDICE_SLICE((t *)s.ptr, start, end)
102 #define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \
103 EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos)
104 #define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \
105 EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len)
106 #define Eurydice_array_to_slice(end, x, t) \
107 EURYDICE_SLICE(x, 0, \
108 end) /* x is already at an array type, no need for cast */
109 #define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \
110 EURYDICE_SLICE((t *)x, r.start, r.end)
111 // Same as above, variant for when start and end are statically known
112 #define Eurydice_array_to_subslice2(x, start, end, t) \
113 EURYDICE_SLICE((t *)x, start, end)
114 #define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \
115 EURYDICE_SLICE((t *)x, 0, r)
116 #define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \
117 EURYDICE_SLICE((t *)x, r, size)
118 #define Eurydice_slice_len(s, t) EURYDICE_SLICE_LEN(s, t)
119 #define Eurydice_slice_copy(dst, src, t) \
120 memcpy(dst.ptr, src.ptr, dst.len * sizeof(t))
121 #define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \
122 ((Eurydice_slice){.ptr = ptr_, .len = len_})
123
124 #define core_array___core__clone__Clone_for__Array_T__N___20__clone( \
125 len, src, dst, elem_type, _ret_t) \
126 (memcpy(dst, src, len * sizeof(elem_type)))
127 #define TryFromSliceError uint8_t
128
129 #define Eurydice_array_eq(sz, a1, a2, t, _) \
130 (memcmp(a1, a2, sz * sizeof(t)) == 0)
131 #define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \
132 sz, a1, a2, t, _, _ret_t) \
133 Eurydice_array_eq(sz, a1, a2, t, _)
134 #define core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( \
135 sz, a1, a2, t, _, _ret_t) \
136 Eurydice_array_eq(sz, a1, ((a2)->ptr), t, _)
137
138 #define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \
139 (CLITERAL(ret_t){ \
140 .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \
141 .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)})
142 #define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \
143 (CLITERAL(ret_t){ \
144 .fst = {.ptr = slice.ptr, .len = mid}, \
145 .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \
146 .len = slice.len - mid}})
147
148 // Conversion of slice to an array, rewritten (by Eurydice) to name the
149 // destination array, since arrays are not values in C.
150 // N.B.: see note in karamel/lib/Inlining.ml if you change this.
151 #define Eurydice_slice_to_array2(dst, src, _, t_arr) \
152 Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \
153 sizeof(t_arr))
154
Eurydice_slice_to_array3(uint8_t * dst_tag,char * dst_ok,Eurydice_slice src,size_t sz)155 static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, char *dst_ok,
156 Eurydice_slice src, size_t sz) {
157 *dst_tag = 0;
158 memcpy(dst_ok, src.ptr, sz);
159 }
160
161 // CORE STUFF (conversions, endianness, ...)
162
core_num__u64_9__to_le_bytes(uint64_t v,uint8_t buf[8])163 static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) {
164 v = htole64(v);
165 memcpy(buf, &v, sizeof(v));
166 }
core_num__u64_9__from_le_bytes(uint8_t buf[8])167 static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) {
168 uint64_t v;
169 memcpy(&v, buf, sizeof(v));
170 return le64toh(v);
171 }
172
core_num__u32_8__from_le_bytes(uint8_t buf[4])173 static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) {
174 uint32_t v;
175 memcpy(&v, buf, sizeof(v));
176 return le32toh(v);
177 }
178
core_num__u8_6__count_ones(uint8_t x0)179 static inline uint32_t core_num__u8_6__count_ones(uint8_t x0) {
180 #ifdef _MSC_VER
181 return __popcnt(x0);
182 #else
183 return __builtin_popcount(x0);
184 #endif
185 }
186
187 // unsigned overflow wraparound semantics in C
core_num__u16_7__wrapping_add(uint16_t x,uint16_t y)188 static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) {
189 return x + y;
190 }
core_num__u8_6__wrapping_sub(uint8_t x,uint8_t y)191 static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) {
192 return x - y;
193 }
194
195 // ITERATORS
196
197 #define Eurydice_range_iter_next(iter_ptr, t, ret_t) \
198 (((iter_ptr)->start == (iter_ptr)->end) \
199 ? (CLITERAL(ret_t){.tag = None}) \
200 : (CLITERAL(ret_t){.tag = Some, .f0 = (iter_ptr)->start++}))
201
202 #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \
203 Eurydice_range_iter_next
204
205 // See note in karamel/lib/Inlining.ml if you change this
206 #define Eurydice_into_iter(x, t, _ret_t) (x)
207 #define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter \
208 Eurydice_into_iter
209
210 #if defined(__cplusplus)
211 }
212 #endif
213
214 /* from libcrux/libcrux-ml-kem/cg/libcrux_core.h */
215 /*
216 * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
217 *
218 * SPDX-License-Identifier: MIT or Apache-2.0
219 *
220 * This code was generated with the following revisions:
221 * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4
222 * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb
223 * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908
224 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty
225 * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee
226 */
227
228 #ifndef __libcrux_core_H
229 #define __libcrux_core_H
230
231 #if defined(__cplusplus)
232 extern "C" {
233 #endif
234
235
236 /**
237 A monomorphic instance of core.ops.range.Range
238 with types size_t
239
240 */
241 typedef struct core_ops_range_Range_b3_s {
242 size_t start;
243 size_t end;
244 } core_ops_range_Range_b3;
245
246 #define Ok 0
247 #define Err 1
248
249 typedef uint8_t Result_86_tags;
250
251 #define None 0
252 #define Some 1
253
254 typedef uint8_t Option_ef_tags;
255
256 /**
257 A monomorphic instance of core.option.Option
258 with types size_t
259
260 */
261 typedef struct Option_b3_s {
262 Option_ef_tags tag;
263 size_t f0;
264 } Option_b3;
265
266 static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x0, uint16_t x1);
267
268 #define CORE_NUM__U32_8__BITS (32U)
269
270 static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]);
271
272 static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]);
273
274 static inline uint32_t core_num__u8_6__count_ones(uint8_t x0);
275
276 static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x0, uint8_t x1);
277
278 #define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U)
279
280 #define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT ((size_t)12U)
281
282 #define LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT ((size_t)256U)
283
284 #define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT \
285 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)12U)
286
287 #define LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT \
288 (LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U)
289
290 #define LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE ((size_t)32U)
291
292 #define LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE ((size_t)32U)
293
294 typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s {
295 uint8_t fst[1152U];
296 uint8_t snd[1184U];
297 } libcrux_ml_kem_utils_extraction_helper_Keypair768;
298
299 /**
300 A monomorphic instance of core.result.Result
301 with types uint8_t[24size_t], core_array_TryFromSliceError
302
303 */
304 typedef struct Result_6f_s {
305 Result_86_tags tag;
306 union {
307 uint8_t case_Ok[24U];
308 TryFromSliceError case_Err;
309 } val;
310 } Result_6f;
311
312 /**
313 This function found in impl {core::result::Result<T, E>}
314 */
315 /**
316 A monomorphic instance of core.result.unwrap_41
317 with types uint8_t[24size_t], core_array_TryFromSliceError
318
319 */
unwrap_41_1c(Result_6f self,uint8_t ret[24U])320 static inline void unwrap_41_1c(Result_6f self, uint8_t ret[24U]) {
321 if (self.tag == Ok) {
322 uint8_t f0[24U];
323 memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t));
324 memcpy(ret, f0, (size_t)24U * sizeof(uint8_t));
325 } else {
326 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
327 "unwrap not Ok");
328 KRML_HOST_EXIT(255U);
329 }
330 }
331
332 /**
333 A monomorphic instance of core.result.Result
334 with types uint8_t[20size_t], core_array_TryFromSliceError
335
336 */
337 typedef struct Result_7a_s {
338 Result_86_tags tag;
339 union {
340 uint8_t case_Ok[20U];
341 TryFromSliceError case_Err;
342 } val;
343 } Result_7a;
344
345 /**
346 This function found in impl {core::result::Result<T, E>}
347 */
348 /**
349 A monomorphic instance of core.result.unwrap_41
350 with types uint8_t[20size_t], core_array_TryFromSliceError
351
352 */
unwrap_41_34(Result_7a self,uint8_t ret[20U])353 static inline void unwrap_41_34(Result_7a self, uint8_t ret[20U]) {
354 if (self.tag == Ok) {
355 uint8_t f0[20U];
356 memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t));
357 memcpy(ret, f0, (size_t)20U * sizeof(uint8_t));
358 } else {
359 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
360 "unwrap not Ok");
361 KRML_HOST_EXIT(255U);
362 }
363 }
364
365 /**
366 A monomorphic instance of core.result.Result
367 with types uint8_t[10size_t], core_array_TryFromSliceError
368
369 */
370 typedef struct Result_cd_s {
371 Result_86_tags tag;
372 union {
373 uint8_t case_Ok[10U];
374 TryFromSliceError case_Err;
375 } val;
376 } Result_cd;
377
378 /**
379 This function found in impl {core::result::Result<T, E>}
380 */
381 /**
382 A monomorphic instance of core.result.unwrap_41
383 with types uint8_t[10size_t], core_array_TryFromSliceError
384
385 */
unwrap_41_e8(Result_cd self,uint8_t ret[10U])386 static inline void unwrap_41_e8(Result_cd self, uint8_t ret[10U]) {
387 if (self.tag == Ok) {
388 uint8_t f0[10U];
389 memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t));
390 memcpy(ret, f0, (size_t)10U * sizeof(uint8_t));
391 } else {
392 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
393 "unwrap not Ok");
394 KRML_HOST_EXIT(255U);
395 }
396 }
397
398 typedef struct Eurydice_slice_uint8_t_4size_t__x2_s {
399 Eurydice_slice fst[4U];
400 Eurydice_slice snd[4U];
401 } Eurydice_slice_uint8_t_4size_t__x2;
402
403 typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s {
404 uint8_t value[1088U];
405 } libcrux_ml_kem_mlkem768_MlKem768Ciphertext;
406
407 /**
408 A reference to the raw byte slice.
409 */
410 /**
411 This function found in impl {libcrux_ml_kem::types::MlKemCiphertext<SIZE>#6}
412 */
413 /**
414 A monomorphic instance of libcrux_ml_kem.types.as_slice_d4
415 with const generics
416 - SIZE= 1088
417 */
libcrux_ml_kem_types_as_slice_d4_1d(libcrux_ml_kem_mlkem768_MlKem768Ciphertext * self)418 static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_1d(
419 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) {
420 return self->value;
421 }
422
423 /**
424 A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey
425 with const generics
426 - $1184size_t
427 */
428 typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s {
429 uint8_t value[1184U];
430 } libcrux_ml_kem_types_MlKemPublicKey_15;
431
432 /**
433 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
434 libcrux_ml_kem::types::MlKemPublicKey<SIZE>)#14}
435 */
436 /**
437 A monomorphic instance of libcrux_ml_kem.types.from_b6
438 with const generics
439 - SIZE= 1184
440 */
441 static inline libcrux_ml_kem_types_MlKemPublicKey_15
libcrux_ml_kem_types_from_b6_da(uint8_t value[1184U])442 libcrux_ml_kem_types_from_b6_da(uint8_t value[1184U]) {
443 /* Passing arrays by value in Rust generates a copy in C */
444 uint8_t copy_of_value[1184U];
445 memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t));
446 libcrux_ml_kem_types_MlKemPublicKey_15 lit;
447 memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t));
448 return lit;
449 }
450
451 /**
452 A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey
453 with const generics
454 - $2400size_t
455 */
456 typedef struct libcrux_ml_kem_types_MlKemPrivateKey_55_s {
457 uint8_t value[2400U];
458 } libcrux_ml_kem_types_MlKemPrivateKey_55;
459
460 typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s {
461 libcrux_ml_kem_types_MlKemPrivateKey_55 sk;
462 libcrux_ml_kem_types_MlKemPublicKey_15 pk;
463 } libcrux_ml_kem_mlkem768_MlKem768KeyPair;
464
465 /**
466 Create a new [`MlKemKeyPair`] from the secret and public key.
467 */
468 /**
469 This function found in impl
470 {libcrux_ml_kem::types::MlKemKeyPair<PRIVATE_KEY_SIZE, PUBLIC_KEY_SIZE>}
471 */
472 /**
473 A monomorphic instance of libcrux_ml_kem.types.from_17
474 with const generics
475 - PRIVATE_KEY_SIZE= 2400
476 - PUBLIC_KEY_SIZE= 1184
477 */
478 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
libcrux_ml_kem_types_from_17_35(libcrux_ml_kem_types_MlKemPrivateKey_55 sk,libcrux_ml_kem_types_MlKemPublicKey_15 pk)479 libcrux_ml_kem_types_from_17_35(libcrux_ml_kem_types_MlKemPrivateKey_55 sk,
480 libcrux_ml_kem_types_MlKemPublicKey_15 pk) {
481 return (
482 CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk});
483 }
484
485 /**
486 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
487 libcrux_ml_kem::types::MlKemPrivateKey<SIZE>)#8}
488 */
489 /**
490 A monomorphic instance of libcrux_ml_kem.types.from_05
491 with const generics
492 - SIZE= 2400
493 */
494 static inline libcrux_ml_kem_types_MlKemPrivateKey_55
libcrux_ml_kem_types_from_05_f2(uint8_t value[2400U])495 libcrux_ml_kem_types_from_05_f2(uint8_t value[2400U]) {
496 /* Passing arrays by value in Rust generates a copy in C */
497 uint8_t copy_of_value[2400U];
498 memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t));
499 libcrux_ml_kem_types_MlKemPrivateKey_55 lit;
500 memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t));
501 return lit;
502 }
503
504 /**
505 A monomorphic instance of core.result.Result
506 with types uint8_t[32size_t], core_array_TryFromSliceError
507
508 */
509 typedef struct Result_00_s {
510 Result_86_tags tag;
511 union {
512 uint8_t case_Ok[32U];
513 TryFromSliceError case_Err;
514 } val;
515 } Result_00;
516
517 /**
518 This function found in impl {core::result::Result<T, E>}
519 */
520 /**
521 A monomorphic instance of core.result.unwrap_41
522 with types uint8_t[32size_t], core_array_TryFromSliceError
523
524 */
unwrap_41_83(Result_00 self,uint8_t ret[32U])525 static inline void unwrap_41_83(Result_00 self, uint8_t ret[32U]) {
526 if (self.tag == Ok) {
527 uint8_t f0[32U];
528 memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t));
529 memcpy(ret, f0, (size_t)32U * sizeof(uint8_t));
530 } else {
531 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
532 "unwrap not Ok");
533 KRML_HOST_EXIT(255U);
534 }
535 }
536
537 /**
538 A monomorphic instance of K.
539 with types libcrux_ml_kem_types_MlKemCiphertext[[$1088size_t]],
540 uint8_t[32size_t]
541
542 */
543 typedef struct tuple_3c_s {
544 libcrux_ml_kem_mlkem768_MlKem768Ciphertext fst;
545 uint8_t snd[32U];
546 } tuple_3c;
547
548 /**
549 This function found in impl {(core::convert::From<@Array<u8, SIZE>> for
550 libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#2}
551 */
552 /**
553 A monomorphic instance of libcrux_ml_kem.types.from_01
554 with const generics
555 - SIZE= 1088
556 */
557 static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext
libcrux_ml_kem_types_from_01_9f(uint8_t value[1088U])558 libcrux_ml_kem_types_from_01_9f(uint8_t value[1088U]) {
559 /* Passing arrays by value in Rust generates a copy in C */
560 uint8_t copy_of_value[1088U];
561 memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t));
562 libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit;
563 memcpy(lit.value, copy_of_value, (size_t)1088U * sizeof(uint8_t));
564 return lit;
565 }
566
567 /**
568 A reference to the raw byte slice.
569 */
570 /**
571 This function found in impl {libcrux_ml_kem::types::MlKemPublicKey<SIZE>#18}
572 */
573 /**
574 A monomorphic instance of libcrux_ml_kem.types.as_slice_cb
575 with const generics
576 - SIZE= 1184
577 */
libcrux_ml_kem_types_as_slice_cb_50(libcrux_ml_kem_types_MlKemPublicKey_15 * self)578 static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_50(
579 libcrux_ml_kem_types_MlKemPublicKey_15 *self) {
580 return self->value;
581 }
582
583 /**
584 Pad the `slice` with `0`s at the end.
585 */
586 /**
587 A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
588 with const generics
589 - LEN= 33
590 */
libcrux_ml_kem_utils_into_padded_array_ea2(Eurydice_slice slice,uint8_t ret[33U])591 static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea2(
592 Eurydice_slice slice, uint8_t ret[33U]) {
593 uint8_t out[33U] = {0U};
594 uint8_t *uu____0 = out;
595 Eurydice_slice_copy(
596 Eurydice_array_to_subslice2(uu____0, (size_t)0U,
597 Eurydice_slice_len(slice, uint8_t), uint8_t),
598 slice, uint8_t);
599 memcpy(ret, out, (size_t)33U * sizeof(uint8_t));
600 }
601
602 /**
603 Pad the `slice` with `0`s at the end.
604 */
605 /**
606 A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
607 with const generics
608 - LEN= 34
609 */
libcrux_ml_kem_utils_into_padded_array_ea1(Eurydice_slice slice,uint8_t ret[34U])610 static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea1(
611 Eurydice_slice slice, uint8_t ret[34U]) {
612 uint8_t out[34U] = {0U};
613 uint8_t *uu____0 = out;
614 Eurydice_slice_copy(
615 Eurydice_array_to_subslice2(uu____0, (size_t)0U,
616 Eurydice_slice_len(slice, uint8_t), uint8_t),
617 slice, uint8_t);
618 memcpy(ret, out, (size_t)34U * sizeof(uint8_t));
619 }
620
621 /**
622 This function found in impl {(core::convert::AsRef<@Slice<u8>> for
623 libcrux_ml_kem::types::MlKemCiphertext<SIZE>)#1}
624 */
625 /**
626 A monomorphic instance of libcrux_ml_kem.types.as_ref_00
627 with const generics
628 - SIZE= 1088
629 */
libcrux_ml_kem_types_as_ref_00_24(libcrux_ml_kem_mlkem768_MlKem768Ciphertext * self)630 static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_24(
631 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) {
632 return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t);
633 }
634
635 /**
636 Pad the `slice` with `0`s at the end.
637 */
638 /**
639 A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
640 with const generics
641 - LEN= 1120
642 */
libcrux_ml_kem_utils_into_padded_array_ea0(Eurydice_slice slice,uint8_t ret[1120U])643 static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea0(
644 Eurydice_slice slice, uint8_t ret[1120U]) {
645 uint8_t out[1120U] = {0U};
646 uint8_t *uu____0 = out;
647 Eurydice_slice_copy(
648 Eurydice_array_to_subslice2(uu____0, (size_t)0U,
649 Eurydice_slice_len(slice, uint8_t), uint8_t),
650 slice, uint8_t);
651 memcpy(ret, out, (size_t)1120U * sizeof(uint8_t));
652 }
653
654 /**
655 Pad the `slice` with `0`s at the end.
656 */
657 /**
658 A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
659 with const generics
660 - LEN= 64
661 */
libcrux_ml_kem_utils_into_padded_array_ea(Eurydice_slice slice,uint8_t ret[64U])662 static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea(
663 Eurydice_slice slice, uint8_t ret[64U]) {
664 uint8_t out[64U] = {0U};
665 uint8_t *uu____0 = out;
666 Eurydice_slice_copy(
667 Eurydice_array_to_subslice2(uu____0, (size_t)0U,
668 Eurydice_slice_len(slice, uint8_t), uint8_t),
669 slice, uint8_t);
670 memcpy(ret, out, (size_t)64U * sizeof(uint8_t));
671 }
672
673 /**
674 A monomorphic instance of core.result.Result
675 with types int16_t[16size_t], core_array_TryFromSliceError
676
677 */
678 typedef struct Result_c0_s {
679 Result_86_tags tag;
680 union {
681 int16_t case_Ok[16U];
682 TryFromSliceError case_Err;
683 } val;
684 } Result_c0;
685
686 /**
687 This function found in impl {core::result::Result<T, E>}
688 */
689 /**
690 A monomorphic instance of core.result.unwrap_41
691 with types int16_t[16size_t], core_array_TryFromSliceError
692
693 */
unwrap_41_f9(Result_c0 self,int16_t ret[16U])694 static inline void unwrap_41_f9(Result_c0 self, int16_t ret[16U]) {
695 if (self.tag == Ok) {
696 int16_t f0[16U];
697 memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t));
698 memcpy(ret, f0, (size_t)16U * sizeof(int16_t));
699 } else {
700 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
701 "unwrap not Ok");
702 KRML_HOST_EXIT(255U);
703 }
704 }
705
706 /**
707 A monomorphic instance of core.result.Result
708 with types uint8_t[8size_t], core_array_TryFromSliceError
709
710 */
711 typedef struct Result_56_s {
712 Result_86_tags tag;
713 union {
714 uint8_t case_Ok[8U];
715 TryFromSliceError case_Err;
716 } val;
717 } Result_56;
718
719 /**
720 This function found in impl {core::result::Result<T, E>}
721 */
722 /**
723 A monomorphic instance of core.result.unwrap_41
724 with types uint8_t[8size_t], core_array_TryFromSliceError
725
726 */
unwrap_41_ac(Result_56 self,uint8_t ret[8U])727 static inline void unwrap_41_ac(Result_56 self, uint8_t ret[8U]) {
728 if (self.tag == Ok) {
729 uint8_t f0[8U];
730 memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t));
731 memcpy(ret, f0, (size_t)8U * sizeof(uint8_t));
732 } else {
733 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
734 "unwrap not Ok");
735 KRML_HOST_EXIT(255U);
736 }
737 }
738
739 typedef struct Eurydice_slice_uint8_t_x2_s {
740 Eurydice_slice fst;
741 Eurydice_slice snd;
742 } Eurydice_slice_uint8_t_x2;
743
744 typedef struct Eurydice_slice_uint8_t_1size_t__x2_s {
745 Eurydice_slice fst[1U];
746 Eurydice_slice snd[1U];
747 } Eurydice_slice_uint8_t_1size_t__x2;
748
749 #if defined(__cplusplus)
750 }
751 #endif
752
753 #define __libcrux_core_H_DEFINED
754 #endif
755
756 /* from libcrux/libcrux-ml-kem/cg/libcrux_ct_ops.h */
757 /*
758 * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
759 *
760 * SPDX-License-Identifier: MIT or Apache-2.0
761 *
762 * This code was generated with the following revisions:
763 * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4
764 * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb
765 * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908
766 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty
767 * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee
768 */
769
770 #ifndef __libcrux_ct_ops_H
771 #define __libcrux_ct_ops_H
772
773 #if defined(__cplusplus)
774 extern "C" {
775 #endif
776
777
778 /**
779 Return 1 if `value` is not zero and 0 otherwise.
780 */
libcrux_ml_kem_constant_time_ops_inz(uint8_t value)781 static inline uint8_t libcrux_ml_kem_constant_time_ops_inz(uint8_t value) {
782 uint16_t value0 = (uint16_t)value;
783 uint16_t result = (((uint32_t)value0 |
784 (uint32_t)core_num__u16_7__wrapping_add(~value0, 1U)) &
785 0xFFFFU) >>
786 8U &
787 1U;
788 return (uint8_t)result;
789 }
790
791 static KRML_NOINLINE uint8_t
libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value)792 libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value) {
793 return libcrux_ml_kem_constant_time_ops_inz(value);
794 }
795
796 /**
797 Return 1 if the bytes of `lhs` and `rhs` do not exactly
798 match and 0 otherwise.
799 */
libcrux_ml_kem_constant_time_ops_compare(Eurydice_slice lhs,Eurydice_slice rhs)800 static inline uint8_t libcrux_ml_kem_constant_time_ops_compare(
801 Eurydice_slice lhs, Eurydice_slice rhs) {
802 uint8_t r = 0U;
803 for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t); i++) {
804 size_t i0 = i;
805 r = (uint32_t)r |
806 ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) ^
807 (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *));
808 }
809 return libcrux_ml_kem_constant_time_ops_is_non_zero(r);
810 }
811
812 static KRML_NOINLINE uint8_t
libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time(Eurydice_slice lhs,Eurydice_slice rhs)813 libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time(
814 Eurydice_slice lhs, Eurydice_slice rhs) {
815 return libcrux_ml_kem_constant_time_ops_compare(lhs, rhs);
816 }
817
818 /**
819 If `selector` is not zero, return the bytes in `rhs`; return the bytes in
820 `lhs` otherwise.
821 */
libcrux_ml_kem_constant_time_ops_select_ct(Eurydice_slice lhs,Eurydice_slice rhs,uint8_t selector,uint8_t ret[32U])822 static inline void libcrux_ml_kem_constant_time_ops_select_ct(
823 Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector,
824 uint8_t ret[32U]) {
825 uint8_t mask = core_num__u8_6__wrapping_sub(
826 libcrux_ml_kem_constant_time_ops_is_non_zero(selector), 1U);
827 uint8_t out[32U] = {0U};
828 for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE;
829 i++) {
830 size_t i0 = i;
831 out[i0] = ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) &
832 (uint32_t)mask) |
833 ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *) &
834 (uint32_t)~mask);
835 }
836 memcpy(ret, out, (size_t)32U * sizeof(uint8_t));
837 }
838
839 static KRML_NOINLINE void
libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(Eurydice_slice lhs,Eurydice_slice rhs,uint8_t selector,uint8_t ret[32U])840 libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(
841 Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector,
842 uint8_t ret[32U]) {
843 libcrux_ml_kem_constant_time_ops_select_ct(lhs, rhs, selector, ret);
844 }
845
846 static inline void
libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(Eurydice_slice lhs_c,Eurydice_slice rhs_c,Eurydice_slice lhs_s,Eurydice_slice rhs_s,uint8_t ret[32U])847 libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
848 Eurydice_slice lhs_c, Eurydice_slice rhs_c, Eurydice_slice lhs_s,
849 Eurydice_slice rhs_s, uint8_t ret[32U]) {
850 uint8_t selector =
851 libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time(
852 lhs_c, rhs_c);
853 uint8_t ret0[32U];
854 libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(
855 lhs_s, rhs_s, selector, ret0);
856 memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
857 }
858
859 #if defined(__cplusplus)
860 }
861 #endif
862
863 #define __libcrux_ct_ops_H_DEFINED
864 #endif
865
866 /* from libcrux/libcrux-ml-kem/cg/libcrux_sha3_portable.h */
867 /*
868 * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
869 *
870 * SPDX-License-Identifier: MIT or Apache-2.0
871 *
872 * This code was generated with the following revisions:
873 * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4
874 * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb
875 * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908
876 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty
877 * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee
878 */
879
880 #ifndef __libcrux_sha3_portable_H
881 #define __libcrux_sha3_portable_H
882
883 #if defined(__cplusplus)
884 extern "C" {
885 #endif
886
887
888 static const uint64_t libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = {
889 1ULL,
890 32898ULL,
891 9223372036854808714ULL,
892 9223372039002292224ULL,
893 32907ULL,
894 2147483649ULL,
895 9223372039002292353ULL,
896 9223372036854808585ULL,
897 138ULL,
898 136ULL,
899 2147516425ULL,
900 2147483658ULL,
901 2147516555ULL,
902 9223372036854775947ULL,
903 9223372036854808713ULL,
904 9223372036854808579ULL,
905 9223372036854808578ULL,
906 9223372036854775936ULL,
907 32778ULL,
908 9223372039002259466ULL,
909 9223372039002292353ULL,
910 9223372036854808704ULL,
911 2147483649ULL,
912 9223372039002292232ULL};
913
914 /**
915 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
916 usize> for u64)}
917 */
libcrux_sha3_portable_keccak_zero_5a(void)918 static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak_zero_5a(void) {
919 return 0ULL;
920 }
921
libcrux_sha3_portable_keccak__veor5q_u64(uint64_t a,uint64_t b,uint64_t c,uint64_t d,uint64_t e)922 static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__veor5q_u64(
923 uint64_t a, uint64_t b, uint64_t c, uint64_t d, uint64_t e) {
924 uint64_t ab = a ^ b;
925 uint64_t cd = c ^ d;
926 uint64_t abcd = ab ^ cd;
927 return abcd ^ e;
928 }
929
930 /**
931 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
932 usize> for u64)}
933 */
libcrux_sha3_portable_keccak_xor5_5a(uint64_t a,uint64_t b,uint64_t c,uint64_t d,uint64_t e)934 static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak_xor5_5a(
935 uint64_t a, uint64_t b, uint64_t c, uint64_t d, uint64_t e) {
936 return libcrux_sha3_portable_keccak__veor5q_u64(a, b, c, d, e);
937 }
938
939 /**
940 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
941 with const generics
942 - LEFT= 1
943 - RIGHT= 63
944 */
945 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb(uint64_t x)946 libcrux_sha3_portable_keccak_rotate_left_cb(uint64_t x) {
947 return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63;
948 }
949
950 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a,uint64_t b)951 libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) {
952 uint64_t uu____0 = a;
953 return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_cb(b);
954 }
955
956 /**
957 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
958 usize> for u64)}
959 */
960 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left1_and_xor_5a(uint64_t a,uint64_t b)961 libcrux_sha3_portable_keccak_rotate_left1_and_xor_5a(uint64_t a, uint64_t b) {
962 return libcrux_sha3_portable_keccak__vrax1q_u64(a, b);
963 }
964
965 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a,uint64_t b,uint64_t c)966 libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, uint64_t b, uint64_t c) {
967 return a ^ (b & ~c);
968 }
969
970 /**
971 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
972 usize> for u64)}
973 */
libcrux_sha3_portable_keccak_and_not_xor_5a(uint64_t a,uint64_t b,uint64_t c)974 static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak_and_not_xor_5a(
975 uint64_t a, uint64_t b, uint64_t c) {
976 return libcrux_sha3_portable_keccak__vbcaxq_u64(a, b, c);
977 }
978
979 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a,uint64_t c)980 libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, uint64_t c) {
981 return a ^ c;
982 }
983
984 /**
985 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
986 usize> for u64)}
987 */
988 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_constant_5a(uint64_t a,uint64_t c)989 libcrux_sha3_portable_keccak_xor_constant_5a(uint64_t a, uint64_t c) {
990 return libcrux_sha3_portable_keccak__veorq_n_u64(a, c);
991 }
992
993 /**
994 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
995 usize> for u64)}
996 */
997 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_5a(uint64_t a,uint64_t b)998 libcrux_sha3_portable_keccak_xor_5a(uint64_t a, uint64_t b) {
999 return a ^ b;
1000 }
1001
libcrux_sha3_portable_keccak_slice_1(Eurydice_slice a[1U],size_t start,size_t len,Eurydice_slice ret[1U])1002 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_1(
1003 Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) {
1004 ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t);
1005 }
1006
1007 /**
1008 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1009 usize> for u64)}
1010 */
libcrux_sha3_portable_keccak_slice_n_5a(Eurydice_slice a[1U],size_t start,size_t len,Eurydice_slice ret[1U])1011 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_n_5a(
1012 Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) {
1013 /* Passing arrays by value in Rust generates a copy in C */
1014 Eurydice_slice copy_of_a[1U];
1015 memcpy(copy_of_a, a, (size_t)1U * sizeof(Eurydice_slice));
1016 Eurydice_slice ret0[1U];
1017 libcrux_sha3_portable_keccak_slice_1(copy_of_a, start, len, ret0);
1018 memcpy(ret, ret0, (size_t)1U * sizeof(Eurydice_slice));
1019 }
1020
1021 static KRML_MUSTINLINE Eurydice_slice_uint8_t_1size_t__x2
libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U],size_t mid)1022 libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U],
1023 size_t mid) {
1024 Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut(
1025 out[0U], mid, uint8_t, Eurydice_slice_uint8_t_x2);
1026 Eurydice_slice out00 = uu____0.fst;
1027 Eurydice_slice out01 = uu____0.snd;
1028 Eurydice_slice_uint8_t_1size_t__x2 lit;
1029 lit.fst[0U] = out00;
1030 lit.snd[0U] = out01;
1031 return lit;
1032 }
1033
1034 /**
1035 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1036 usize> for u64)}
1037 */
1038 static KRML_MUSTINLINE Eurydice_slice_uint8_t_1size_t__x2
libcrux_sha3_portable_keccak_split_at_mut_n_5a(Eurydice_slice a[1U],size_t mid)1039 libcrux_sha3_portable_keccak_split_at_mut_n_5a(Eurydice_slice a[1U],
1040 size_t mid) {
1041 return libcrux_sha3_portable_keccak_split_at_mut_1(a, mid);
1042 }
1043
1044 /**
1045 A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState
1046 with types uint64_t
1047 with const generics
1048 - $1size_t
1049 */
1050 typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s {
1051 uint64_t st[5U][5U];
1052 } libcrux_sha3_generic_keccak_KeccakState_48;
1053
1054 /**
1055 Create a new Shake128 x4 state.
1056 */
1057 /**
1058 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T,
1059 N>[TraitClause@0]#1}
1060 */
1061 /**
1062 A monomorphic instance of libcrux_sha3.generic_keccak.new_1e
1063 with types uint64_t
1064 with const generics
1065 - N= 1
1066 */
1067 static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48
libcrux_sha3_generic_keccak_new_1e_f4(void)1068 libcrux_sha3_generic_keccak_new_1e_f4(void) {
1069 libcrux_sha3_generic_keccak_KeccakState_48 lit;
1070 lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a();
1071 lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a();
1072 lit.st[0U][2U] = libcrux_sha3_portable_keccak_zero_5a();
1073 lit.st[0U][3U] = libcrux_sha3_portable_keccak_zero_5a();
1074 lit.st[0U][4U] = libcrux_sha3_portable_keccak_zero_5a();
1075 lit.st[1U][0U] = libcrux_sha3_portable_keccak_zero_5a();
1076 lit.st[1U][1U] = libcrux_sha3_portable_keccak_zero_5a();
1077 lit.st[1U][2U] = libcrux_sha3_portable_keccak_zero_5a();
1078 lit.st[1U][3U] = libcrux_sha3_portable_keccak_zero_5a();
1079 lit.st[1U][4U] = libcrux_sha3_portable_keccak_zero_5a();
1080 lit.st[2U][0U] = libcrux_sha3_portable_keccak_zero_5a();
1081 lit.st[2U][1U] = libcrux_sha3_portable_keccak_zero_5a();
1082 lit.st[2U][2U] = libcrux_sha3_portable_keccak_zero_5a();
1083 lit.st[2U][3U] = libcrux_sha3_portable_keccak_zero_5a();
1084 lit.st[2U][4U] = libcrux_sha3_portable_keccak_zero_5a();
1085 lit.st[3U][0U] = libcrux_sha3_portable_keccak_zero_5a();
1086 lit.st[3U][1U] = libcrux_sha3_portable_keccak_zero_5a();
1087 lit.st[3U][2U] = libcrux_sha3_portable_keccak_zero_5a();
1088 lit.st[3U][3U] = libcrux_sha3_portable_keccak_zero_5a();
1089 lit.st[3U][4U] = libcrux_sha3_portable_keccak_zero_5a();
1090 lit.st[4U][0U] = libcrux_sha3_portable_keccak_zero_5a();
1091 lit.st[4U][1U] = libcrux_sha3_portable_keccak_zero_5a();
1092 lit.st[4U][2U] = libcrux_sha3_portable_keccak_zero_5a();
1093 lit.st[4U][3U] = libcrux_sha3_portable_keccak_zero_5a();
1094 lit.st[4U][4U] = libcrux_sha3_portable_keccak_zero_5a();
1095 return lit;
1096 }
1097
1098 /**
1099 A monomorphic instance of libcrux_sha3.portable_keccak.load_block
1100 with const generics
1101 - RATE= 72
1102 */
libcrux_sha3_portable_keccak_load_block_2c(uint64_t (* s)[5U],Eurydice_slice blocks[1U])1103 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c(
1104 uint64_t (*s)[5U], Eurydice_slice blocks[1U]) {
1105 for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) {
1106 size_t i0 = i;
1107 uint8_t uu____0[8U];
1108 Result_56 dst;
1109 Eurydice_slice_to_array2(
1110 &dst,
1111 Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0,
1112 (size_t)8U * i0 + (size_t)8U, uint8_t),
1113 Eurydice_slice, uint8_t[8U]);
1114 unwrap_41_ac(dst, uu____0);
1115 size_t uu____1 = i0 / (size_t)5U;
1116 size_t uu____2 = i0 % (size_t)5U;
1117 s[uu____1][uu____2] =
1118 s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0);
1119 }
1120 }
1121
1122 /**
1123 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1124 usize> for u64)}
1125 */
1126 /**
1127 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a
1128 with const generics
1129 - RATE= 72
1130 */
libcrux_sha3_portable_keccak_load_block_5a_b8(uint64_t (* a)[5U],Eurydice_slice b[1U])1131 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b8(
1132 uint64_t (*a)[5U], Eurydice_slice b[1U]) {
1133 uint64_t(*uu____0)[5U] = a;
1134 /* Passing arrays by value in Rust generates a copy in C */
1135 Eurydice_slice copy_of_b[1U];
1136 memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice));
1137 libcrux_sha3_portable_keccak_load_block_2c(uu____0, copy_of_b);
1138 }
1139
1140 /**
1141 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1142 with const generics
1143 - LEFT= 36
1144 - RIGHT= 28
1145 */
1146 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb0(uint64_t x)1147 libcrux_sha3_portable_keccak_rotate_left_cb0(uint64_t x) {
1148 return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28;
1149 }
1150
1151 /**
1152 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1153 with const generics
1154 - LEFT= 36
1155 - RIGHT= 28
1156 */
1157 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_42(uint64_t a,uint64_t b)1158 libcrux_sha3_portable_keccak__vxarq_u64_42(uint64_t a, uint64_t b) {
1159 uint64_t ab = a ^ b;
1160 return libcrux_sha3_portable_keccak_rotate_left_cb0(ab);
1161 }
1162
1163 /**
1164 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1165 usize> for u64)}
1166 */
1167 /**
1168 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1169 with const generics
1170 - LEFT= 36
1171 - RIGHT= 28
1172 */
1173 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(uint64_t a,uint64_t b)1174 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(uint64_t a, uint64_t b) {
1175 return libcrux_sha3_portable_keccak__vxarq_u64_42(a, b);
1176 }
1177
1178 /**
1179 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1180 with const generics
1181 - LEFT= 3
1182 - RIGHT= 61
1183 */
1184 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb1(uint64_t x)1185 libcrux_sha3_portable_keccak_rotate_left_cb1(uint64_t x) {
1186 return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61;
1187 }
1188
1189 /**
1190 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1191 with const generics
1192 - LEFT= 3
1193 - RIGHT= 61
1194 */
1195 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_420(uint64_t a,uint64_t b)1196 libcrux_sha3_portable_keccak__vxarq_u64_420(uint64_t a, uint64_t b) {
1197 uint64_t ab = a ^ b;
1198 return libcrux_sha3_portable_keccak_rotate_left_cb1(ab);
1199 }
1200
1201 /**
1202 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1203 usize> for u64)}
1204 */
1205 /**
1206 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1207 with const generics
1208 - LEFT= 3
1209 - RIGHT= 61
1210 */
1211 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb0(uint64_t a,uint64_t b)1212 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb0(uint64_t a, uint64_t b) {
1213 return libcrux_sha3_portable_keccak__vxarq_u64_420(a, b);
1214 }
1215
1216 /**
1217 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1218 with const generics
1219 - LEFT= 41
1220 - RIGHT= 23
1221 */
1222 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb2(uint64_t x)1223 libcrux_sha3_portable_keccak_rotate_left_cb2(uint64_t x) {
1224 return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23;
1225 }
1226
1227 /**
1228 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1229 with const generics
1230 - LEFT= 41
1231 - RIGHT= 23
1232 */
1233 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_421(uint64_t a,uint64_t b)1234 libcrux_sha3_portable_keccak__vxarq_u64_421(uint64_t a, uint64_t b) {
1235 uint64_t ab = a ^ b;
1236 return libcrux_sha3_portable_keccak_rotate_left_cb2(ab);
1237 }
1238
1239 /**
1240 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1241 usize> for u64)}
1242 */
1243 /**
1244 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1245 with const generics
1246 - LEFT= 41
1247 - RIGHT= 23
1248 */
1249 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb1(uint64_t a,uint64_t b)1250 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb1(uint64_t a, uint64_t b) {
1251 return libcrux_sha3_portable_keccak__vxarq_u64_421(a, b);
1252 }
1253
1254 /**
1255 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1256 with const generics
1257 - LEFT= 18
1258 - RIGHT= 46
1259 */
1260 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb3(uint64_t x)1261 libcrux_sha3_portable_keccak_rotate_left_cb3(uint64_t x) {
1262 return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46;
1263 }
1264
1265 /**
1266 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1267 with const generics
1268 - LEFT= 18
1269 - RIGHT= 46
1270 */
1271 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_422(uint64_t a,uint64_t b)1272 libcrux_sha3_portable_keccak__vxarq_u64_422(uint64_t a, uint64_t b) {
1273 uint64_t ab = a ^ b;
1274 return libcrux_sha3_portable_keccak_rotate_left_cb3(ab);
1275 }
1276
1277 /**
1278 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1279 usize> for u64)}
1280 */
1281 /**
1282 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1283 with const generics
1284 - LEFT= 18
1285 - RIGHT= 46
1286 */
1287 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb2(uint64_t a,uint64_t b)1288 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb2(uint64_t a, uint64_t b) {
1289 return libcrux_sha3_portable_keccak__vxarq_u64_422(a, b);
1290 }
1291
1292 /**
1293 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1294 with const generics
1295 - LEFT= 1
1296 - RIGHT= 63
1297 */
1298 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_423(uint64_t a,uint64_t b)1299 libcrux_sha3_portable_keccak__vxarq_u64_423(uint64_t a, uint64_t b) {
1300 uint64_t ab = a ^ b;
1301 return libcrux_sha3_portable_keccak_rotate_left_cb(ab);
1302 }
1303
1304 /**
1305 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1306 usize> for u64)}
1307 */
1308 /**
1309 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1310 with const generics
1311 - LEFT= 1
1312 - RIGHT= 63
1313 */
1314 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb3(uint64_t a,uint64_t b)1315 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb3(uint64_t a, uint64_t b) {
1316 return libcrux_sha3_portable_keccak__vxarq_u64_423(a, b);
1317 }
1318
1319 /**
1320 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1321 with const generics
1322 - LEFT= 44
1323 - RIGHT= 20
1324 */
1325 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb4(uint64_t x)1326 libcrux_sha3_portable_keccak_rotate_left_cb4(uint64_t x) {
1327 return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20;
1328 }
1329
1330 /**
1331 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1332 with const generics
1333 - LEFT= 44
1334 - RIGHT= 20
1335 */
1336 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_424(uint64_t a,uint64_t b)1337 libcrux_sha3_portable_keccak__vxarq_u64_424(uint64_t a, uint64_t b) {
1338 uint64_t ab = a ^ b;
1339 return libcrux_sha3_portable_keccak_rotate_left_cb4(ab);
1340 }
1341
1342 /**
1343 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1344 usize> for u64)}
1345 */
1346 /**
1347 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1348 with const generics
1349 - LEFT= 44
1350 - RIGHT= 20
1351 */
1352 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb4(uint64_t a,uint64_t b)1353 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb4(uint64_t a, uint64_t b) {
1354 return libcrux_sha3_portable_keccak__vxarq_u64_424(a, b);
1355 }
1356
1357 /**
1358 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1359 with const generics
1360 - LEFT= 10
1361 - RIGHT= 54
1362 */
1363 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb5(uint64_t x)1364 libcrux_sha3_portable_keccak_rotate_left_cb5(uint64_t x) {
1365 return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54;
1366 }
1367
1368 /**
1369 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1370 with const generics
1371 - LEFT= 10
1372 - RIGHT= 54
1373 */
1374 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_425(uint64_t a,uint64_t b)1375 libcrux_sha3_portable_keccak__vxarq_u64_425(uint64_t a, uint64_t b) {
1376 uint64_t ab = a ^ b;
1377 return libcrux_sha3_portable_keccak_rotate_left_cb5(ab);
1378 }
1379
1380 /**
1381 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1382 usize> for u64)}
1383 */
1384 /**
1385 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1386 with const generics
1387 - LEFT= 10
1388 - RIGHT= 54
1389 */
1390 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb5(uint64_t a,uint64_t b)1391 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb5(uint64_t a, uint64_t b) {
1392 return libcrux_sha3_portable_keccak__vxarq_u64_425(a, b);
1393 }
1394
1395 /**
1396 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1397 with const generics
1398 - LEFT= 45
1399 - RIGHT= 19
1400 */
1401 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb6(uint64_t x)1402 libcrux_sha3_portable_keccak_rotate_left_cb6(uint64_t x) {
1403 return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19;
1404 }
1405
1406 /**
1407 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1408 with const generics
1409 - LEFT= 45
1410 - RIGHT= 19
1411 */
1412 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_426(uint64_t a,uint64_t b)1413 libcrux_sha3_portable_keccak__vxarq_u64_426(uint64_t a, uint64_t b) {
1414 uint64_t ab = a ^ b;
1415 return libcrux_sha3_portable_keccak_rotate_left_cb6(ab);
1416 }
1417
1418 /**
1419 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1420 usize> for u64)}
1421 */
1422 /**
1423 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1424 with const generics
1425 - LEFT= 45
1426 - RIGHT= 19
1427 */
1428 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb6(uint64_t a,uint64_t b)1429 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb6(uint64_t a, uint64_t b) {
1430 return libcrux_sha3_portable_keccak__vxarq_u64_426(a, b);
1431 }
1432
1433 /**
1434 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1435 with const generics
1436 - LEFT= 2
1437 - RIGHT= 62
1438 */
1439 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb7(uint64_t x)1440 libcrux_sha3_portable_keccak_rotate_left_cb7(uint64_t x) {
1441 return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62;
1442 }
1443
1444 /**
1445 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1446 with const generics
1447 - LEFT= 2
1448 - RIGHT= 62
1449 */
1450 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_427(uint64_t a,uint64_t b)1451 libcrux_sha3_portable_keccak__vxarq_u64_427(uint64_t a, uint64_t b) {
1452 uint64_t ab = a ^ b;
1453 return libcrux_sha3_portable_keccak_rotate_left_cb7(ab);
1454 }
1455
1456 /**
1457 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1458 usize> for u64)}
1459 */
1460 /**
1461 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1462 with const generics
1463 - LEFT= 2
1464 - RIGHT= 62
1465 */
1466 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb7(uint64_t a,uint64_t b)1467 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb7(uint64_t a, uint64_t b) {
1468 return libcrux_sha3_portable_keccak__vxarq_u64_427(a, b);
1469 }
1470
1471 /**
1472 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1473 with const generics
1474 - LEFT= 62
1475 - RIGHT= 2
1476 */
1477 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb8(uint64_t x)1478 libcrux_sha3_portable_keccak_rotate_left_cb8(uint64_t x) {
1479 return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2;
1480 }
1481
1482 /**
1483 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1484 with const generics
1485 - LEFT= 62
1486 - RIGHT= 2
1487 */
1488 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_428(uint64_t a,uint64_t b)1489 libcrux_sha3_portable_keccak__vxarq_u64_428(uint64_t a, uint64_t b) {
1490 uint64_t ab = a ^ b;
1491 return libcrux_sha3_portable_keccak_rotate_left_cb8(ab);
1492 }
1493
1494 /**
1495 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1496 usize> for u64)}
1497 */
1498 /**
1499 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1500 with const generics
1501 - LEFT= 62
1502 - RIGHT= 2
1503 */
1504 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb8(uint64_t a,uint64_t b)1505 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb8(uint64_t a, uint64_t b) {
1506 return libcrux_sha3_portable_keccak__vxarq_u64_428(a, b);
1507 }
1508
1509 /**
1510 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1511 with const generics
1512 - LEFT= 6
1513 - RIGHT= 58
1514 */
1515 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb9(uint64_t x)1516 libcrux_sha3_portable_keccak_rotate_left_cb9(uint64_t x) {
1517 return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58;
1518 }
1519
1520 /**
1521 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1522 with const generics
1523 - LEFT= 6
1524 - RIGHT= 58
1525 */
1526 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_429(uint64_t a,uint64_t b)1527 libcrux_sha3_portable_keccak__vxarq_u64_429(uint64_t a, uint64_t b) {
1528 uint64_t ab = a ^ b;
1529 return libcrux_sha3_portable_keccak_rotate_left_cb9(ab);
1530 }
1531
1532 /**
1533 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1534 usize> for u64)}
1535 */
1536 /**
1537 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1538 with const generics
1539 - LEFT= 6
1540 - RIGHT= 58
1541 */
1542 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb9(uint64_t a,uint64_t b)1543 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb9(uint64_t a, uint64_t b) {
1544 return libcrux_sha3_portable_keccak__vxarq_u64_429(a, b);
1545 }
1546
1547 /**
1548 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1549 with const generics
1550 - LEFT= 43
1551 - RIGHT= 21
1552 */
1553 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb10(uint64_t x)1554 libcrux_sha3_portable_keccak_rotate_left_cb10(uint64_t x) {
1555 return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21;
1556 }
1557
1558 /**
1559 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1560 with const generics
1561 - LEFT= 43
1562 - RIGHT= 21
1563 */
1564 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_4210(uint64_t a,uint64_t b)1565 libcrux_sha3_portable_keccak__vxarq_u64_4210(uint64_t a, uint64_t b) {
1566 uint64_t ab = a ^ b;
1567 return libcrux_sha3_portable_keccak_rotate_left_cb10(ab);
1568 }
1569
1570 /**
1571 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1572 usize> for u64)}
1573 */
1574 /**
1575 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1576 with const generics
1577 - LEFT= 43
1578 - RIGHT= 21
1579 */
1580 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb10(uint64_t a,uint64_t b)1581 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb10(uint64_t a, uint64_t b) {
1582 return libcrux_sha3_portable_keccak__vxarq_u64_4210(a, b);
1583 }
1584
1585 /**
1586 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1587 with const generics
1588 - LEFT= 15
1589 - RIGHT= 49
1590 */
1591 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb11(uint64_t x)1592 libcrux_sha3_portable_keccak_rotate_left_cb11(uint64_t x) {
1593 return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49;
1594 }
1595
1596 /**
1597 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1598 with const generics
1599 - LEFT= 15
1600 - RIGHT= 49
1601 */
1602 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_4211(uint64_t a,uint64_t b)1603 libcrux_sha3_portable_keccak__vxarq_u64_4211(uint64_t a, uint64_t b) {
1604 uint64_t ab = a ^ b;
1605 return libcrux_sha3_portable_keccak_rotate_left_cb11(ab);
1606 }
1607
1608 /**
1609 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1610 usize> for u64)}
1611 */
1612 /**
1613 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1614 with const generics
1615 - LEFT= 15
1616 - RIGHT= 49
1617 */
1618 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb11(uint64_t a,uint64_t b)1619 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb11(uint64_t a, uint64_t b) {
1620 return libcrux_sha3_portable_keccak__vxarq_u64_4211(a, b);
1621 }
1622
1623 /**
1624 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1625 with const generics
1626 - LEFT= 61
1627 - RIGHT= 3
1628 */
1629 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb12(uint64_t x)1630 libcrux_sha3_portable_keccak_rotate_left_cb12(uint64_t x) {
1631 return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3;
1632 }
1633
1634 /**
1635 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1636 with const generics
1637 - LEFT= 61
1638 - RIGHT= 3
1639 */
1640 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_4212(uint64_t a,uint64_t b)1641 libcrux_sha3_portable_keccak__vxarq_u64_4212(uint64_t a, uint64_t b) {
1642 uint64_t ab = a ^ b;
1643 return libcrux_sha3_portable_keccak_rotate_left_cb12(ab);
1644 }
1645
1646 /**
1647 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1648 usize> for u64)}
1649 */
1650 /**
1651 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1652 with const generics
1653 - LEFT= 61
1654 - RIGHT= 3
1655 */
1656 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb12(uint64_t a,uint64_t b)1657 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb12(uint64_t a, uint64_t b) {
1658 return libcrux_sha3_portable_keccak__vxarq_u64_4212(a, b);
1659 }
1660
1661 /**
1662 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1663 with const generics
1664 - LEFT= 28
1665 - RIGHT= 36
1666 */
1667 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb13(uint64_t x)1668 libcrux_sha3_portable_keccak_rotate_left_cb13(uint64_t x) {
1669 return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36;
1670 }
1671
1672 /**
1673 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1674 with const generics
1675 - LEFT= 28
1676 - RIGHT= 36
1677 */
1678 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_4213(uint64_t a,uint64_t b)1679 libcrux_sha3_portable_keccak__vxarq_u64_4213(uint64_t a, uint64_t b) {
1680 uint64_t ab = a ^ b;
1681 return libcrux_sha3_portable_keccak_rotate_left_cb13(ab);
1682 }
1683
1684 /**
1685 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1686 usize> for u64)}
1687 */
1688 /**
1689 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1690 with const generics
1691 - LEFT= 28
1692 - RIGHT= 36
1693 */
1694 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb13(uint64_t a,uint64_t b)1695 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb13(uint64_t a, uint64_t b) {
1696 return libcrux_sha3_portable_keccak__vxarq_u64_4213(a, b);
1697 }
1698
1699 /**
1700 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1701 with const generics
1702 - LEFT= 55
1703 - RIGHT= 9
1704 */
1705 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb14(uint64_t x)1706 libcrux_sha3_portable_keccak_rotate_left_cb14(uint64_t x) {
1707 return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9;
1708 }
1709
1710 /**
1711 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1712 with const generics
1713 - LEFT= 55
1714 - RIGHT= 9
1715 */
1716 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_4214(uint64_t a,uint64_t b)1717 libcrux_sha3_portable_keccak__vxarq_u64_4214(uint64_t a, uint64_t b) {
1718 uint64_t ab = a ^ b;
1719 return libcrux_sha3_portable_keccak_rotate_left_cb14(ab);
1720 }
1721
1722 /**
1723 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1724 usize> for u64)}
1725 */
1726 /**
1727 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1728 with const generics
1729 - LEFT= 55
1730 - RIGHT= 9
1731 */
1732 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb14(uint64_t a,uint64_t b)1733 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb14(uint64_t a, uint64_t b) {
1734 return libcrux_sha3_portable_keccak__vxarq_u64_4214(a, b);
1735 }
1736
1737 /**
1738 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1739 with const generics
1740 - LEFT= 25
1741 - RIGHT= 39
1742 */
1743 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb15(uint64_t x)1744 libcrux_sha3_portable_keccak_rotate_left_cb15(uint64_t x) {
1745 return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39;
1746 }
1747
1748 /**
1749 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1750 with const generics
1751 - LEFT= 25
1752 - RIGHT= 39
1753 */
1754 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_4215(uint64_t a,uint64_t b)1755 libcrux_sha3_portable_keccak__vxarq_u64_4215(uint64_t a, uint64_t b) {
1756 uint64_t ab = a ^ b;
1757 return libcrux_sha3_portable_keccak_rotate_left_cb15(ab);
1758 }
1759
1760 /**
1761 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1762 usize> for u64)}
1763 */
1764 /**
1765 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1766 with const generics
1767 - LEFT= 25
1768 - RIGHT= 39
1769 */
1770 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb15(uint64_t a,uint64_t b)1771 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb15(uint64_t a, uint64_t b) {
1772 return libcrux_sha3_portable_keccak__vxarq_u64_4215(a, b);
1773 }
1774
1775 /**
1776 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1777 with const generics
1778 - LEFT= 21
1779 - RIGHT= 43
1780 */
1781 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb16(uint64_t x)1782 libcrux_sha3_portable_keccak_rotate_left_cb16(uint64_t x) {
1783 return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43;
1784 }
1785
1786 /**
1787 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1788 with const generics
1789 - LEFT= 21
1790 - RIGHT= 43
1791 */
1792 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_4216(uint64_t a,uint64_t b)1793 libcrux_sha3_portable_keccak__vxarq_u64_4216(uint64_t a, uint64_t b) {
1794 uint64_t ab = a ^ b;
1795 return libcrux_sha3_portable_keccak_rotate_left_cb16(ab);
1796 }
1797
1798 /**
1799 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1800 usize> for u64)}
1801 */
1802 /**
1803 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1804 with const generics
1805 - LEFT= 21
1806 - RIGHT= 43
1807 */
1808 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb16(uint64_t a,uint64_t b)1809 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb16(uint64_t a, uint64_t b) {
1810 return libcrux_sha3_portable_keccak__vxarq_u64_4216(a, b);
1811 }
1812
1813 /**
1814 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1815 with const generics
1816 - LEFT= 56
1817 - RIGHT= 8
1818 */
1819 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb17(uint64_t x)1820 libcrux_sha3_portable_keccak_rotate_left_cb17(uint64_t x) {
1821 return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8;
1822 }
1823
1824 /**
1825 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1826 with const generics
1827 - LEFT= 56
1828 - RIGHT= 8
1829 */
1830 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_4217(uint64_t a,uint64_t b)1831 libcrux_sha3_portable_keccak__vxarq_u64_4217(uint64_t a, uint64_t b) {
1832 uint64_t ab = a ^ b;
1833 return libcrux_sha3_portable_keccak_rotate_left_cb17(ab);
1834 }
1835
1836 /**
1837 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1838 usize> for u64)}
1839 */
1840 /**
1841 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1842 with const generics
1843 - LEFT= 56
1844 - RIGHT= 8
1845 */
1846 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb17(uint64_t a,uint64_t b)1847 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb17(uint64_t a, uint64_t b) {
1848 return libcrux_sha3_portable_keccak__vxarq_u64_4217(a, b);
1849 }
1850
1851 /**
1852 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1853 with const generics
1854 - LEFT= 27
1855 - RIGHT= 37
1856 */
1857 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb18(uint64_t x)1858 libcrux_sha3_portable_keccak_rotate_left_cb18(uint64_t x) {
1859 return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37;
1860 }
1861
1862 /**
1863 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1864 with const generics
1865 - LEFT= 27
1866 - RIGHT= 37
1867 */
1868 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_4218(uint64_t a,uint64_t b)1869 libcrux_sha3_portable_keccak__vxarq_u64_4218(uint64_t a, uint64_t b) {
1870 uint64_t ab = a ^ b;
1871 return libcrux_sha3_portable_keccak_rotate_left_cb18(ab);
1872 }
1873
1874 /**
1875 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1876 usize> for u64)}
1877 */
1878 /**
1879 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1880 with const generics
1881 - LEFT= 27
1882 - RIGHT= 37
1883 */
1884 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb18(uint64_t a,uint64_t b)1885 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb18(uint64_t a, uint64_t b) {
1886 return libcrux_sha3_portable_keccak__vxarq_u64_4218(a, b);
1887 }
1888
1889 /**
1890 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1891 with const generics
1892 - LEFT= 20
1893 - RIGHT= 44
1894 */
1895 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb19(uint64_t x)1896 libcrux_sha3_portable_keccak_rotate_left_cb19(uint64_t x) {
1897 return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44;
1898 }
1899
1900 /**
1901 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1902 with const generics
1903 - LEFT= 20
1904 - RIGHT= 44
1905 */
1906 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_4219(uint64_t a,uint64_t b)1907 libcrux_sha3_portable_keccak__vxarq_u64_4219(uint64_t a, uint64_t b) {
1908 uint64_t ab = a ^ b;
1909 return libcrux_sha3_portable_keccak_rotate_left_cb19(ab);
1910 }
1911
1912 /**
1913 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1914 usize> for u64)}
1915 */
1916 /**
1917 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1918 with const generics
1919 - LEFT= 20
1920 - RIGHT= 44
1921 */
1922 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb19(uint64_t a,uint64_t b)1923 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb19(uint64_t a, uint64_t b) {
1924 return libcrux_sha3_portable_keccak__vxarq_u64_4219(a, b);
1925 }
1926
1927 /**
1928 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1929 with const generics
1930 - LEFT= 39
1931 - RIGHT= 25
1932 */
1933 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb20(uint64_t x)1934 libcrux_sha3_portable_keccak_rotate_left_cb20(uint64_t x) {
1935 return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25;
1936 }
1937
1938 /**
1939 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1940 with const generics
1941 - LEFT= 39
1942 - RIGHT= 25
1943 */
1944 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_4220(uint64_t a,uint64_t b)1945 libcrux_sha3_portable_keccak__vxarq_u64_4220(uint64_t a, uint64_t b) {
1946 uint64_t ab = a ^ b;
1947 return libcrux_sha3_portable_keccak_rotate_left_cb20(ab);
1948 }
1949
1950 /**
1951 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1952 usize> for u64)}
1953 */
1954 /**
1955 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1956 with const generics
1957 - LEFT= 39
1958 - RIGHT= 25
1959 */
1960 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb20(uint64_t a,uint64_t b)1961 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb20(uint64_t a, uint64_t b) {
1962 return libcrux_sha3_portable_keccak__vxarq_u64_4220(a, b);
1963 }
1964
1965 /**
1966 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
1967 with const generics
1968 - LEFT= 8
1969 - RIGHT= 56
1970 */
1971 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb21(uint64_t x)1972 libcrux_sha3_portable_keccak_rotate_left_cb21(uint64_t x) {
1973 return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56;
1974 }
1975
1976 /**
1977 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
1978 with const generics
1979 - LEFT= 8
1980 - RIGHT= 56
1981 */
1982 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_4221(uint64_t a,uint64_t b)1983 libcrux_sha3_portable_keccak__vxarq_u64_4221(uint64_t a, uint64_t b) {
1984 uint64_t ab = a ^ b;
1985 return libcrux_sha3_portable_keccak_rotate_left_cb21(ab);
1986 }
1987
1988 /**
1989 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
1990 usize> for u64)}
1991 */
1992 /**
1993 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
1994 with const generics
1995 - LEFT= 8
1996 - RIGHT= 56
1997 */
1998 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb21(uint64_t a,uint64_t b)1999 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb21(uint64_t a, uint64_t b) {
2000 return libcrux_sha3_portable_keccak__vxarq_u64_4221(a, b);
2001 }
2002
2003 /**
2004 A monomorphic instance of libcrux_sha3.portable_keccak.rotate_left
2005 with const generics
2006 - LEFT= 14
2007 - RIGHT= 50
2008 */
2009 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_rotate_left_cb22(uint64_t x)2010 libcrux_sha3_portable_keccak_rotate_left_cb22(uint64_t x) {
2011 return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50;
2012 }
2013
2014 /**
2015 A monomorphic instance of libcrux_sha3.portable_keccak._vxarq_u64
2016 with const generics
2017 - LEFT= 14
2018 - RIGHT= 50
2019 */
2020 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak__vxarq_u64_4222(uint64_t a,uint64_t b)2021 libcrux_sha3_portable_keccak__vxarq_u64_4222(uint64_t a, uint64_t b) {
2022 uint64_t ab = a ^ b;
2023 return libcrux_sha3_portable_keccak_rotate_left_cb22(ab);
2024 }
2025
2026 /**
2027 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
2028 usize> for u64)}
2029 */
2030 /**
2031 A monomorphic instance of libcrux_sha3.portable_keccak.xor_and_rotate_5a
2032 with const generics
2033 - LEFT= 14
2034 - RIGHT= 50
2035 */
2036 static KRML_MUSTINLINE uint64_t
libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb22(uint64_t a,uint64_t b)2037 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb22(uint64_t a, uint64_t b) {
2038 return libcrux_sha3_portable_keccak__vxarq_u64_4222(a, b);
2039 }
2040
2041 /**
2042 A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho
2043 with types uint64_t
2044 with const generics
2045 - N= 1
2046 */
libcrux_sha3_generic_keccak_theta_rho_16(libcrux_sha3_generic_keccak_KeccakState_48 * s)2047 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_16(
2048 libcrux_sha3_generic_keccak_KeccakState_48 *s) {
2049 uint64_t c[5U] = {
2050 libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U],
2051 s->st[2U][0U], s->st[3U][0U],
2052 s->st[4U][0U]),
2053 libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][1U], s->st[1U][1U],
2054 s->st[2U][1U], s->st[3U][1U],
2055 s->st[4U][1U]),
2056 libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][2U], s->st[1U][2U],
2057 s->st[2U][2U], s->st[3U][2U],
2058 s->st[4U][2U]),
2059 libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][3U], s->st[1U][3U],
2060 s->st[2U][3U], s->st[3U][3U],
2061 s->st[4U][3U]),
2062 libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][4U], s->st[1U][4U],
2063 s->st[2U][4U], s->st[3U][4U],
2064 s->st[4U][4U])};
2065 uint64_t uu____0 = libcrux_sha3_portable_keccak_rotate_left1_and_xor_5a(
2066 c[((size_t)0U + (size_t)4U) % (size_t)5U],
2067 c[((size_t)0U + (size_t)1U) % (size_t)5U]);
2068 uint64_t uu____1 = libcrux_sha3_portable_keccak_rotate_left1_and_xor_5a(
2069 c[((size_t)1U + (size_t)4U) % (size_t)5U],
2070 c[((size_t)1U + (size_t)1U) % (size_t)5U]);
2071 uint64_t uu____2 = libcrux_sha3_portable_keccak_rotate_left1_and_xor_5a(
2072 c[((size_t)2U + (size_t)4U) % (size_t)5U],
2073 c[((size_t)2U + (size_t)1U) % (size_t)5U]);
2074 uint64_t uu____3 = libcrux_sha3_portable_keccak_rotate_left1_and_xor_5a(
2075 c[((size_t)3U + (size_t)4U) % (size_t)5U],
2076 c[((size_t)3U + (size_t)1U) % (size_t)5U]);
2077 uint64_t t[5U] = {uu____0, uu____1, uu____2, uu____3,
2078 libcrux_sha3_portable_keccak_rotate_left1_and_xor_5a(
2079 c[((size_t)4U + (size_t)4U) % (size_t)5U],
2080 c[((size_t)4U + (size_t)1U) % (size_t)5U])};
2081 s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]);
2082 s->st[1U][0U] =
2083 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(s->st[1U][0U], t[0U]);
2084 s->st[2U][0U] =
2085 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb0(s->st[2U][0U], t[0U]);
2086 s->st[3U][0U] =
2087 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb1(s->st[3U][0U], t[0U]);
2088 s->st[4U][0U] =
2089 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb2(s->st[4U][0U], t[0U]);
2090 s->st[0U][1U] =
2091 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb3(s->st[0U][1U], t[1U]);
2092 s->st[1U][1U] =
2093 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb4(s->st[1U][1U], t[1U]);
2094 s->st[2U][1U] =
2095 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb5(s->st[2U][1U], t[1U]);
2096 s->st[3U][1U] =
2097 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb6(s->st[3U][1U], t[1U]);
2098 s->st[4U][1U] =
2099 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb7(s->st[4U][1U], t[1U]);
2100 s->st[0U][2U] =
2101 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb8(s->st[0U][2U], t[2U]);
2102 s->st[1U][2U] =
2103 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb9(s->st[1U][2U], t[2U]);
2104 s->st[2U][2U] =
2105 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb10(s->st[2U][2U], t[2U]);
2106 s->st[3U][2U] =
2107 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb11(s->st[3U][2U], t[2U]);
2108 s->st[4U][2U] =
2109 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb12(s->st[4U][2U], t[2U]);
2110 s->st[0U][3U] =
2111 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb13(s->st[0U][3U], t[3U]);
2112 s->st[1U][3U] =
2113 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb14(s->st[1U][3U], t[3U]);
2114 s->st[2U][3U] =
2115 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb15(s->st[2U][3U], t[3U]);
2116 s->st[3U][3U] =
2117 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb16(s->st[3U][3U], t[3U]);
2118 s->st[4U][3U] =
2119 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb17(s->st[4U][3U], t[3U]);
2120 s->st[0U][4U] =
2121 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb18(s->st[0U][4U], t[4U]);
2122 s->st[1U][4U] =
2123 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb19(s->st[1U][4U], t[4U]);
2124 s->st[2U][4U] =
2125 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb20(s->st[2U][4U], t[4U]);
2126 s->st[3U][4U] =
2127 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb21(s->st[3U][4U], t[4U]);
2128 uint64_t uu____27 =
2129 libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb22(s->st[4U][4U], t[4U]);
2130 s->st[4U][4U] = uu____27;
2131 }
2132
2133 /**
2134 A monomorphic instance of libcrux_sha3.generic_keccak.pi
2135 with types uint64_t
2136 with const generics
2137 - N= 1
2138 */
libcrux_sha3_generic_keccak_pi_1d(libcrux_sha3_generic_keccak_KeccakState_48 * s)2139 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_1d(
2140 libcrux_sha3_generic_keccak_KeccakState_48 *s) {
2141 uint64_t old[5U][5U];
2142 memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U]));
2143 s->st[0U][1U] = old[1U][1U];
2144 s->st[0U][2U] = old[2U][2U];
2145 s->st[0U][3U] = old[3U][3U];
2146 s->st[0U][4U] = old[4U][4U];
2147 s->st[1U][0U] = old[0U][3U];
2148 s->st[1U][1U] = old[1U][4U];
2149 s->st[1U][2U] = old[2U][0U];
2150 s->st[1U][3U] = old[3U][1U];
2151 s->st[1U][4U] = old[4U][2U];
2152 s->st[2U][0U] = old[0U][1U];
2153 s->st[2U][1U] = old[1U][2U];
2154 s->st[2U][2U] = old[2U][3U];
2155 s->st[2U][3U] = old[3U][4U];
2156 s->st[2U][4U] = old[4U][0U];
2157 s->st[3U][0U] = old[0U][4U];
2158 s->st[3U][1U] = old[1U][0U];
2159 s->st[3U][2U] = old[2U][1U];
2160 s->st[3U][3U] = old[3U][2U];
2161 s->st[3U][4U] = old[4U][3U];
2162 s->st[4U][0U] = old[0U][2U];
2163 s->st[4U][1U] = old[1U][3U];
2164 s->st[4U][2U] = old[2U][4U];
2165 s->st[4U][3U] = old[3U][0U];
2166 s->st[4U][4U] = old[4U][1U];
2167 }
2168
2169 /**
2170 A monomorphic instance of libcrux_sha3.generic_keccak.chi
2171 with types uint64_t
2172 with const generics
2173 - N= 1
2174 */
libcrux_sha3_generic_keccak_chi_12(libcrux_sha3_generic_keccak_KeccakState_48 * s)2175 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_12(
2176 libcrux_sha3_generic_keccak_KeccakState_48 *s) {
2177 uint64_t old[5U][5U];
2178 memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U]));
2179 for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) {
2180 size_t i1 = i0;
2181 for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
2182 size_t j = i;
2183 s->st[i1][j] = libcrux_sha3_portable_keccak_and_not_xor_5a(
2184 s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U],
2185 old[i1][(j + (size_t)1U) % (size_t)5U]);
2186 }
2187 }
2188 }
2189
2190 /**
2191 A monomorphic instance of libcrux_sha3.generic_keccak.iota
2192 with types uint64_t
2193 with const generics
2194 - N= 1
2195 */
libcrux_sha3_generic_keccak_iota_62(libcrux_sha3_generic_keccak_KeccakState_48 * s,size_t i)2196 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_62(
2197 libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) {
2198 s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a(
2199 s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]);
2200 }
2201
2202 /**
2203 A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600
2204 with types uint64_t
2205 with const generics
2206 - N= 1
2207 */
libcrux_sha3_generic_keccak_keccakf1600_21(libcrux_sha3_generic_keccak_KeccakState_48 * s)2208 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_21(
2209 libcrux_sha3_generic_keccak_KeccakState_48 *s) {
2210 for (size_t i = (size_t)0U; i < (size_t)24U; i++) {
2211 size_t i0 = i;
2212 libcrux_sha3_generic_keccak_theta_rho_16(s);
2213 libcrux_sha3_generic_keccak_pi_1d(s);
2214 libcrux_sha3_generic_keccak_chi_12(s);
2215 libcrux_sha3_generic_keccak_iota_62(s, i0);
2216 }
2217 }
2218
2219 /**
2220 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block
2221 with types uint64_t
2222 with const generics
2223 - N= 1
2224 - RATE= 72
2225 */
libcrux_sha3_generic_keccak_absorb_block_df(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice blocks[1U])2226 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df(
2227 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) {
2228 uint64_t(*uu____0)[5U] = s->st;
2229 Eurydice_slice uu____1[1U];
2230 memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice));
2231 libcrux_sha3_portable_keccak_load_block_5a_b8(uu____0, uu____1);
2232 libcrux_sha3_generic_keccak_keccakf1600_21(s);
2233 }
2234
2235 /**
2236 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full
2237 with const generics
2238 - RATE= 72
2239 */
libcrux_sha3_portable_keccak_load_block_full_df(uint64_t (* s)[5U],uint8_t blocks[1U][200U])2240 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df(
2241 uint64_t (*s)[5U], uint8_t blocks[1U][200U]) {
2242 Eurydice_slice buf[1U] = {
2243 Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)};
2244 libcrux_sha3_portable_keccak_load_block_2c(s, buf);
2245 }
2246
2247 /**
2248 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
2249 usize> for u64)}
2250 */
2251 /**
2252 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a
2253 with const generics
2254 - RATE= 72
2255 */
libcrux_sha3_portable_keccak_load_block_full_5a_d2(uint64_t (* a)[5U],uint8_t b[1U][200U])2256 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d2(
2257 uint64_t (*a)[5U], uint8_t b[1U][200U]) {
2258 uint64_t(*uu____0)[5U] = a;
2259 /* Passing arrays by value in Rust generates a copy in C */
2260 uint8_t copy_of_b[1U][200U];
2261 memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U]));
2262 libcrux_sha3_portable_keccak_load_block_full_df(uu____0, copy_of_b);
2263 }
2264
2265 /**
2266 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final
2267 with types uint64_t
2268 with const generics
2269 - N= 1
2270 - RATE= 72
2271 - DELIM= 6
2272 */
libcrux_sha3_generic_keccak_absorb_final_c7(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice last[1U])2273 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c7(
2274 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) {
2275 size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
2276 uint8_t blocks[1U][200U] = {{0U}};
2277 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
2278 size_t i0 = i;
2279 if (last_len > (size_t)0U) {
2280 Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
2281 blocks[i0], (size_t)0U, last_len, uint8_t);
2282 Eurydice_slice_copy(uu____0, last[i0], uint8_t);
2283 }
2284 blocks[i0][last_len] = 6U;
2285 size_t uu____1 = i0;
2286 size_t uu____2 = (size_t)72U - (size_t)1U;
2287 blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;
2288 }
2289 uint64_t(*uu____3)[5U] = s->st;
2290 uint8_t uu____4[1U][200U];
2291 memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
2292 libcrux_sha3_portable_keccak_load_block_full_5a_d2(uu____3, uu____4);
2293 libcrux_sha3_generic_keccak_keccakf1600_21(s);
2294 }
2295
2296 /**
2297 A monomorphic instance of libcrux_sha3.portable_keccak.store_block
2298 with const generics
2299 - RATE= 72
2300 */
libcrux_sha3_portable_keccak_store_block_58(uint64_t (* s)[5U],Eurydice_slice out[1U])2301 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58(
2302 uint64_t (*s)[5U], Eurydice_slice out[1U]) {
2303 for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) {
2304 size_t i0 = i;
2305 Eurydice_slice uu____0 = Eurydice_slice_subslice2(
2306 out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t);
2307 uint8_t ret[8U];
2308 core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret);
2309 Eurydice_slice_copy(
2310 uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
2311 }
2312 }
2313
2314 /**
2315 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full
2316 with const generics
2317 - RATE= 72
2318 */
libcrux_sha3_portable_keccak_store_block_full_2d(uint64_t (* s)[5U],uint8_t ret[1U][200U])2319 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d(
2320 uint64_t (*s)[5U], uint8_t ret[1U][200U]) {
2321 uint8_t out[200U] = {0U};
2322 Eurydice_slice buf[1U] = {
2323 Eurydice_array_to_slice((size_t)200U, out, uint8_t)};
2324 libcrux_sha3_portable_keccak_store_block_58(s, buf);
2325 /* Passing arrays by value in Rust generates a copy in C */
2326 uint8_t copy_of_out[200U];
2327 memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t));
2328 memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t));
2329 }
2330
2331 /**
2332 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
2333 usize> for u64)}
2334 */
2335 /**
2336 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a
2337 with const generics
2338 - RATE= 72
2339 */
libcrux_sha3_portable_keccak_store_block_full_5a_29(uint64_t (* a)[5U],uint8_t ret[1U][200U])2340 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_29(
2341 uint64_t (*a)[5U], uint8_t ret[1U][200U]) {
2342 libcrux_sha3_portable_keccak_store_block_full_2d(a, ret);
2343 }
2344
2345 /**
2346 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last
2347 with types uint64_t
2348 with const generics
2349 - N= 1
2350 - RATE= 72
2351 */
2352 static KRML_MUSTINLINE void
libcrux_sha3_generic_keccak_squeeze_first_and_last_c5(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])2353 libcrux_sha3_generic_keccak_squeeze_first_and_last_c5(
2354 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
2355 uint8_t b[1U][200U];
2356 libcrux_sha3_portable_keccak_store_block_full_5a_29(s->st, b);
2357 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
2358 size_t i0 = i;
2359 Eurydice_slice uu____0 = out[i0];
2360 uint8_t *uu____1 = b[i0];
2361 core_ops_range_Range_b3 lit;
2362 lit.start = (size_t)0U;
2363 lit.end = Eurydice_slice_len(out[i0], uint8_t);
2364 Eurydice_slice_copy(
2365 uu____0,
2366 Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
2367 core_ops_range_Range_b3),
2368 uint8_t);
2369 }
2370 }
2371
2372 /**
2373 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
2374 usize> for u64)}
2375 */
2376 /**
2377 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a
2378 with const generics
2379 - RATE= 72
2380 */
libcrux_sha3_portable_keccak_store_block_5a_59(uint64_t (* a)[5U],Eurydice_slice b[1U])2381 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_59(
2382 uint64_t (*a)[5U], Eurydice_slice b[1U]) {
2383 libcrux_sha3_portable_keccak_store_block_58(a, b);
2384 }
2385
2386 /**
2387 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block
2388 with types uint64_t
2389 with const generics
2390 - N= 1
2391 - RATE= 72
2392 */
libcrux_sha3_generic_keccak_squeeze_first_block_84(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])2393 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_84(
2394 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
2395 libcrux_sha3_portable_keccak_store_block_5a_59(s->st, out);
2396 }
2397
2398 /**
2399 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block
2400 with types uint64_t
2401 with const generics
2402 - N= 1
2403 - RATE= 72
2404 */
libcrux_sha3_generic_keccak_squeeze_next_block_fc(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])2405 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc(
2406 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
2407 libcrux_sha3_generic_keccak_keccakf1600_21(s);
2408 libcrux_sha3_portable_keccak_store_block_5a_59(s->st, out);
2409 }
2410
2411 /**
2412 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last
2413 with types uint64_t
2414 with const generics
2415 - N= 1
2416 - RATE= 72
2417 */
libcrux_sha3_generic_keccak_squeeze_last_cf(libcrux_sha3_generic_keccak_KeccakState_48 s,Eurydice_slice out[1U])2418 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf(
2419 libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) {
2420 libcrux_sha3_generic_keccak_keccakf1600_21(&s);
2421 uint8_t b[1U][200U];
2422 libcrux_sha3_portable_keccak_store_block_full_5a_29(s.st, b);
2423 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
2424 size_t i0 = i;
2425 Eurydice_slice uu____0 = out[i0];
2426 uint8_t *uu____1 = b[i0];
2427 core_ops_range_Range_b3 lit;
2428 lit.start = (size_t)0U;
2429 lit.end = Eurydice_slice_len(out[i0], uint8_t);
2430 Eurydice_slice_copy(
2431 uu____0,
2432 Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
2433 core_ops_range_Range_b3),
2434 uint8_t);
2435 }
2436 }
2437
2438 /**
2439 A monomorphic instance of libcrux_sha3.generic_keccak.keccak
2440 with types uint64_t
2441 with const generics
2442 - N= 1
2443 - RATE= 72
2444 - DELIM= 6
2445 */
libcrux_sha3_generic_keccak_keccak_e9(Eurydice_slice data[1U],Eurydice_slice out[1U])2446 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e9(
2447 Eurydice_slice data[1U], Eurydice_slice out[1U]) {
2448 libcrux_sha3_generic_keccak_KeccakState_48 s =
2449 libcrux_sha3_generic_keccak_new_1e_f4();
2450 for (size_t i = (size_t)0U;
2451 i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) {
2452 size_t i0 = i;
2453 libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s;
2454 /* Passing arrays by value in Rust generates a copy in C */
2455 Eurydice_slice copy_of_data[1U];
2456 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
2457 Eurydice_slice ret[1U];
2458 libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U,
2459 (size_t)72U, ret);
2460 libcrux_sha3_generic_keccak_absorb_block_df(uu____0, ret);
2461 }
2462 size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U;
2463 libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s;
2464 /* Passing arrays by value in Rust generates a copy in C */
2465 Eurydice_slice copy_of_data[1U];
2466 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
2467 Eurydice_slice ret[1U];
2468 libcrux_sha3_portable_keccak_slice_n_5a(
2469 copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
2470 libcrux_sha3_generic_keccak_absorb_final_c7(uu____2, ret);
2471 size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
2472 size_t blocks = outlen / (size_t)72U;
2473 size_t last = outlen - outlen % (size_t)72U;
2474 if (blocks == (size_t)0U) {
2475 libcrux_sha3_generic_keccak_squeeze_first_and_last_c5(&s, out);
2476 } else {
2477 Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
2478 libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U);
2479 Eurydice_slice o0[1U];
2480 memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
2481 Eurydice_slice o1[1U];
2482 memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
2483 libcrux_sha3_generic_keccak_squeeze_first_block_84(&s, o0);
2484 core_ops_range_Range_b3 iter =
2485 core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
2486 (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
2487 .end = blocks}),
2488 core_ops_range_Range_b3, core_ops_range_Range_b3);
2489 while (true) {
2490 if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next(
2491 &iter, size_t, Option_b3)
2492 .tag == None) {
2493 break;
2494 } else {
2495 Eurydice_slice_uint8_t_1size_t__x2 uu____5 =
2496 libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)72U);
2497 Eurydice_slice o[1U];
2498 memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
2499 Eurydice_slice orest[1U];
2500 memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
2501 libcrux_sha3_generic_keccak_squeeze_next_block_fc(&s, o);
2502 memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
2503 }
2504 }
2505 if (last < outlen) {
2506 libcrux_sha3_generic_keccak_squeeze_last_cf(s, o1);
2507 }
2508 }
2509 }
2510
2511 /**
2512 A monomorphic instance of libcrux_sha3.portable.keccakx1
2513 with const generics
2514 - RATE= 72
2515 - DELIM= 6
2516 */
libcrux_sha3_portable_keccakx1_ce(Eurydice_slice data[1U],Eurydice_slice out[1U])2517 static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce(
2518 Eurydice_slice data[1U], Eurydice_slice out[1U]) {
2519 /* Passing arrays by value in Rust generates a copy in C */
2520 Eurydice_slice copy_of_data[1U];
2521 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
2522 libcrux_sha3_generic_keccak_keccak_e9(copy_of_data, out);
2523 }
2524
2525 /**
2526 A portable SHA3 512 implementation.
2527 */
libcrux_sha3_portable_sha512(Eurydice_slice digest,Eurydice_slice data)2528 static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest,
2529 Eurydice_slice data) {
2530 Eurydice_slice buf0[1U] = {data};
2531 Eurydice_slice buf[1U] = {digest};
2532 libcrux_sha3_portable_keccakx1_ce(buf0, buf);
2533 }
2534
2535 /**
2536 A monomorphic instance of libcrux_sha3.portable_keccak.load_block
2537 with const generics
2538 - RATE= 136
2539 */
libcrux_sha3_portable_keccak_load_block_2c0(uint64_t (* s)[5U],Eurydice_slice blocks[1U])2540 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c0(
2541 uint64_t (*s)[5U], Eurydice_slice blocks[1U]) {
2542 for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) {
2543 size_t i0 = i;
2544 uint8_t uu____0[8U];
2545 Result_56 dst;
2546 Eurydice_slice_to_array2(
2547 &dst,
2548 Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0,
2549 (size_t)8U * i0 + (size_t)8U, uint8_t),
2550 Eurydice_slice, uint8_t[8U]);
2551 unwrap_41_ac(dst, uu____0);
2552 size_t uu____1 = i0 / (size_t)5U;
2553 size_t uu____2 = i0 % (size_t)5U;
2554 s[uu____1][uu____2] =
2555 s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0);
2556 }
2557 }
2558
2559 /**
2560 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
2561 usize> for u64)}
2562 */
2563 /**
2564 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a
2565 with const generics
2566 - RATE= 136
2567 */
libcrux_sha3_portable_keccak_load_block_5a_b80(uint64_t (* a)[5U],Eurydice_slice b[1U])2568 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b80(
2569 uint64_t (*a)[5U], Eurydice_slice b[1U]) {
2570 uint64_t(*uu____0)[5U] = a;
2571 /* Passing arrays by value in Rust generates a copy in C */
2572 Eurydice_slice copy_of_b[1U];
2573 memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice));
2574 libcrux_sha3_portable_keccak_load_block_2c0(uu____0, copy_of_b);
2575 }
2576
2577 /**
2578 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block
2579 with types uint64_t
2580 with const generics
2581 - N= 1
2582 - RATE= 136
2583 */
libcrux_sha3_generic_keccak_absorb_block_df0(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice blocks[1U])2584 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df0(
2585 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) {
2586 uint64_t(*uu____0)[5U] = s->st;
2587 Eurydice_slice uu____1[1U];
2588 memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice));
2589 libcrux_sha3_portable_keccak_load_block_5a_b80(uu____0, uu____1);
2590 libcrux_sha3_generic_keccak_keccakf1600_21(s);
2591 }
2592
2593 /**
2594 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full
2595 with const generics
2596 - RATE= 136
2597 */
libcrux_sha3_portable_keccak_load_block_full_df0(uint64_t (* s)[5U],uint8_t blocks[1U][200U])2598 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df0(
2599 uint64_t (*s)[5U], uint8_t blocks[1U][200U]) {
2600 Eurydice_slice buf[1U] = {
2601 Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)};
2602 libcrux_sha3_portable_keccak_load_block_2c0(s, buf);
2603 }
2604
2605 /**
2606 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
2607 usize> for u64)}
2608 */
2609 /**
2610 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a
2611 with const generics
2612 - RATE= 136
2613 */
libcrux_sha3_portable_keccak_load_block_full_5a_d20(uint64_t (* a)[5U],uint8_t b[1U][200U])2614 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d20(
2615 uint64_t (*a)[5U], uint8_t b[1U][200U]) {
2616 uint64_t(*uu____0)[5U] = a;
2617 /* Passing arrays by value in Rust generates a copy in C */
2618 uint8_t copy_of_b[1U][200U];
2619 memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U]));
2620 libcrux_sha3_portable_keccak_load_block_full_df0(uu____0, copy_of_b);
2621 }
2622
2623 /**
2624 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final
2625 with types uint64_t
2626 with const generics
2627 - N= 1
2628 - RATE= 136
2629 - DELIM= 6
2630 */
libcrux_sha3_generic_keccak_absorb_final_c70(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice last[1U])2631 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c70(
2632 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) {
2633 size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
2634 uint8_t blocks[1U][200U] = {{0U}};
2635 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
2636 size_t i0 = i;
2637 if (last_len > (size_t)0U) {
2638 Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
2639 blocks[i0], (size_t)0U, last_len, uint8_t);
2640 Eurydice_slice_copy(uu____0, last[i0], uint8_t);
2641 }
2642 blocks[i0][last_len] = 6U;
2643 size_t uu____1 = i0;
2644 size_t uu____2 = (size_t)136U - (size_t)1U;
2645 blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;
2646 }
2647 uint64_t(*uu____3)[5U] = s->st;
2648 uint8_t uu____4[1U][200U];
2649 memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
2650 libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____3, uu____4);
2651 libcrux_sha3_generic_keccak_keccakf1600_21(s);
2652 }
2653
2654 /**
2655 A monomorphic instance of libcrux_sha3.portable_keccak.store_block
2656 with const generics
2657 - RATE= 136
2658 */
libcrux_sha3_portable_keccak_store_block_580(uint64_t (* s)[5U],Eurydice_slice out[1U])2659 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580(
2660 uint64_t (*s)[5U], Eurydice_slice out[1U]) {
2661 for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) {
2662 size_t i0 = i;
2663 Eurydice_slice uu____0 = Eurydice_slice_subslice2(
2664 out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t);
2665 uint8_t ret[8U];
2666 core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret);
2667 Eurydice_slice_copy(
2668 uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
2669 }
2670 }
2671
2672 /**
2673 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full
2674 with const generics
2675 - RATE= 136
2676 */
libcrux_sha3_portable_keccak_store_block_full_2d0(uint64_t (* s)[5U],uint8_t ret[1U][200U])2677 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d0(
2678 uint64_t (*s)[5U], uint8_t ret[1U][200U]) {
2679 uint8_t out[200U] = {0U};
2680 Eurydice_slice buf[1U] = {
2681 Eurydice_array_to_slice((size_t)200U, out, uint8_t)};
2682 libcrux_sha3_portable_keccak_store_block_580(s, buf);
2683 /* Passing arrays by value in Rust generates a copy in C */
2684 uint8_t copy_of_out[200U];
2685 memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t));
2686 memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t));
2687 }
2688
2689 /**
2690 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
2691 usize> for u64)}
2692 */
2693 /**
2694 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a
2695 with const generics
2696 - RATE= 136
2697 */
2698 static KRML_MUSTINLINE void
libcrux_sha3_portable_keccak_store_block_full_5a_290(uint64_t (* a)[5U],uint8_t ret[1U][200U])2699 libcrux_sha3_portable_keccak_store_block_full_5a_290(uint64_t (*a)[5U],
2700 uint8_t ret[1U][200U]) {
2701 libcrux_sha3_portable_keccak_store_block_full_2d0(a, ret);
2702 }
2703
2704 /**
2705 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last
2706 with types uint64_t
2707 with const generics
2708 - N= 1
2709 - RATE= 136
2710 */
2711 static KRML_MUSTINLINE void
libcrux_sha3_generic_keccak_squeeze_first_and_last_c50(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])2712 libcrux_sha3_generic_keccak_squeeze_first_and_last_c50(
2713 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
2714 uint8_t b[1U][200U];
2715 libcrux_sha3_portable_keccak_store_block_full_5a_290(s->st, b);
2716 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
2717 size_t i0 = i;
2718 Eurydice_slice uu____0 = out[i0];
2719 uint8_t *uu____1 = b[i0];
2720 core_ops_range_Range_b3 lit;
2721 lit.start = (size_t)0U;
2722 lit.end = Eurydice_slice_len(out[i0], uint8_t);
2723 Eurydice_slice_copy(
2724 uu____0,
2725 Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
2726 core_ops_range_Range_b3),
2727 uint8_t);
2728 }
2729 }
2730
2731 /**
2732 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
2733 usize> for u64)}
2734 */
2735 /**
2736 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a
2737 with const generics
2738 - RATE= 136
2739 */
libcrux_sha3_portable_keccak_store_block_5a_590(uint64_t (* a)[5U],Eurydice_slice b[1U])2740 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_590(
2741 uint64_t (*a)[5U], Eurydice_slice b[1U]) {
2742 libcrux_sha3_portable_keccak_store_block_580(a, b);
2743 }
2744
2745 /**
2746 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block
2747 with types uint64_t
2748 with const generics
2749 - N= 1
2750 - RATE= 136
2751 */
libcrux_sha3_generic_keccak_squeeze_first_block_840(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])2752 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_840(
2753 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
2754 libcrux_sha3_portable_keccak_store_block_5a_590(s->st, out);
2755 }
2756
2757 /**
2758 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block
2759 with types uint64_t
2760 with const generics
2761 - N= 1
2762 - RATE= 136
2763 */
libcrux_sha3_generic_keccak_squeeze_next_block_fc0(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])2764 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc0(
2765 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
2766 libcrux_sha3_generic_keccak_keccakf1600_21(s);
2767 libcrux_sha3_portable_keccak_store_block_5a_590(s->st, out);
2768 }
2769
2770 /**
2771 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last
2772 with types uint64_t
2773 with const generics
2774 - N= 1
2775 - RATE= 136
2776 */
libcrux_sha3_generic_keccak_squeeze_last_cf0(libcrux_sha3_generic_keccak_KeccakState_48 s,Eurydice_slice out[1U])2777 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf0(
2778 libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) {
2779 libcrux_sha3_generic_keccak_keccakf1600_21(&s);
2780 uint8_t b[1U][200U];
2781 libcrux_sha3_portable_keccak_store_block_full_5a_290(s.st, b);
2782 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
2783 size_t i0 = i;
2784 Eurydice_slice uu____0 = out[i0];
2785 uint8_t *uu____1 = b[i0];
2786 core_ops_range_Range_b3 lit;
2787 lit.start = (size_t)0U;
2788 lit.end = Eurydice_slice_len(out[i0], uint8_t);
2789 Eurydice_slice_copy(
2790 uu____0,
2791 Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
2792 core_ops_range_Range_b3),
2793 uint8_t);
2794 }
2795 }
2796
2797 /**
2798 A monomorphic instance of libcrux_sha3.generic_keccak.keccak
2799 with types uint64_t
2800 with const generics
2801 - N= 1
2802 - RATE= 136
2803 - DELIM= 6
2804 */
libcrux_sha3_generic_keccak_keccak_e90(Eurydice_slice data[1U],Eurydice_slice out[1U])2805 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e90(
2806 Eurydice_slice data[1U], Eurydice_slice out[1U]) {
2807 libcrux_sha3_generic_keccak_KeccakState_48 s =
2808 libcrux_sha3_generic_keccak_new_1e_f4();
2809 for (size_t i = (size_t)0U;
2810 i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) {
2811 size_t i0 = i;
2812 libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s;
2813 /* Passing arrays by value in Rust generates a copy in C */
2814 Eurydice_slice copy_of_data[1U];
2815 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
2816 Eurydice_slice ret[1U];
2817 libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U,
2818 (size_t)136U, ret);
2819 libcrux_sha3_generic_keccak_absorb_block_df0(uu____0, ret);
2820 }
2821 size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U;
2822 libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s;
2823 /* Passing arrays by value in Rust generates a copy in C */
2824 Eurydice_slice copy_of_data[1U];
2825 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
2826 Eurydice_slice ret[1U];
2827 libcrux_sha3_portable_keccak_slice_n_5a(
2828 copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
2829 libcrux_sha3_generic_keccak_absorb_final_c70(uu____2, ret);
2830 size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
2831 size_t blocks = outlen / (size_t)136U;
2832 size_t last = outlen - outlen % (size_t)136U;
2833 if (blocks == (size_t)0U) {
2834 libcrux_sha3_generic_keccak_squeeze_first_and_last_c50(&s, out);
2835 } else {
2836 Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
2837 libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U);
2838 Eurydice_slice o0[1U];
2839 memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
2840 Eurydice_slice o1[1U];
2841 memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
2842 libcrux_sha3_generic_keccak_squeeze_first_block_840(&s, o0);
2843 core_ops_range_Range_b3 iter =
2844 core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
2845 (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
2846 .end = blocks}),
2847 core_ops_range_Range_b3, core_ops_range_Range_b3);
2848 while (true) {
2849 if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next(
2850 &iter, size_t, Option_b3)
2851 .tag == None) {
2852 break;
2853 } else {
2854 Eurydice_slice_uint8_t_1size_t__x2 uu____5 =
2855 libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)136U);
2856 Eurydice_slice o[1U];
2857 memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
2858 Eurydice_slice orest[1U];
2859 memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
2860 libcrux_sha3_generic_keccak_squeeze_next_block_fc0(&s, o);
2861 memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
2862 }
2863 }
2864 if (last < outlen) {
2865 libcrux_sha3_generic_keccak_squeeze_last_cf0(s, o1);
2866 }
2867 }
2868 }
2869
2870 /**
2871 A monomorphic instance of libcrux_sha3.portable.keccakx1
2872 with const generics
2873 - RATE= 136
2874 - DELIM= 6
2875 */
libcrux_sha3_portable_keccakx1_ce0(Eurydice_slice data[1U],Eurydice_slice out[1U])2876 static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce0(
2877 Eurydice_slice data[1U], Eurydice_slice out[1U]) {
2878 /* Passing arrays by value in Rust generates a copy in C */
2879 Eurydice_slice copy_of_data[1U];
2880 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
2881 libcrux_sha3_generic_keccak_keccak_e90(copy_of_data, out);
2882 }
2883
2884 /**
2885 A portable SHA3 256 implementation.
2886 */
libcrux_sha3_portable_sha256(Eurydice_slice digest,Eurydice_slice data)2887 static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest,
2888 Eurydice_slice data) {
2889 Eurydice_slice buf0[1U] = {data};
2890 Eurydice_slice buf[1U] = {digest};
2891 libcrux_sha3_portable_keccakx1_ce0(buf0, buf);
2892 }
2893
2894 /**
2895 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final
2896 with types uint64_t
2897 with const generics
2898 - N= 1
2899 - RATE= 136
2900 - DELIM= 31
2901 */
libcrux_sha3_generic_keccak_absorb_final_c71(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice last[1U])2902 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c71(
2903 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) {
2904 size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
2905 uint8_t blocks[1U][200U] = {{0U}};
2906 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
2907 size_t i0 = i;
2908 if (last_len > (size_t)0U) {
2909 Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
2910 blocks[i0], (size_t)0U, last_len, uint8_t);
2911 Eurydice_slice_copy(uu____0, last[i0], uint8_t);
2912 }
2913 blocks[i0][last_len] = 31U;
2914 size_t uu____1 = i0;
2915 size_t uu____2 = (size_t)136U - (size_t)1U;
2916 blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;
2917 }
2918 uint64_t(*uu____3)[5U] = s->st;
2919 uint8_t uu____4[1U][200U];
2920 memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
2921 libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____3, uu____4);
2922 libcrux_sha3_generic_keccak_keccakf1600_21(s);
2923 }
2924
2925 /**
2926 A monomorphic instance of libcrux_sha3.generic_keccak.keccak
2927 with types uint64_t
2928 with const generics
2929 - N= 1
2930 - RATE= 136
2931 - DELIM= 31
2932 */
libcrux_sha3_generic_keccak_keccak_e91(Eurydice_slice data[1U],Eurydice_slice out[1U])2933 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e91(
2934 Eurydice_slice data[1U], Eurydice_slice out[1U]) {
2935 libcrux_sha3_generic_keccak_KeccakState_48 s =
2936 libcrux_sha3_generic_keccak_new_1e_f4();
2937 for (size_t i = (size_t)0U;
2938 i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) {
2939 size_t i0 = i;
2940 libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s;
2941 /* Passing arrays by value in Rust generates a copy in C */
2942 Eurydice_slice copy_of_data[1U];
2943 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
2944 Eurydice_slice ret[1U];
2945 libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U,
2946 (size_t)136U, ret);
2947 libcrux_sha3_generic_keccak_absorb_block_df0(uu____0, ret);
2948 }
2949 size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U;
2950 libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s;
2951 /* Passing arrays by value in Rust generates a copy in C */
2952 Eurydice_slice copy_of_data[1U];
2953 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
2954 Eurydice_slice ret[1U];
2955 libcrux_sha3_portable_keccak_slice_n_5a(
2956 copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
2957 libcrux_sha3_generic_keccak_absorb_final_c71(uu____2, ret);
2958 size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
2959 size_t blocks = outlen / (size_t)136U;
2960 size_t last = outlen - outlen % (size_t)136U;
2961 if (blocks == (size_t)0U) {
2962 libcrux_sha3_generic_keccak_squeeze_first_and_last_c50(&s, out);
2963 } else {
2964 Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
2965 libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U);
2966 Eurydice_slice o0[1U];
2967 memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
2968 Eurydice_slice o1[1U];
2969 memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
2970 libcrux_sha3_generic_keccak_squeeze_first_block_840(&s, o0);
2971 core_ops_range_Range_b3 iter =
2972 core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
2973 (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
2974 .end = blocks}),
2975 core_ops_range_Range_b3, core_ops_range_Range_b3);
2976 while (true) {
2977 if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next(
2978 &iter, size_t, Option_b3)
2979 .tag == None) {
2980 break;
2981 } else {
2982 Eurydice_slice_uint8_t_1size_t__x2 uu____5 =
2983 libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)136U);
2984 Eurydice_slice o[1U];
2985 memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
2986 Eurydice_slice orest[1U];
2987 memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
2988 libcrux_sha3_generic_keccak_squeeze_next_block_fc0(&s, o);
2989 memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
2990 }
2991 }
2992 if (last < outlen) {
2993 libcrux_sha3_generic_keccak_squeeze_last_cf0(s, o1);
2994 }
2995 }
2996 }
2997
2998 /**
2999 A monomorphic instance of libcrux_sha3.portable.keccakx1
3000 with const generics
3001 - RATE= 136
3002 - DELIM= 31
3003 */
libcrux_sha3_portable_keccakx1_ce1(Eurydice_slice data[1U],Eurydice_slice out[1U])3004 static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce1(
3005 Eurydice_slice data[1U], Eurydice_slice out[1U]) {
3006 /* Passing arrays by value in Rust generates a copy in C */
3007 Eurydice_slice copy_of_data[1U];
3008 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
3009 libcrux_sha3_generic_keccak_keccak_e91(copy_of_data, out);
3010 }
3011
3012 /**
3013 A portable SHAKE256 implementation.
3014 */
libcrux_sha3_portable_shake256(Eurydice_slice digest,Eurydice_slice data)3015 static KRML_MUSTINLINE void libcrux_sha3_portable_shake256(
3016 Eurydice_slice digest, Eurydice_slice data) {
3017 Eurydice_slice buf0[1U] = {data};
3018 Eurydice_slice buf[1U] = {digest};
3019 libcrux_sha3_portable_keccakx1_ce1(buf0, buf);
3020 }
3021
3022 typedef libcrux_sha3_generic_keccak_KeccakState_48
3023 libcrux_sha3_portable_KeccakState;
3024
3025 /**
3026 Create a new SHAKE-128 state object.
3027 */
3028 static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48
libcrux_sha3_portable_incremental_shake128_init(void)3029 libcrux_sha3_portable_incremental_shake128_init(void) {
3030 return libcrux_sha3_generic_keccak_new_1e_f4();
3031 }
3032
3033 /**
3034 A monomorphic instance of libcrux_sha3.portable_keccak.load_block
3035 with const generics
3036 - RATE= 168
3037 */
libcrux_sha3_portable_keccak_load_block_2c1(uint64_t (* s)[5U],Eurydice_slice blocks[1U])3038 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c1(
3039 uint64_t (*s)[5U], Eurydice_slice blocks[1U]) {
3040 for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) {
3041 size_t i0 = i;
3042 uint8_t uu____0[8U];
3043 Result_56 dst;
3044 Eurydice_slice_to_array2(
3045 &dst,
3046 Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0,
3047 (size_t)8U * i0 + (size_t)8U, uint8_t),
3048 Eurydice_slice, uint8_t[8U]);
3049 unwrap_41_ac(dst, uu____0);
3050 size_t uu____1 = i0 / (size_t)5U;
3051 size_t uu____2 = i0 % (size_t)5U;
3052 s[uu____1][uu____2] =
3053 s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0);
3054 }
3055 }
3056
3057 /**
3058 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full
3059 with const generics
3060 - RATE= 168
3061 */
libcrux_sha3_portable_keccak_load_block_full_df1(uint64_t (* s)[5U],uint8_t blocks[1U][200U])3062 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df1(
3063 uint64_t (*s)[5U], uint8_t blocks[1U][200U]) {
3064 Eurydice_slice buf[1U] = {
3065 Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)};
3066 libcrux_sha3_portable_keccak_load_block_2c1(s, buf);
3067 }
3068
3069 /**
3070 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
3071 usize> for u64)}
3072 */
3073 /**
3074 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a
3075 with const generics
3076 - RATE= 168
3077 */
libcrux_sha3_portable_keccak_load_block_full_5a_d21(uint64_t (* a)[5U],uint8_t b[1U][200U])3078 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d21(
3079 uint64_t (*a)[5U], uint8_t b[1U][200U]) {
3080 uint64_t(*uu____0)[5U] = a;
3081 /* Passing arrays by value in Rust generates a copy in C */
3082 uint8_t copy_of_b[1U][200U];
3083 memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U]));
3084 libcrux_sha3_portable_keccak_load_block_full_df1(uu____0, copy_of_b);
3085 }
3086
3087 /**
3088 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final
3089 with types uint64_t
3090 with const generics
3091 - N= 1
3092 - RATE= 168
3093 - DELIM= 31
3094 */
libcrux_sha3_generic_keccak_absorb_final_c72(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice last[1U])3095 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c72(
3096 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) {
3097 size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
3098 uint8_t blocks[1U][200U] = {{0U}};
3099 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
3100 size_t i0 = i;
3101 if (last_len > (size_t)0U) {
3102 Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
3103 blocks[i0], (size_t)0U, last_len, uint8_t);
3104 Eurydice_slice_copy(uu____0, last[i0], uint8_t);
3105 }
3106 blocks[i0][last_len] = 31U;
3107 size_t uu____1 = i0;
3108 size_t uu____2 = (size_t)168U - (size_t)1U;
3109 blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;
3110 }
3111 uint64_t(*uu____3)[5U] = s->st;
3112 uint8_t uu____4[1U][200U];
3113 memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
3114 libcrux_sha3_portable_keccak_load_block_full_5a_d21(uu____3, uu____4);
3115 libcrux_sha3_generic_keccak_keccakf1600_21(s);
3116 }
3117
3118 /**
3119 Absorb
3120 */
3121 static KRML_MUSTINLINE void
libcrux_sha3_portable_incremental_shake128_absorb_final(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice data0)3122 libcrux_sha3_portable_incremental_shake128_absorb_final(
3123 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) {
3124 Eurydice_slice buf[1U] = {data0};
3125 libcrux_sha3_generic_keccak_absorb_final_c72(s, buf);
3126 }
3127
3128 /**
3129 A monomorphic instance of libcrux_sha3.portable_keccak.store_block
3130 with const generics
3131 - RATE= 168
3132 */
libcrux_sha3_portable_keccak_store_block_581(uint64_t (* s)[5U],Eurydice_slice out[1U])3133 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581(
3134 uint64_t (*s)[5U], Eurydice_slice out[1U]) {
3135 for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) {
3136 size_t i0 = i;
3137 Eurydice_slice uu____0 = Eurydice_slice_subslice2(
3138 out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t);
3139 uint8_t ret[8U];
3140 core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret);
3141 Eurydice_slice_copy(
3142 uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
3143 }
3144 }
3145
3146 /**
3147 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
3148 usize> for u64)}
3149 */
3150 /**
3151 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a
3152 with const generics
3153 - RATE= 168
3154 */
libcrux_sha3_portable_keccak_store_block_5a_591(uint64_t (* a)[5U],Eurydice_slice b[1U])3155 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_591(
3156 uint64_t (*a)[5U], Eurydice_slice b[1U]) {
3157 libcrux_sha3_portable_keccak_store_block_581(a, b);
3158 }
3159
3160 /**
3161 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block
3162 with types uint64_t
3163 with const generics
3164 - N= 1
3165 - RATE= 168
3166 */
libcrux_sha3_generic_keccak_squeeze_next_block_fc1(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])3167 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc1(
3168 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
3169 libcrux_sha3_generic_keccak_keccakf1600_21(s);
3170 libcrux_sha3_portable_keccak_store_block_5a_591(s->st, out);
3171 }
3172
3173 /**
3174 Squeeze another block
3175 */
3176 static KRML_MUSTINLINE void
libcrux_sha3_portable_incremental_shake128_squeeze_next_block(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out0)3177 libcrux_sha3_portable_incremental_shake128_squeeze_next_block(
3178 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) {
3179 Eurydice_slice buf[1U] = {out0};
3180 libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, buf);
3181 }
3182
3183 /**
3184 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block
3185 with types uint64_t
3186 with const generics
3187 - N= 1
3188 - RATE= 168
3189 */
libcrux_sha3_generic_keccak_squeeze_first_block_841(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])3190 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_841(
3191 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
3192 libcrux_sha3_portable_keccak_store_block_5a_591(s->st, out);
3193 }
3194
3195 /**
3196 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks
3197 with types uint64_t
3198 with const generics
3199 - N= 1
3200 - RATE= 168
3201 */
3202 static KRML_MUSTINLINE void
libcrux_sha3_generic_keccak_squeeze_first_three_blocks_cc(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])3203 libcrux_sha3_generic_keccak_squeeze_first_three_blocks_cc(
3204 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
3205 Eurydice_slice_uint8_t_1size_t__x2 uu____0 =
3206 libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U);
3207 Eurydice_slice o0[1U];
3208 memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice));
3209 Eurydice_slice o10[1U];
3210 memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice));
3211 libcrux_sha3_generic_keccak_squeeze_first_block_841(s, o0);
3212 Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
3213 libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U);
3214 Eurydice_slice o1[1U];
3215 memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
3216 Eurydice_slice o2[1U];
3217 memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice));
3218 libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o1);
3219 libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o2);
3220 }
3221
3222 /**
3223 Squeeze three blocks
3224 */
3225 static KRML_MUSTINLINE void
libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out0)3226 libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(
3227 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) {
3228 Eurydice_slice buf[1U] = {out0};
3229 libcrux_sha3_generic_keccak_squeeze_first_three_blocks_cc(s, buf);
3230 }
3231
3232 #define libcrux_sha3_Sha224 0
3233 #define libcrux_sha3_Sha256 1
3234 #define libcrux_sha3_Sha384 2
3235 #define libcrux_sha3_Sha512 3
3236
3237 typedef uint8_t libcrux_sha3_Algorithm;
3238
3239 /**
3240 Returns the output size of a digest.
3241 */
libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode)3242 static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) {
3243 size_t uu____0;
3244 switch (mode) {
3245 case libcrux_sha3_Sha224: {
3246 uu____0 = (size_t)28U;
3247 break;
3248 }
3249 case libcrux_sha3_Sha256: {
3250 uu____0 = (size_t)32U;
3251 break;
3252 }
3253 case libcrux_sha3_Sha384: {
3254 uu____0 = (size_t)48U;
3255 break;
3256 }
3257 case libcrux_sha3_Sha512: {
3258 uu____0 = (size_t)64U;
3259 break;
3260 }
3261 default: {
3262 KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__,
3263 __LINE__);
3264 KRML_HOST_EXIT(253U);
3265 }
3266 }
3267 return uu____0;
3268 }
3269
3270 /**
3271 A monomorphic instance of libcrux_sha3.portable_keccak.load_block
3272 with const generics
3273 - RATE= 144
3274 */
libcrux_sha3_portable_keccak_load_block_2c2(uint64_t (* s)[5U],Eurydice_slice blocks[1U])3275 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c2(
3276 uint64_t (*s)[5U], Eurydice_slice blocks[1U]) {
3277 for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) {
3278 size_t i0 = i;
3279 uint8_t uu____0[8U];
3280 Result_56 dst;
3281 Eurydice_slice_to_array2(
3282 &dst,
3283 Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0,
3284 (size_t)8U * i0 + (size_t)8U, uint8_t),
3285 Eurydice_slice, uint8_t[8U]);
3286 unwrap_41_ac(dst, uu____0);
3287 size_t uu____1 = i0 / (size_t)5U;
3288 size_t uu____2 = i0 % (size_t)5U;
3289 s[uu____1][uu____2] =
3290 s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0);
3291 }
3292 }
3293
3294 /**
3295 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
3296 usize> for u64)}
3297 */
3298 /**
3299 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a
3300 with const generics
3301 - RATE= 144
3302 */
libcrux_sha3_portable_keccak_load_block_5a_b81(uint64_t (* a)[5U],Eurydice_slice b[1U])3303 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b81(
3304 uint64_t (*a)[5U], Eurydice_slice b[1U]) {
3305 uint64_t(*uu____0)[5U] = a;
3306 /* Passing arrays by value in Rust generates a copy in C */
3307 Eurydice_slice copy_of_b[1U];
3308 memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice));
3309 libcrux_sha3_portable_keccak_load_block_2c2(uu____0, copy_of_b);
3310 }
3311
3312 /**
3313 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block
3314 with types uint64_t
3315 with const generics
3316 - N= 1
3317 - RATE= 144
3318 */
libcrux_sha3_generic_keccak_absorb_block_df1(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice blocks[1U])3319 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df1(
3320 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) {
3321 uint64_t(*uu____0)[5U] = s->st;
3322 Eurydice_slice uu____1[1U];
3323 memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice));
3324 libcrux_sha3_portable_keccak_load_block_5a_b81(uu____0, uu____1);
3325 libcrux_sha3_generic_keccak_keccakf1600_21(s);
3326 }
3327
3328 /**
3329 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full
3330 with const generics
3331 - RATE= 144
3332 */
libcrux_sha3_portable_keccak_load_block_full_df2(uint64_t (* s)[5U],uint8_t blocks[1U][200U])3333 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df2(
3334 uint64_t (*s)[5U], uint8_t blocks[1U][200U]) {
3335 Eurydice_slice buf[1U] = {
3336 Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)};
3337 libcrux_sha3_portable_keccak_load_block_2c2(s, buf);
3338 }
3339
3340 /**
3341 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
3342 usize> for u64)}
3343 */
3344 /**
3345 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a
3346 with const generics
3347 - RATE= 144
3348 */
libcrux_sha3_portable_keccak_load_block_full_5a_d22(uint64_t (* a)[5U],uint8_t b[1U][200U])3349 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d22(
3350 uint64_t (*a)[5U], uint8_t b[1U][200U]) {
3351 uint64_t(*uu____0)[5U] = a;
3352 /* Passing arrays by value in Rust generates a copy in C */
3353 uint8_t copy_of_b[1U][200U];
3354 memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U]));
3355 libcrux_sha3_portable_keccak_load_block_full_df2(uu____0, copy_of_b);
3356 }
3357
3358 /**
3359 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final
3360 with types uint64_t
3361 with const generics
3362 - N= 1
3363 - RATE= 144
3364 - DELIM= 6
3365 */
libcrux_sha3_generic_keccak_absorb_final_c73(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice last[1U])3366 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c73(
3367 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) {
3368 size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
3369 uint8_t blocks[1U][200U] = {{0U}};
3370 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
3371 size_t i0 = i;
3372 if (last_len > (size_t)0U) {
3373 Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
3374 blocks[i0], (size_t)0U, last_len, uint8_t);
3375 Eurydice_slice_copy(uu____0, last[i0], uint8_t);
3376 }
3377 blocks[i0][last_len] = 6U;
3378 size_t uu____1 = i0;
3379 size_t uu____2 = (size_t)144U - (size_t)1U;
3380 blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;
3381 }
3382 uint64_t(*uu____3)[5U] = s->st;
3383 uint8_t uu____4[1U][200U];
3384 memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
3385 libcrux_sha3_portable_keccak_load_block_full_5a_d22(uu____3, uu____4);
3386 libcrux_sha3_generic_keccak_keccakf1600_21(s);
3387 }
3388
3389 /**
3390 A monomorphic instance of libcrux_sha3.portable_keccak.store_block
3391 with const generics
3392 - RATE= 144
3393 */
libcrux_sha3_portable_keccak_store_block_582(uint64_t (* s)[5U],Eurydice_slice out[1U])3394 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582(
3395 uint64_t (*s)[5U], Eurydice_slice out[1U]) {
3396 for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) {
3397 size_t i0 = i;
3398 Eurydice_slice uu____0 = Eurydice_slice_subslice2(
3399 out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t);
3400 uint8_t ret[8U];
3401 core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret);
3402 Eurydice_slice_copy(
3403 uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
3404 }
3405 }
3406
3407 /**
3408 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full
3409 with const generics
3410 - RATE= 144
3411 */
libcrux_sha3_portable_keccak_store_block_full_2d1(uint64_t (* s)[5U],uint8_t ret[1U][200U])3412 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d1(
3413 uint64_t (*s)[5U], uint8_t ret[1U][200U]) {
3414 uint8_t out[200U] = {0U};
3415 Eurydice_slice buf[1U] = {
3416 Eurydice_array_to_slice((size_t)200U, out, uint8_t)};
3417 libcrux_sha3_portable_keccak_store_block_582(s, buf);
3418 /* Passing arrays by value in Rust generates a copy in C */
3419 uint8_t copy_of_out[200U];
3420 memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t));
3421 memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t));
3422 }
3423
3424 /**
3425 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
3426 usize> for u64)}
3427 */
3428 /**
3429 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a
3430 with const generics
3431 - RATE= 144
3432 */
3433 static KRML_MUSTINLINE void
libcrux_sha3_portable_keccak_store_block_full_5a_291(uint64_t (* a)[5U],uint8_t ret[1U][200U])3434 libcrux_sha3_portable_keccak_store_block_full_5a_291(uint64_t (*a)[5U],
3435 uint8_t ret[1U][200U]) {
3436 libcrux_sha3_portable_keccak_store_block_full_2d1(a, ret);
3437 }
3438
3439 /**
3440 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last
3441 with types uint64_t
3442 with const generics
3443 - N= 1
3444 - RATE= 144
3445 */
3446 static KRML_MUSTINLINE void
libcrux_sha3_generic_keccak_squeeze_first_and_last_c51(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])3447 libcrux_sha3_generic_keccak_squeeze_first_and_last_c51(
3448 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
3449 uint8_t b[1U][200U];
3450 libcrux_sha3_portable_keccak_store_block_full_5a_291(s->st, b);
3451 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
3452 size_t i0 = i;
3453 Eurydice_slice uu____0 = out[i0];
3454 uint8_t *uu____1 = b[i0];
3455 core_ops_range_Range_b3 lit;
3456 lit.start = (size_t)0U;
3457 lit.end = Eurydice_slice_len(out[i0], uint8_t);
3458 Eurydice_slice_copy(
3459 uu____0,
3460 Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
3461 core_ops_range_Range_b3),
3462 uint8_t);
3463 }
3464 }
3465
3466 /**
3467 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
3468 usize> for u64)}
3469 */
3470 /**
3471 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a
3472 with const generics
3473 - RATE= 144
3474 */
libcrux_sha3_portable_keccak_store_block_5a_592(uint64_t (* a)[5U],Eurydice_slice b[1U])3475 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_592(
3476 uint64_t (*a)[5U], Eurydice_slice b[1U]) {
3477 libcrux_sha3_portable_keccak_store_block_582(a, b);
3478 }
3479
3480 /**
3481 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block
3482 with types uint64_t
3483 with const generics
3484 - N= 1
3485 - RATE= 144
3486 */
libcrux_sha3_generic_keccak_squeeze_first_block_842(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])3487 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_842(
3488 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
3489 libcrux_sha3_portable_keccak_store_block_5a_592(s->st, out);
3490 }
3491
3492 /**
3493 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block
3494 with types uint64_t
3495 with const generics
3496 - N= 1
3497 - RATE= 144
3498 */
libcrux_sha3_generic_keccak_squeeze_next_block_fc2(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])3499 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc2(
3500 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
3501 libcrux_sha3_generic_keccak_keccakf1600_21(s);
3502 libcrux_sha3_portable_keccak_store_block_5a_592(s->st, out);
3503 }
3504
3505 /**
3506 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last
3507 with types uint64_t
3508 with const generics
3509 - N= 1
3510 - RATE= 144
3511 */
libcrux_sha3_generic_keccak_squeeze_last_cf1(libcrux_sha3_generic_keccak_KeccakState_48 s,Eurydice_slice out[1U])3512 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf1(
3513 libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) {
3514 libcrux_sha3_generic_keccak_keccakf1600_21(&s);
3515 uint8_t b[1U][200U];
3516 libcrux_sha3_portable_keccak_store_block_full_5a_291(s.st, b);
3517 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
3518 size_t i0 = i;
3519 Eurydice_slice uu____0 = out[i0];
3520 uint8_t *uu____1 = b[i0];
3521 core_ops_range_Range_b3 lit;
3522 lit.start = (size_t)0U;
3523 lit.end = Eurydice_slice_len(out[i0], uint8_t);
3524 Eurydice_slice_copy(
3525 uu____0,
3526 Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
3527 core_ops_range_Range_b3),
3528 uint8_t);
3529 }
3530 }
3531
3532 /**
3533 A monomorphic instance of libcrux_sha3.generic_keccak.keccak
3534 with types uint64_t
3535 with const generics
3536 - N= 1
3537 - RATE= 144
3538 - DELIM= 6
3539 */
libcrux_sha3_generic_keccak_keccak_e92(Eurydice_slice data[1U],Eurydice_slice out[1U])3540 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e92(
3541 Eurydice_slice data[1U], Eurydice_slice out[1U]) {
3542 libcrux_sha3_generic_keccak_KeccakState_48 s =
3543 libcrux_sha3_generic_keccak_new_1e_f4();
3544 for (size_t i = (size_t)0U;
3545 i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) {
3546 size_t i0 = i;
3547 libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s;
3548 /* Passing arrays by value in Rust generates a copy in C */
3549 Eurydice_slice copy_of_data[1U];
3550 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
3551 Eurydice_slice ret[1U];
3552 libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U,
3553 (size_t)144U, ret);
3554 libcrux_sha3_generic_keccak_absorb_block_df1(uu____0, ret);
3555 }
3556 size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U;
3557 libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s;
3558 /* Passing arrays by value in Rust generates a copy in C */
3559 Eurydice_slice copy_of_data[1U];
3560 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
3561 Eurydice_slice ret[1U];
3562 libcrux_sha3_portable_keccak_slice_n_5a(
3563 copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
3564 libcrux_sha3_generic_keccak_absorb_final_c73(uu____2, ret);
3565 size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
3566 size_t blocks = outlen / (size_t)144U;
3567 size_t last = outlen - outlen % (size_t)144U;
3568 if (blocks == (size_t)0U) {
3569 libcrux_sha3_generic_keccak_squeeze_first_and_last_c51(&s, out);
3570 } else {
3571 Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
3572 libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U);
3573 Eurydice_slice o0[1U];
3574 memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
3575 Eurydice_slice o1[1U];
3576 memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
3577 libcrux_sha3_generic_keccak_squeeze_first_block_842(&s, o0);
3578 core_ops_range_Range_b3 iter =
3579 core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
3580 (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
3581 .end = blocks}),
3582 core_ops_range_Range_b3, core_ops_range_Range_b3);
3583 while (true) {
3584 if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next(
3585 &iter, size_t, Option_b3)
3586 .tag == None) {
3587 break;
3588 } else {
3589 Eurydice_slice_uint8_t_1size_t__x2 uu____5 =
3590 libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)144U);
3591 Eurydice_slice o[1U];
3592 memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
3593 Eurydice_slice orest[1U];
3594 memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
3595 libcrux_sha3_generic_keccak_squeeze_next_block_fc2(&s, o);
3596 memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
3597 }
3598 }
3599 if (last < outlen) {
3600 libcrux_sha3_generic_keccak_squeeze_last_cf1(s, o1);
3601 }
3602 }
3603 }
3604
3605 /**
3606 A monomorphic instance of libcrux_sha3.portable.keccakx1
3607 with const generics
3608 - RATE= 144
3609 - DELIM= 6
3610 */
libcrux_sha3_portable_keccakx1_ce2(Eurydice_slice data[1U],Eurydice_slice out[1U])3611 static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce2(
3612 Eurydice_slice data[1U], Eurydice_slice out[1U]) {
3613 /* Passing arrays by value in Rust generates a copy in C */
3614 Eurydice_slice copy_of_data[1U];
3615 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
3616 libcrux_sha3_generic_keccak_keccak_e92(copy_of_data, out);
3617 }
3618
3619 /**
3620 A portable SHA3 224 implementation.
3621 */
libcrux_sha3_portable_sha224(Eurydice_slice digest,Eurydice_slice data)3622 static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest,
3623 Eurydice_slice data) {
3624 Eurydice_slice buf0[1U] = {data};
3625 Eurydice_slice buf[1U] = {digest};
3626 libcrux_sha3_portable_keccakx1_ce2(buf0, buf);
3627 }
3628
3629 /**
3630 A monomorphic instance of libcrux_sha3.portable_keccak.load_block
3631 with const generics
3632 - RATE= 104
3633 */
libcrux_sha3_portable_keccak_load_block_2c3(uint64_t (* s)[5U],Eurydice_slice blocks[1U])3634 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c3(
3635 uint64_t (*s)[5U], Eurydice_slice blocks[1U]) {
3636 for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) {
3637 size_t i0 = i;
3638 uint8_t uu____0[8U];
3639 Result_56 dst;
3640 Eurydice_slice_to_array2(
3641 &dst,
3642 Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0,
3643 (size_t)8U * i0 + (size_t)8U, uint8_t),
3644 Eurydice_slice, uint8_t[8U]);
3645 unwrap_41_ac(dst, uu____0);
3646 size_t uu____1 = i0 / (size_t)5U;
3647 size_t uu____2 = i0 % (size_t)5U;
3648 s[uu____1][uu____2] =
3649 s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0);
3650 }
3651 }
3652
3653 /**
3654 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
3655 usize> for u64)}
3656 */
3657 /**
3658 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a
3659 with const generics
3660 - RATE= 104
3661 */
libcrux_sha3_portable_keccak_load_block_5a_b82(uint64_t (* a)[5U],Eurydice_slice b[1U])3662 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b82(
3663 uint64_t (*a)[5U], Eurydice_slice b[1U]) {
3664 uint64_t(*uu____0)[5U] = a;
3665 /* Passing arrays by value in Rust generates a copy in C */
3666 Eurydice_slice copy_of_b[1U];
3667 memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice));
3668 libcrux_sha3_portable_keccak_load_block_2c3(uu____0, copy_of_b);
3669 }
3670
3671 /**
3672 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block
3673 with types uint64_t
3674 with const generics
3675 - N= 1
3676 - RATE= 104
3677 */
libcrux_sha3_generic_keccak_absorb_block_df2(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice blocks[1U])3678 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df2(
3679 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) {
3680 uint64_t(*uu____0)[5U] = s->st;
3681 Eurydice_slice uu____1[1U];
3682 memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice));
3683 libcrux_sha3_portable_keccak_load_block_5a_b82(uu____0, uu____1);
3684 libcrux_sha3_generic_keccak_keccakf1600_21(s);
3685 }
3686
3687 /**
3688 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full
3689 with const generics
3690 - RATE= 104
3691 */
libcrux_sha3_portable_keccak_load_block_full_df3(uint64_t (* s)[5U],uint8_t blocks[1U][200U])3692 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df3(
3693 uint64_t (*s)[5U], uint8_t blocks[1U][200U]) {
3694 Eurydice_slice buf[1U] = {
3695 Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)};
3696 libcrux_sha3_portable_keccak_load_block_2c3(s, buf);
3697 }
3698
3699 /**
3700 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
3701 usize> for u64)}
3702 */
3703 /**
3704 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a
3705 with const generics
3706 - RATE= 104
3707 */
libcrux_sha3_portable_keccak_load_block_full_5a_d23(uint64_t (* a)[5U],uint8_t b[1U][200U])3708 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d23(
3709 uint64_t (*a)[5U], uint8_t b[1U][200U]) {
3710 uint64_t(*uu____0)[5U] = a;
3711 /* Passing arrays by value in Rust generates a copy in C */
3712 uint8_t copy_of_b[1U][200U];
3713 memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U]));
3714 libcrux_sha3_portable_keccak_load_block_full_df3(uu____0, copy_of_b);
3715 }
3716
3717 /**
3718 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final
3719 with types uint64_t
3720 with const generics
3721 - N= 1
3722 - RATE= 104
3723 - DELIM= 6
3724 */
libcrux_sha3_generic_keccak_absorb_final_c74(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice last[1U])3725 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c74(
3726 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) {
3727 size_t last_len = Eurydice_slice_len(last[0U], uint8_t);
3728 uint8_t blocks[1U][200U] = {{0U}};
3729 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
3730 size_t i0 = i;
3731 if (last_len > (size_t)0U) {
3732 Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
3733 blocks[i0], (size_t)0U, last_len, uint8_t);
3734 Eurydice_slice_copy(uu____0, last[i0], uint8_t);
3735 }
3736 blocks[i0][last_len] = 6U;
3737 size_t uu____1 = i0;
3738 size_t uu____2 = (size_t)104U - (size_t)1U;
3739 blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;
3740 }
3741 uint64_t(*uu____3)[5U] = s->st;
3742 uint8_t uu____4[1U][200U];
3743 memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U]));
3744 libcrux_sha3_portable_keccak_load_block_full_5a_d23(uu____3, uu____4);
3745 libcrux_sha3_generic_keccak_keccakf1600_21(s);
3746 }
3747
3748 /**
3749 A monomorphic instance of libcrux_sha3.portable_keccak.store_block
3750 with const generics
3751 - RATE= 104
3752 */
libcrux_sha3_portable_keccak_store_block_583(uint64_t (* s)[5U],Eurydice_slice out[1U])3753 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583(
3754 uint64_t (*s)[5U], Eurydice_slice out[1U]) {
3755 for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) {
3756 size_t i0 = i;
3757 Eurydice_slice uu____0 = Eurydice_slice_subslice2(
3758 out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t);
3759 uint8_t ret[8U];
3760 core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret);
3761 Eurydice_slice_copy(
3762 uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
3763 }
3764 }
3765
3766 /**
3767 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full
3768 with const generics
3769 - RATE= 104
3770 */
libcrux_sha3_portable_keccak_store_block_full_2d2(uint64_t (* s)[5U],uint8_t ret[1U][200U])3771 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d2(
3772 uint64_t (*s)[5U], uint8_t ret[1U][200U]) {
3773 uint8_t out[200U] = {0U};
3774 Eurydice_slice buf[1U] = {
3775 Eurydice_array_to_slice((size_t)200U, out, uint8_t)};
3776 libcrux_sha3_portable_keccak_store_block_583(s, buf);
3777 /* Passing arrays by value in Rust generates a copy in C */
3778 uint8_t copy_of_out[200U];
3779 memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t));
3780 memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t));
3781 }
3782
3783 /**
3784 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
3785 usize> for u64)}
3786 */
3787 /**
3788 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a
3789 with const generics
3790 - RATE= 104
3791 */
3792 static KRML_MUSTINLINE void
libcrux_sha3_portable_keccak_store_block_full_5a_292(uint64_t (* a)[5U],uint8_t ret[1U][200U])3793 libcrux_sha3_portable_keccak_store_block_full_5a_292(uint64_t (*a)[5U],
3794 uint8_t ret[1U][200U]) {
3795 libcrux_sha3_portable_keccak_store_block_full_2d2(a, ret);
3796 }
3797
3798 /**
3799 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last
3800 with types uint64_t
3801 with const generics
3802 - N= 1
3803 - RATE= 104
3804 */
3805 static KRML_MUSTINLINE void
libcrux_sha3_generic_keccak_squeeze_first_and_last_c52(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])3806 libcrux_sha3_generic_keccak_squeeze_first_and_last_c52(
3807 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
3808 uint8_t b[1U][200U];
3809 libcrux_sha3_portable_keccak_store_block_full_5a_292(s->st, b);
3810 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
3811 size_t i0 = i;
3812 Eurydice_slice uu____0 = out[i0];
3813 uint8_t *uu____1 = b[i0];
3814 core_ops_range_Range_b3 lit;
3815 lit.start = (size_t)0U;
3816 lit.end = Eurydice_slice_len(out[i0], uint8_t);
3817 Eurydice_slice_copy(
3818 uu____0,
3819 Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
3820 core_ops_range_Range_b3),
3821 uint8_t);
3822 }
3823 }
3824
3825 /**
3826 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
3827 usize> for u64)}
3828 */
3829 /**
3830 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a
3831 with const generics
3832 - RATE= 104
3833 */
libcrux_sha3_portable_keccak_store_block_5a_593(uint64_t (* a)[5U],Eurydice_slice b[1U])3834 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_593(
3835 uint64_t (*a)[5U], Eurydice_slice b[1U]) {
3836 libcrux_sha3_portable_keccak_store_block_583(a, b);
3837 }
3838
3839 /**
3840 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block
3841 with types uint64_t
3842 with const generics
3843 - N= 1
3844 - RATE= 104
3845 */
libcrux_sha3_generic_keccak_squeeze_first_block_843(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])3846 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_843(
3847 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
3848 libcrux_sha3_portable_keccak_store_block_5a_593(s->st, out);
3849 }
3850
3851 /**
3852 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block
3853 with types uint64_t
3854 with const generics
3855 - N= 1
3856 - RATE= 104
3857 */
libcrux_sha3_generic_keccak_squeeze_next_block_fc3(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])3858 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc3(
3859 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
3860 libcrux_sha3_generic_keccak_keccakf1600_21(s);
3861 libcrux_sha3_portable_keccak_store_block_5a_593(s->st, out);
3862 }
3863
3864 /**
3865 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last
3866 with types uint64_t
3867 with const generics
3868 - N= 1
3869 - RATE= 104
3870 */
libcrux_sha3_generic_keccak_squeeze_last_cf2(libcrux_sha3_generic_keccak_KeccakState_48 s,Eurydice_slice out[1U])3871 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf2(
3872 libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) {
3873 libcrux_sha3_generic_keccak_keccakf1600_21(&s);
3874 uint8_t b[1U][200U];
3875 libcrux_sha3_portable_keccak_store_block_full_5a_292(s.st, b);
3876 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
3877 size_t i0 = i;
3878 Eurydice_slice uu____0 = out[i0];
3879 uint8_t *uu____1 = b[i0];
3880 core_ops_range_Range_b3 lit;
3881 lit.start = (size_t)0U;
3882 lit.end = Eurydice_slice_len(out[i0], uint8_t);
3883 Eurydice_slice_copy(
3884 uu____0,
3885 Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
3886 core_ops_range_Range_b3),
3887 uint8_t);
3888 }
3889 }
3890
3891 /**
3892 A monomorphic instance of libcrux_sha3.generic_keccak.keccak
3893 with types uint64_t
3894 with const generics
3895 - N= 1
3896 - RATE= 104
3897 - DELIM= 6
3898 */
libcrux_sha3_generic_keccak_keccak_e93(Eurydice_slice data[1U],Eurydice_slice out[1U])3899 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e93(
3900 Eurydice_slice data[1U], Eurydice_slice out[1U]) {
3901 libcrux_sha3_generic_keccak_KeccakState_48 s =
3902 libcrux_sha3_generic_keccak_new_1e_f4();
3903 for (size_t i = (size_t)0U;
3904 i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) {
3905 size_t i0 = i;
3906 libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s;
3907 /* Passing arrays by value in Rust generates a copy in C */
3908 Eurydice_slice copy_of_data[1U];
3909 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
3910 Eurydice_slice ret[1U];
3911 libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U,
3912 (size_t)104U, ret);
3913 libcrux_sha3_generic_keccak_absorb_block_df2(uu____0, ret);
3914 }
3915 size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U;
3916 libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s;
3917 /* Passing arrays by value in Rust generates a copy in C */
3918 Eurydice_slice copy_of_data[1U];
3919 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
3920 Eurydice_slice ret[1U];
3921 libcrux_sha3_portable_keccak_slice_n_5a(
3922 copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
3923 libcrux_sha3_generic_keccak_absorb_final_c74(uu____2, ret);
3924 size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
3925 size_t blocks = outlen / (size_t)104U;
3926 size_t last = outlen - outlen % (size_t)104U;
3927 if (blocks == (size_t)0U) {
3928 libcrux_sha3_generic_keccak_squeeze_first_and_last_c52(&s, out);
3929 } else {
3930 Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
3931 libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U);
3932 Eurydice_slice o0[1U];
3933 memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
3934 Eurydice_slice o1[1U];
3935 memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
3936 libcrux_sha3_generic_keccak_squeeze_first_block_843(&s, o0);
3937 core_ops_range_Range_b3 iter =
3938 core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
3939 (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
3940 .end = blocks}),
3941 core_ops_range_Range_b3, core_ops_range_Range_b3);
3942 while (true) {
3943 if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next(
3944 &iter, size_t, Option_b3)
3945 .tag == None) {
3946 break;
3947 } else {
3948 Eurydice_slice_uint8_t_1size_t__x2 uu____5 =
3949 libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)104U);
3950 Eurydice_slice o[1U];
3951 memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
3952 Eurydice_slice orest[1U];
3953 memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
3954 libcrux_sha3_generic_keccak_squeeze_next_block_fc3(&s, o);
3955 memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
3956 }
3957 }
3958 if (last < outlen) {
3959 libcrux_sha3_generic_keccak_squeeze_last_cf2(s, o1);
3960 }
3961 }
3962 }
3963
3964 /**
3965 A monomorphic instance of libcrux_sha3.portable.keccakx1
3966 with const generics
3967 - RATE= 104
3968 - DELIM= 6
3969 */
libcrux_sha3_portable_keccakx1_ce3(Eurydice_slice data[1U],Eurydice_slice out[1U])3970 static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce3(
3971 Eurydice_slice data[1U], Eurydice_slice out[1U]) {
3972 /* Passing arrays by value in Rust generates a copy in C */
3973 Eurydice_slice copy_of_data[1U];
3974 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
3975 libcrux_sha3_generic_keccak_keccak_e93(copy_of_data, out);
3976 }
3977
3978 /**
3979 A portable SHA3 384 implementation.
3980 */
libcrux_sha3_portable_sha384(Eurydice_slice digest,Eurydice_slice data)3981 static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest,
3982 Eurydice_slice data) {
3983 Eurydice_slice buf0[1U] = {data};
3984 Eurydice_slice buf[1U] = {digest};
3985 libcrux_sha3_portable_keccakx1_ce3(buf0, buf);
3986 }
3987
3988 /**
3989 SHA3 224
3990
3991 Preconditions:
3992 - `digest.len() == 28`
3993 */
libcrux_sha3_sha224_ema(Eurydice_slice digest,Eurydice_slice payload)3994 static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest,
3995 Eurydice_slice payload) {
3996 libcrux_sha3_portable_sha224(digest, payload);
3997 }
3998
3999 /**
4000 SHA3 224
4001 */
libcrux_sha3_sha224(Eurydice_slice data,uint8_t ret[28U])4002 static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data,
4003 uint8_t ret[28U]) {
4004 uint8_t out[28U] = {0U};
4005 libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t),
4006 data);
4007 memcpy(ret, out, (size_t)28U * sizeof(uint8_t));
4008 }
4009
4010 /**
4011 SHA3 256
4012 */
libcrux_sha3_sha256_ema(Eurydice_slice digest,Eurydice_slice payload)4013 static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest,
4014 Eurydice_slice payload) {
4015 libcrux_sha3_portable_sha256(digest, payload);
4016 }
4017
4018 /**
4019 SHA3 256
4020 */
libcrux_sha3_sha256(Eurydice_slice data,uint8_t ret[32U])4021 static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data,
4022 uint8_t ret[32U]) {
4023 uint8_t out[32U] = {0U};
4024 libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
4025 data);
4026 memcpy(ret, out, (size_t)32U * sizeof(uint8_t));
4027 }
4028
4029 /**
4030 SHA3 384
4031 */
libcrux_sha3_sha384_ema(Eurydice_slice digest,Eurydice_slice payload)4032 static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest,
4033 Eurydice_slice payload) {
4034 libcrux_sha3_portable_sha384(digest, payload);
4035 }
4036
4037 /**
4038 SHA3 384
4039 */
libcrux_sha3_sha384(Eurydice_slice data,uint8_t ret[48U])4040 static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data,
4041 uint8_t ret[48U]) {
4042 uint8_t out[48U] = {0U};
4043 libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t),
4044 data);
4045 memcpy(ret, out, (size_t)48U * sizeof(uint8_t));
4046 }
4047
4048 /**
4049 SHA3 512
4050 */
libcrux_sha3_sha512_ema(Eurydice_slice digest,Eurydice_slice payload)4051 static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest,
4052 Eurydice_slice payload) {
4053 libcrux_sha3_portable_sha512(digest, payload);
4054 }
4055
4056 /**
4057 SHA3 512
4058 */
libcrux_sha3_sha512(Eurydice_slice data,uint8_t ret[64U])4059 static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data,
4060 uint8_t ret[64U]) {
4061 uint8_t out[64U] = {0U};
4062 libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t),
4063 data);
4064 memcpy(ret, out, (size_t)64U * sizeof(uint8_t));
4065 }
4066
4067 /**
4068 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
4069 usize> for u64)}
4070 */
4071 /**
4072 A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a
4073 with const generics
4074 - RATE= 168
4075 */
libcrux_sha3_portable_keccak_load_block_5a_b83(uint64_t (* a)[5U],Eurydice_slice b[1U])4076 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b83(
4077 uint64_t (*a)[5U], Eurydice_slice b[1U]) {
4078 uint64_t(*uu____0)[5U] = a;
4079 /* Passing arrays by value in Rust generates a copy in C */
4080 Eurydice_slice copy_of_b[1U];
4081 memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice));
4082 libcrux_sha3_portable_keccak_load_block_2c1(uu____0, copy_of_b);
4083 }
4084
4085 /**
4086 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block
4087 with types uint64_t
4088 with const generics
4089 - N= 1
4090 - RATE= 168
4091 */
libcrux_sha3_generic_keccak_absorb_block_df3(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice blocks[1U])4092 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df3(
4093 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) {
4094 uint64_t(*uu____0)[5U] = s->st;
4095 Eurydice_slice uu____1[1U];
4096 memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice));
4097 libcrux_sha3_portable_keccak_load_block_5a_b83(uu____0, uu____1);
4098 libcrux_sha3_generic_keccak_keccakf1600_21(s);
4099 }
4100
4101 /**
4102 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full
4103 with const generics
4104 - RATE= 168
4105 */
libcrux_sha3_portable_keccak_store_block_full_2d3(uint64_t (* s)[5U],uint8_t ret[1U][200U])4106 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d3(
4107 uint64_t (*s)[5U], uint8_t ret[1U][200U]) {
4108 uint8_t out[200U] = {0U};
4109 Eurydice_slice buf[1U] = {
4110 Eurydice_array_to_slice((size_t)200U, out, uint8_t)};
4111 libcrux_sha3_portable_keccak_store_block_581(s, buf);
4112 /* Passing arrays by value in Rust generates a copy in C */
4113 uint8_t copy_of_out[200U];
4114 memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t));
4115 memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t));
4116 }
4117
4118 /**
4119 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
4120 usize> for u64)}
4121 */
4122 /**
4123 A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a
4124 with const generics
4125 - RATE= 168
4126 */
4127 static KRML_MUSTINLINE void
libcrux_sha3_portable_keccak_store_block_full_5a_293(uint64_t (* a)[5U],uint8_t ret[1U][200U])4128 libcrux_sha3_portable_keccak_store_block_full_5a_293(uint64_t (*a)[5U],
4129 uint8_t ret[1U][200U]) {
4130 libcrux_sha3_portable_keccak_store_block_full_2d3(a, ret);
4131 }
4132
4133 /**
4134 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last
4135 with types uint64_t
4136 with const generics
4137 - N= 1
4138 - RATE= 168
4139 */
4140 static KRML_MUSTINLINE void
libcrux_sha3_generic_keccak_squeeze_first_and_last_c53(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])4141 libcrux_sha3_generic_keccak_squeeze_first_and_last_c53(
4142 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
4143 uint8_t b[1U][200U];
4144 libcrux_sha3_portable_keccak_store_block_full_5a_293(s->st, b);
4145 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
4146 size_t i0 = i;
4147 Eurydice_slice uu____0 = out[i0];
4148 uint8_t *uu____1 = b[i0];
4149 core_ops_range_Range_b3 lit;
4150 lit.start = (size_t)0U;
4151 lit.end = Eurydice_slice_len(out[i0], uint8_t);
4152 Eurydice_slice_copy(
4153 uu____0,
4154 Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
4155 core_ops_range_Range_b3),
4156 uint8_t);
4157 }
4158 }
4159
4160 /**
4161 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last
4162 with types uint64_t
4163 with const generics
4164 - N= 1
4165 - RATE= 168
4166 */
libcrux_sha3_generic_keccak_squeeze_last_cf3(libcrux_sha3_generic_keccak_KeccakState_48 s,Eurydice_slice out[1U])4167 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf3(
4168 libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) {
4169 libcrux_sha3_generic_keccak_keccakf1600_21(&s);
4170 uint8_t b[1U][200U];
4171 libcrux_sha3_portable_keccak_store_block_full_5a_293(s.st, b);
4172 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
4173 size_t i0 = i;
4174 Eurydice_slice uu____0 = out[i0];
4175 uint8_t *uu____1 = b[i0];
4176 core_ops_range_Range_b3 lit;
4177 lit.start = (size_t)0U;
4178 lit.end = Eurydice_slice_len(out[i0], uint8_t);
4179 Eurydice_slice_copy(
4180 uu____0,
4181 Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t,
4182 core_ops_range_Range_b3),
4183 uint8_t);
4184 }
4185 }
4186
4187 /**
4188 A monomorphic instance of libcrux_sha3.generic_keccak.keccak
4189 with types uint64_t
4190 with const generics
4191 - N= 1
4192 - RATE= 168
4193 - DELIM= 31
4194 */
libcrux_sha3_generic_keccak_keccak_e94(Eurydice_slice data[1U],Eurydice_slice out[1U])4195 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e94(
4196 Eurydice_slice data[1U], Eurydice_slice out[1U]) {
4197 libcrux_sha3_generic_keccak_KeccakState_48 s =
4198 libcrux_sha3_generic_keccak_new_1e_f4();
4199 for (size_t i = (size_t)0U;
4200 i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) {
4201 size_t i0 = i;
4202 libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s;
4203 /* Passing arrays by value in Rust generates a copy in C */
4204 Eurydice_slice copy_of_data[1U];
4205 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
4206 Eurydice_slice ret[1U];
4207 libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U,
4208 (size_t)168U, ret);
4209 libcrux_sha3_generic_keccak_absorb_block_df3(uu____0, ret);
4210 }
4211 size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U;
4212 libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s;
4213 /* Passing arrays by value in Rust generates a copy in C */
4214 Eurydice_slice copy_of_data[1U];
4215 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
4216 Eurydice_slice ret[1U];
4217 libcrux_sha3_portable_keccak_slice_n_5a(
4218 copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret);
4219 libcrux_sha3_generic_keccak_absorb_final_c72(uu____2, ret);
4220 size_t outlen = Eurydice_slice_len(out[0U], uint8_t);
4221 size_t blocks = outlen / (size_t)168U;
4222 size_t last = outlen - outlen % (size_t)168U;
4223 if (blocks == (size_t)0U) {
4224 libcrux_sha3_generic_keccak_squeeze_first_and_last_c53(&s, out);
4225 } else {
4226 Eurydice_slice_uint8_t_1size_t__x2 uu____4 =
4227 libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U);
4228 Eurydice_slice o0[1U];
4229 memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice));
4230 Eurydice_slice o1[1U];
4231 memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice));
4232 libcrux_sha3_generic_keccak_squeeze_first_block_841(&s, o0);
4233 core_ops_range_Range_b3 iter =
4234 core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
4235 (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
4236 .end = blocks}),
4237 core_ops_range_Range_b3, core_ops_range_Range_b3);
4238 while (true) {
4239 if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next(
4240 &iter, size_t, Option_b3)
4241 .tag == None) {
4242 break;
4243 } else {
4244 Eurydice_slice_uint8_t_1size_t__x2 uu____5 =
4245 libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)168U);
4246 Eurydice_slice o[1U];
4247 memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice));
4248 Eurydice_slice orest[1U];
4249 memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice));
4250 libcrux_sha3_generic_keccak_squeeze_next_block_fc1(&s, o);
4251 memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice));
4252 }
4253 }
4254 if (last < outlen) {
4255 libcrux_sha3_generic_keccak_squeeze_last_cf3(s, o1);
4256 }
4257 }
4258 }
4259
4260 /**
4261 A monomorphic instance of libcrux_sha3.portable.keccakx1
4262 with const generics
4263 - RATE= 168
4264 - DELIM= 31
4265 */
libcrux_sha3_portable_keccakx1_ce4(Eurydice_slice data[1U],Eurydice_slice out[1U])4266 static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce4(
4267 Eurydice_slice data[1U], Eurydice_slice out[1U]) {
4268 /* Passing arrays by value in Rust generates a copy in C */
4269 Eurydice_slice copy_of_data[1U];
4270 memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice));
4271 libcrux_sha3_generic_keccak_keccak_e94(copy_of_data, out);
4272 }
4273
4274 /**
4275 A portable SHAKE128 implementation.
4276 */
libcrux_sha3_portable_shake128(Eurydice_slice digest,Eurydice_slice data)4277 static KRML_MUSTINLINE void libcrux_sha3_portable_shake128(
4278 Eurydice_slice digest, Eurydice_slice data) {
4279 Eurydice_slice buf0[1U] = {data};
4280 Eurydice_slice buf[1U] = {digest};
4281 libcrux_sha3_portable_keccakx1_ce4(buf0, buf);
4282 }
4283
4284 /**
4285 SHAKE 128
4286
4287 Writes `out.len()` bytes.
4288 */
libcrux_sha3_shake128_ema(Eurydice_slice out,Eurydice_slice data)4289 static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out,
4290 Eurydice_slice data) {
4291 libcrux_sha3_portable_shake128(out, data);
4292 }
4293
4294 /**
4295 SHAKE 256
4296
4297 Writes `out.len()` bytes.
4298 */
libcrux_sha3_shake256_ema(Eurydice_slice out,Eurydice_slice data)4299 static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out,
4300 Eurydice_slice data) {
4301 libcrux_sha3_portable_shake256(out, data);
4302 }
4303
4304 static const size_t libcrux_sha3_generic_keccak__PI[24U] = {
4305 (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U,
4306 (size_t)9U, (size_t)10U, (size_t)16U, (size_t)22U, (size_t)1U,
4307 (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, (size_t)4U,
4308 (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U,
4309 (size_t)8U, (size_t)14U, (size_t)15U, (size_t)21U};
4310
4311 static const size_t libcrux_sha3_generic_keccak__ROTC[24U] = {
4312 (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U,
4313 (size_t)44U, (size_t)6U, (size_t)55U, (size_t)20U, (size_t)3U,
4314 (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, (size_t)41U,
4315 (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U,
4316 (size_t)2U, (size_t)61U, (size_t)56U, (size_t)14U};
4317
4318 /**
4319 A portable SHA3 224 implementation.
4320 */
libcrux_sha3_neon_sha224(Eurydice_slice digest,Eurydice_slice data)4321 static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest,
4322 Eurydice_slice data) {
4323 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
4324 "panic!");
4325 KRML_HOST_EXIT(255U);
4326 }
4327
4328 /**
4329 A portable SHA3 256 implementation.
4330 */
libcrux_sha3_neon_sha256(Eurydice_slice digest,Eurydice_slice data)4331 static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest,
4332 Eurydice_slice data) {
4333 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
4334 "panic!");
4335 KRML_HOST_EXIT(255U);
4336 }
4337
4338 /**
4339 A portable SHA3 384 implementation.
4340 */
libcrux_sha3_neon_sha384(Eurydice_slice digest,Eurydice_slice data)4341 static KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest,
4342 Eurydice_slice data) {
4343 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
4344 "panic!");
4345 KRML_HOST_EXIT(255U);
4346 }
4347
4348 /**
4349 A portable SHA3 512 implementation.
4350 */
libcrux_sha3_neon_sha512(Eurydice_slice digest,Eurydice_slice data)4351 static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest,
4352 Eurydice_slice data) {
4353 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
4354 "panic!");
4355 KRML_HOST_EXIT(255U);
4356 }
4357
4358 /**
4359 Run SHAKE256 on both inputs in parallel.
4360
4361 Writes the two results into `out0` and `out1`
4362 */
libcrux_sha3_neon_x2_shake256(Eurydice_slice input0,Eurydice_slice input1,Eurydice_slice out0,Eurydice_slice out1)4363 static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0,
4364 Eurydice_slice input1,
4365 Eurydice_slice out0,
4366 Eurydice_slice out1) {
4367 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
4368 "panic!");
4369 KRML_HOST_EXIT(255U);
4370 }
4371
4372 typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s {
4373 libcrux_sha3_generic_keccak_KeccakState_48 state[2U];
4374 } libcrux_sha3_neon_x2_incremental_KeccakState;
4375
4376 /**
4377 Initialise the `KeccakState2`.
4378 */
4379 static KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState
libcrux_sha3_neon_x2_incremental_shake128_init(void)4380 libcrux_sha3_neon_x2_incremental_shake128_init(void) {
4381 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
4382 "panic!");
4383 KRML_HOST_EXIT(255U);
4384 }
4385
4386 /**
4387 Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`.
4388 */
4389 static KRML_MUSTINLINE void
libcrux_sha3_neon_x2_incremental_shake128_absorb_final(libcrux_sha3_neon_x2_incremental_KeccakState * s,Eurydice_slice data0,Eurydice_slice data1)4390 libcrux_sha3_neon_x2_incremental_shake128_absorb_final(
4391 libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0,
4392 Eurydice_slice data1) {
4393 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
4394 "panic!");
4395 KRML_HOST_EXIT(255U);
4396 }
4397
4398 /**
4399 Squeeze 2 times the first three blocks in parallel in the
4400 [`KeccakState`] and return the output in `out0` and `out1`.
4401 */
4402 static KRML_MUSTINLINE void
libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(libcrux_sha3_neon_x2_incremental_KeccakState * s,Eurydice_slice out0,Eurydice_slice out1)4403 libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks(
4404 libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0,
4405 Eurydice_slice out1) {
4406 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
4407 "panic!");
4408 KRML_HOST_EXIT(255U);
4409 }
4410
4411 /**
4412 Squeeze 2 times the next block in parallel in the
4413 [`KeccakState`] and return the output in `out0` and `out1`.
4414 */
4415 static KRML_MUSTINLINE void
libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(libcrux_sha3_neon_x2_incremental_KeccakState * s,Eurydice_slice out0,Eurydice_slice out1)4416 libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block(
4417 libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0,
4418 Eurydice_slice out1) {
4419 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
4420 "panic!");
4421 KRML_HOST_EXIT(255U);
4422 }
4423
4424 /**
4425 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_five_blocks
4426 with types uint64_t
4427 with const generics
4428 - N= 1
4429 - RATE= 168
4430 */
4431 static KRML_MUSTINLINE void
libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out[1U])4432 libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f(
4433 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) {
4434 Eurydice_slice_uint8_t_1size_t__x2 uu____0 =
4435 libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U);
4436 Eurydice_slice o0[1U];
4437 memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice));
4438 Eurydice_slice o10[1U];
4439 memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice));
4440 libcrux_sha3_generic_keccak_squeeze_first_block_841(s, o0);
4441 Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
4442 libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U);
4443 Eurydice_slice o1[1U];
4444 memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
4445 Eurydice_slice o20[1U];
4446 memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice));
4447 libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o1);
4448 Eurydice_slice_uint8_t_1size_t__x2 uu____2 =
4449 libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U);
4450 Eurydice_slice o2[1U];
4451 memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice));
4452 Eurydice_slice o30[1U];
4453 memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice));
4454 libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o2);
4455 Eurydice_slice_uint8_t_1size_t__x2 uu____3 =
4456 libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U);
4457 Eurydice_slice o3[1U];
4458 memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice));
4459 Eurydice_slice o4[1U];
4460 memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice));
4461 libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o3);
4462 libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o4);
4463 }
4464
4465 /**
4466 Squeeze five blocks
4467 */
4468 static KRML_MUSTINLINE void
libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out0)4469 libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks(
4470 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) {
4471 Eurydice_slice buf[1U] = {out0};
4472 libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f(s, buf);
4473 }
4474
4475 /**
4476 Absorb some data for SHAKE-256 for the last time
4477 */
4478 static KRML_MUSTINLINE void
libcrux_sha3_portable_incremental_shake256_absorb_final(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice data)4479 libcrux_sha3_portable_incremental_shake256_absorb_final(
4480 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) {
4481 Eurydice_slice buf[1U] = {data};
4482 libcrux_sha3_generic_keccak_absorb_final_c71(s, buf);
4483 }
4484
4485 /**
4486 Create a new SHAKE-256 state object.
4487 */
4488 static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48
libcrux_sha3_portable_incremental_shake256_init(void)4489 libcrux_sha3_portable_incremental_shake256_init(void) {
4490 return libcrux_sha3_generic_keccak_new_1e_f4();
4491 }
4492
4493 /**
4494 Squeeze the first SHAKE-256 block
4495 */
4496 static KRML_MUSTINLINE void
libcrux_sha3_portable_incremental_shake256_squeeze_first_block(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out)4497 libcrux_sha3_portable_incremental_shake256_squeeze_first_block(
4498 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) {
4499 Eurydice_slice buf[1U] = {out};
4500 libcrux_sha3_generic_keccak_squeeze_first_block_840(s, buf);
4501 }
4502
4503 /**
4504 Squeeze the next SHAKE-256 block
4505 */
4506 static KRML_MUSTINLINE void
libcrux_sha3_portable_incremental_shake256_squeeze_next_block(libcrux_sha3_generic_keccak_KeccakState_48 * s,Eurydice_slice out)4507 libcrux_sha3_portable_incremental_shake256_squeeze_next_block(
4508 libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) {
4509 Eurydice_slice buf[1U] = {out};
4510 libcrux_sha3_generic_keccak_squeeze_next_block_fc0(s, buf);
4511 }
4512
4513 /**
4514 A monomorphic instance of libcrux_sha3.generic_keccak.KeccakXofState
4515 with types uint64_t
4516 with const generics
4517 - $1size_t
4518 - $136size_t
4519 */
4520 typedef struct libcrux_sha3_generic_keccak_KeccakXofState_4f_s {
4521 libcrux_sha3_generic_keccak_KeccakState_48 inner;
4522 uint8_t buf[1U][136U];
4523 size_t buf_len;
4524 bool sponge;
4525 } libcrux_sha3_generic_keccak_KeccakXofState_4f;
4526
4527 typedef libcrux_sha3_generic_keccak_KeccakXofState_4f
4528 libcrux_sha3_portable_incremental_Shake256Absorb;
4529
4530 /**
4531 Consume the internal buffer and the required amount of the input to pad to
4532 `RATE`.
4533
4534 Returns the `consumed` bytes from `inputs` if there's enough buffered
4535 content to consume, and `0` otherwise.
4536 If `consumed > 0` is returned, `self.buf` contains a full block to be
4537 loaded.
4538 */
4539 /**
4540 This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
4541 PARALLEL_LANES, RATE>[TraitClause@0]#2}
4542 */
4543 /**
4544 A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d
4545 with types uint64_t
4546 with const generics
4547 - PARALLEL_LANES= 1
4548 - RATE= 136
4549 */
libcrux_sha3_generic_keccak_fill_buffer_9d_b0(libcrux_sha3_generic_keccak_KeccakXofState_4f * self,Eurydice_slice inputs[1U])4550 static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b0(
4551 libcrux_sha3_generic_keccak_KeccakXofState_4f *self,
4552 Eurydice_slice inputs[1U]) {
4553 size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
4554 size_t consumed = (size_t)0U;
4555 if (self->buf_len > (size_t)0U) {
4556 if (self->buf_len + input_len >= (size_t)136U) {
4557 consumed = (size_t)136U - self->buf_len;
4558 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
4559 size_t i0 = i;
4560 Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
4561 (size_t)136U, self->buf[i0], self->buf_len, uint8_t, size_t);
4562 Eurydice_slice_copy(
4563 uu____0,
4564 Eurydice_slice_subslice_to(inputs[i0], consumed, uint8_t, size_t),
4565 uint8_t);
4566 }
4567 self->buf_len = self->buf_len + consumed;
4568 }
4569 }
4570 return consumed;
4571 }
4572
4573 /**
4574 This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
4575 PARALLEL_LANES, RATE>[TraitClause@0]#2}
4576 */
4577 /**
4578 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d
4579 with types uint64_t
4580 with const generics
4581 - PARALLEL_LANES= 1
4582 - RATE= 136
4583 */
libcrux_sha3_generic_keccak_absorb_full_9d_f8(libcrux_sha3_generic_keccak_KeccakXofState_4f * self,Eurydice_slice inputs[1U])4584 static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f8(
4585 libcrux_sha3_generic_keccak_KeccakXofState_4f *self,
4586 Eurydice_slice inputs[1U]) {
4587 libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self;
4588 /* Passing arrays by value in Rust generates a copy in C */
4589 Eurydice_slice copy_of_inputs0[1U];
4590 memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice));
4591 size_t input_consumed =
4592 libcrux_sha3_generic_keccak_fill_buffer_9d_b0(uu____0, copy_of_inputs0);
4593 if (input_consumed > (size_t)0U) {
4594 Eurydice_slice borrowed[1U];
4595 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
4596 uint8_t buf[136U] = {0U};
4597 borrowed[i] = core_array___Array_T__N__23__as_slice(
4598 (size_t)136U, buf, uint8_t, Eurydice_slice);
4599 }
4600 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
4601 size_t i0 = i;
4602 borrowed[i0] =
4603 Eurydice_array_to_slice((size_t)136U, self->buf[i0], uint8_t);
4604 }
4605 uint64_t(*uu____2)[5U] = self->inner.st;
4606 Eurydice_slice uu____3[1U];
4607 memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice));
4608 libcrux_sha3_portable_keccak_load_block_5a_b80(uu____2, uu____3);
4609 libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner);
4610 self->buf_len = (size_t)0U;
4611 }
4612 size_t input_to_consume =
4613 Eurydice_slice_len(inputs[0U], uint8_t) - input_consumed;
4614 size_t num_blocks = input_to_consume / (size_t)136U;
4615 size_t remainder = input_to_consume % (size_t)136U;
4616 for (size_t i = (size_t)0U; i < num_blocks; i++) {
4617 size_t i0 = i;
4618 uint64_t(*uu____4)[5U] = self->inner.st;
4619 /* Passing arrays by value in Rust generates a copy in C */
4620 Eurydice_slice copy_of_inputs[1U];
4621 memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
4622 Eurydice_slice ret[1U];
4623 libcrux_sha3_portable_keccak_slice_n_5a(
4624 copy_of_inputs, input_consumed + i0 * (size_t)136U, (size_t)136U, ret);
4625 libcrux_sha3_portable_keccak_load_block_5a_b80(uu____4, ret);
4626 libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner);
4627 }
4628 return remainder;
4629 }
4630
4631 /**
4632 Absorb
4633
4634 This function takes any number of bytes to absorb and buffers if it's not
4635 enough. The function assumes that all input slices in `blocks` have the same
4636 length.
4637
4638 Only a multiple of `RATE` blocks are absorbed.
4639 For the remaining bytes [`absorb_final`] needs to be called.
4640
4641 This works best with relatively small `inputs`.
4642 */
4643 /**
4644 This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
4645 PARALLEL_LANES, RATE>[TraitClause@0]#2}
4646 */
4647 /**
4648 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d
4649 with types uint64_t
4650 with const generics
4651 - PARALLEL_LANES= 1
4652 - RATE= 136
4653 */
libcrux_sha3_generic_keccak_absorb_9d_7b(libcrux_sha3_generic_keccak_KeccakXofState_4f * self,Eurydice_slice inputs[1U])4654 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b(
4655 libcrux_sha3_generic_keccak_KeccakXofState_4f *self,
4656 Eurydice_slice inputs[1U]) {
4657 libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self;
4658 /* Passing arrays by value in Rust generates a copy in C */
4659 Eurydice_slice copy_of_inputs[1U];
4660 memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
4661 size_t input_remainder_len =
4662 libcrux_sha3_generic_keccak_absorb_full_9d_f8(uu____0, copy_of_inputs);
4663 if (input_remainder_len > (size_t)0U) {
4664 size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
4665 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
4666 size_t i0 = i;
4667 Eurydice_slice uu____2 = Eurydice_array_to_subslice2(
4668 self->buf[i0], self->buf_len, self->buf_len + input_remainder_len,
4669 uint8_t);
4670 Eurydice_slice_copy(
4671 uu____2,
4672 Eurydice_slice_subslice_from(
4673 inputs[i0], input_len - input_remainder_len, uint8_t, size_t),
4674 uint8_t);
4675 }
4676 self->buf_len = self->buf_len + input_remainder_len;
4677 }
4678 }
4679
4680 /**
4681 Shake256 absorb
4682 */
4683 /**
4684 This function found in impl
4685 {(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for
4686 libcrux_sha3::portable::incremental::Shake256Absorb)#2}
4687 */
libcrux_sha3_portable_incremental_absorb_7d(libcrux_sha3_generic_keccak_KeccakXofState_4f * self,Eurydice_slice input)4688 static inline void libcrux_sha3_portable_incremental_absorb_7d(
4689 libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) {
4690 Eurydice_slice buf[1U] = {input};
4691 libcrux_sha3_generic_keccak_absorb_9d_7b(self, buf);
4692 }
4693
4694 typedef libcrux_sha3_generic_keccak_KeccakXofState_4f
4695 libcrux_sha3_portable_incremental_Shake256Squeeze;
4696
4697 /**
4698 Absorb a final block.
4699
4700 The `inputs` block may be empty. Everything in the `inputs` block beyond
4701 `RATE` bytes is ignored.
4702 */
4703 /**
4704 This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
4705 PARALLEL_LANES, RATE>[TraitClause@0]#2}
4706 */
4707 /**
4708 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d
4709 with types uint64_t
4710 with const generics
4711 - PARALLEL_LANES= 1
4712 - RATE= 136
4713 - DELIMITER= 31
4714 */
libcrux_sha3_generic_keccak_absorb_final_9d_25(libcrux_sha3_generic_keccak_KeccakXofState_4f * self,Eurydice_slice inputs[1U])4715 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_25(
4716 libcrux_sha3_generic_keccak_KeccakXofState_4f *self,
4717 Eurydice_slice inputs[1U]) {
4718 libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self;
4719 /* Passing arrays by value in Rust generates a copy in C */
4720 Eurydice_slice copy_of_inputs[1U];
4721 memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
4722 size_t input_remainder_len =
4723 libcrux_sha3_generic_keccak_absorb_full_9d_f8(uu____0, copy_of_inputs);
4724 size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
4725 uint8_t blocks[1U][200U] = {{0U}};
4726 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
4727 size_t i0 = i;
4728 if (self->buf_len > (size_t)0U) {
4729 Eurydice_slice uu____2 = Eurydice_array_to_subslice2(
4730 blocks[i0], (size_t)0U, self->buf_len, uint8_t);
4731 Eurydice_slice_copy(uu____2,
4732 Eurydice_array_to_subslice2(self->buf[i0], (size_t)0U,
4733 self->buf_len, uint8_t),
4734 uint8_t);
4735 }
4736 if (input_remainder_len > (size_t)0U) {
4737 Eurydice_slice uu____3 = Eurydice_array_to_subslice2(
4738 blocks[i0], self->buf_len, self->buf_len + input_remainder_len,
4739 uint8_t);
4740 Eurydice_slice_copy(
4741 uu____3,
4742 Eurydice_slice_subslice_from(
4743 inputs[i0], input_len - input_remainder_len, uint8_t, size_t),
4744 uint8_t);
4745 }
4746 blocks[i0][self->buf_len + input_remainder_len] = 31U;
4747 size_t uu____4 = i0;
4748 size_t uu____5 = (size_t)136U - (size_t)1U;
4749 blocks[uu____4][uu____5] = (uint32_t)blocks[uu____4][uu____5] | 128U;
4750 }
4751 uint64_t(*uu____6)[5U] = self->inner.st;
4752 uint8_t uu____7[1U][200U];
4753 memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U]));
4754 libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____6, uu____7);
4755 libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner);
4756 }
4757
4758 /**
4759 Shake256 absorb final
4760 */
4761 /**
4762 This function found in impl
4763 {(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for
4764 libcrux_sha3::portable::incremental::Shake256Absorb)#2}
4765 */
4766 static inline libcrux_sha3_generic_keccak_KeccakXofState_4f
libcrux_sha3_portable_incremental_absorb_final_7d(libcrux_sha3_generic_keccak_KeccakXofState_4f self,Eurydice_slice input)4767 libcrux_sha3_portable_incremental_absorb_final_7d(
4768 libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) {
4769 Eurydice_slice buf[1U] = {input};
4770 libcrux_sha3_generic_keccak_absorb_final_9d_25(&self, buf);
4771 return self;
4772 }
4773
4774 /**
4775 An all zero block
4776 */
4777 /**
4778 This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
4779 PARALLEL_LANES, RATE>[TraitClause@0]#2}
4780 */
4781 /**
4782 A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d
4783 with types uint64_t
4784 with const generics
4785 - PARALLEL_LANES= 1
4786 - RATE= 136
4787 */
libcrux_sha3_generic_keccak_zero_block_9d_e6(uint8_t ret[136U])4788 static inline void libcrux_sha3_generic_keccak_zero_block_9d_e6(
4789 uint8_t ret[136U]) {
4790 ret[0U] = 0U;
4791 ret[1U] = 0U;
4792 ret[2U] = 0U;
4793 ret[3U] = 0U;
4794 ret[4U] = 0U;
4795 ret[5U] = 0U;
4796 ret[6U] = 0U;
4797 ret[7U] = 0U;
4798 ret[8U] = 0U;
4799 ret[9U] = 0U;
4800 ret[10U] = 0U;
4801 ret[11U] = 0U;
4802 ret[12U] = 0U;
4803 ret[13U] = 0U;
4804 ret[14U] = 0U;
4805 ret[15U] = 0U;
4806 ret[16U] = 0U;
4807 ret[17U] = 0U;
4808 ret[18U] = 0U;
4809 ret[19U] = 0U;
4810 ret[20U] = 0U;
4811 ret[21U] = 0U;
4812 ret[22U] = 0U;
4813 ret[23U] = 0U;
4814 ret[24U] = 0U;
4815 ret[25U] = 0U;
4816 ret[26U] = 0U;
4817 ret[27U] = 0U;
4818 ret[28U] = 0U;
4819 ret[29U] = 0U;
4820 ret[30U] = 0U;
4821 ret[31U] = 0U;
4822 ret[32U] = 0U;
4823 ret[33U] = 0U;
4824 ret[34U] = 0U;
4825 ret[35U] = 0U;
4826 ret[36U] = 0U;
4827 ret[37U] = 0U;
4828 ret[38U] = 0U;
4829 ret[39U] = 0U;
4830 ret[40U] = 0U;
4831 ret[41U] = 0U;
4832 ret[42U] = 0U;
4833 ret[43U] = 0U;
4834 ret[44U] = 0U;
4835 ret[45U] = 0U;
4836 ret[46U] = 0U;
4837 ret[47U] = 0U;
4838 ret[48U] = 0U;
4839 ret[49U] = 0U;
4840 ret[50U] = 0U;
4841 ret[51U] = 0U;
4842 ret[52U] = 0U;
4843 ret[53U] = 0U;
4844 ret[54U] = 0U;
4845 ret[55U] = 0U;
4846 ret[56U] = 0U;
4847 ret[57U] = 0U;
4848 ret[58U] = 0U;
4849 ret[59U] = 0U;
4850 ret[60U] = 0U;
4851 ret[61U] = 0U;
4852 ret[62U] = 0U;
4853 ret[63U] = 0U;
4854 ret[64U] = 0U;
4855 ret[65U] = 0U;
4856 ret[66U] = 0U;
4857 ret[67U] = 0U;
4858 ret[68U] = 0U;
4859 ret[69U] = 0U;
4860 ret[70U] = 0U;
4861 ret[71U] = 0U;
4862 ret[72U] = 0U;
4863 ret[73U] = 0U;
4864 ret[74U] = 0U;
4865 ret[75U] = 0U;
4866 ret[76U] = 0U;
4867 ret[77U] = 0U;
4868 ret[78U] = 0U;
4869 ret[79U] = 0U;
4870 ret[80U] = 0U;
4871 ret[81U] = 0U;
4872 ret[82U] = 0U;
4873 ret[83U] = 0U;
4874 ret[84U] = 0U;
4875 ret[85U] = 0U;
4876 ret[86U] = 0U;
4877 ret[87U] = 0U;
4878 ret[88U] = 0U;
4879 ret[89U] = 0U;
4880 ret[90U] = 0U;
4881 ret[91U] = 0U;
4882 ret[92U] = 0U;
4883 ret[93U] = 0U;
4884 ret[94U] = 0U;
4885 ret[95U] = 0U;
4886 ret[96U] = 0U;
4887 ret[97U] = 0U;
4888 ret[98U] = 0U;
4889 ret[99U] = 0U;
4890 ret[100U] = 0U;
4891 ret[101U] = 0U;
4892 ret[102U] = 0U;
4893 ret[103U] = 0U;
4894 ret[104U] = 0U;
4895 ret[105U] = 0U;
4896 ret[106U] = 0U;
4897 ret[107U] = 0U;
4898 ret[108U] = 0U;
4899 ret[109U] = 0U;
4900 ret[110U] = 0U;
4901 ret[111U] = 0U;
4902 ret[112U] = 0U;
4903 ret[113U] = 0U;
4904 ret[114U] = 0U;
4905 ret[115U] = 0U;
4906 ret[116U] = 0U;
4907 ret[117U] = 0U;
4908 ret[118U] = 0U;
4909 ret[119U] = 0U;
4910 ret[120U] = 0U;
4911 ret[121U] = 0U;
4912 ret[122U] = 0U;
4913 ret[123U] = 0U;
4914 ret[124U] = 0U;
4915 ret[125U] = 0U;
4916 ret[126U] = 0U;
4917 ret[127U] = 0U;
4918 ret[128U] = 0U;
4919 ret[129U] = 0U;
4920 ret[130U] = 0U;
4921 ret[131U] = 0U;
4922 ret[132U] = 0U;
4923 ret[133U] = 0U;
4924 ret[134U] = 0U;
4925 ret[135U] = 0U;
4926 }
4927
4928 /**
4929 Generate a new keccak xof state.
4930 */
4931 /**
4932 This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
4933 PARALLEL_LANES, RATE>[TraitClause@0]#2}
4934 */
4935 /**
4936 A monomorphic instance of libcrux_sha3.generic_keccak.new_9d
4937 with types uint64_t
4938 with const generics
4939 - PARALLEL_LANES= 1
4940 - RATE= 136
4941 */
4942 static inline libcrux_sha3_generic_keccak_KeccakXofState_4f
libcrux_sha3_generic_keccak_new_9d_7e(void)4943 libcrux_sha3_generic_keccak_new_9d_7e(void) {
4944 libcrux_sha3_generic_keccak_KeccakXofState_4f lit;
4945 lit.inner = libcrux_sha3_generic_keccak_new_1e_f4();
4946 uint8_t ret[136U];
4947 libcrux_sha3_generic_keccak_zero_block_9d_e6(ret);
4948 memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t));
4949 lit.buf_len = (size_t)0U;
4950 lit.sponge = false;
4951 return lit;
4952 }
4953
4954 /**
4955 Shake256 new state
4956 */
4957 /**
4958 This function found in impl
4959 {(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for
4960 libcrux_sha3::portable::incremental::Shake256Absorb)#2}
4961 */
4962 static inline libcrux_sha3_generic_keccak_KeccakXofState_4f
libcrux_sha3_portable_incremental_new_7d(void)4963 libcrux_sha3_portable_incremental_new_7d(void) {
4964 return libcrux_sha3_generic_keccak_new_9d_7e();
4965 }
4966
4967 /**
4968 A monomorphic instance of libcrux_sha3.generic_keccak.KeccakXofState
4969 with types uint64_t
4970 with const generics
4971 - $1size_t
4972 - $168size_t
4973 */
4974 typedef struct libcrux_sha3_generic_keccak_KeccakXofState_78_s {
4975 libcrux_sha3_generic_keccak_KeccakState_48 inner;
4976 uint8_t buf[1U][168U];
4977 size_t buf_len;
4978 bool sponge;
4979 } libcrux_sha3_generic_keccak_KeccakXofState_78;
4980
4981 typedef libcrux_sha3_generic_keccak_KeccakXofState_78
4982 libcrux_sha3_portable_incremental_Shake128Absorb;
4983
4984 /**
4985 Consume the internal buffer and the required amount of the input to pad to
4986 `RATE`.
4987
4988 Returns the `consumed` bytes from `inputs` if there's enough buffered
4989 content to consume, and `0` otherwise.
4990 If `consumed > 0` is returned, `self.buf` contains a full block to be
4991 loaded.
4992 */
4993 /**
4994 This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
4995 PARALLEL_LANES, RATE>[TraitClause@0]#2}
4996 */
4997 /**
4998 A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d
4999 with types uint64_t
5000 with const generics
5001 - PARALLEL_LANES= 1
5002 - RATE= 168
5003 */
libcrux_sha3_generic_keccak_fill_buffer_9d_b00(libcrux_sha3_generic_keccak_KeccakXofState_78 * self,Eurydice_slice inputs[1U])5004 static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b00(
5005 libcrux_sha3_generic_keccak_KeccakXofState_78 *self,
5006 Eurydice_slice inputs[1U]) {
5007 size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
5008 size_t consumed = (size_t)0U;
5009 if (self->buf_len > (size_t)0U) {
5010 if (self->buf_len + input_len >= (size_t)168U) {
5011 consumed = (size_t)168U - self->buf_len;
5012 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
5013 size_t i0 = i;
5014 Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
5015 (size_t)168U, self->buf[i0], self->buf_len, uint8_t, size_t);
5016 Eurydice_slice_copy(
5017 uu____0,
5018 Eurydice_slice_subslice_to(inputs[i0], consumed, uint8_t, size_t),
5019 uint8_t);
5020 }
5021 self->buf_len = self->buf_len + consumed;
5022 }
5023 }
5024 return consumed;
5025 }
5026
5027 /**
5028 This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
5029 PARALLEL_LANES, RATE>[TraitClause@0]#2}
5030 */
5031 /**
5032 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d
5033 with types uint64_t
5034 with const generics
5035 - PARALLEL_LANES= 1
5036 - RATE= 168
5037 */
libcrux_sha3_generic_keccak_absorb_full_9d_f80(libcrux_sha3_generic_keccak_KeccakXofState_78 * self,Eurydice_slice inputs[1U])5038 static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f80(
5039 libcrux_sha3_generic_keccak_KeccakXofState_78 *self,
5040 Eurydice_slice inputs[1U]) {
5041 libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self;
5042 /* Passing arrays by value in Rust generates a copy in C */
5043 Eurydice_slice copy_of_inputs0[1U];
5044 memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice));
5045 size_t input_consumed =
5046 libcrux_sha3_generic_keccak_fill_buffer_9d_b00(uu____0, copy_of_inputs0);
5047 if (input_consumed > (size_t)0U) {
5048 Eurydice_slice borrowed[1U];
5049 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
5050 uint8_t buf[168U] = {0U};
5051 borrowed[i] = core_array___Array_T__N__23__as_slice(
5052 (size_t)168U, buf, uint8_t, Eurydice_slice);
5053 }
5054 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
5055 size_t i0 = i;
5056 borrowed[i0] =
5057 Eurydice_array_to_slice((size_t)168U, self->buf[i0], uint8_t);
5058 }
5059 uint64_t(*uu____2)[5U] = self->inner.st;
5060 Eurydice_slice uu____3[1U];
5061 memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice));
5062 libcrux_sha3_portable_keccak_load_block_5a_b83(uu____2, uu____3);
5063 libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner);
5064 self->buf_len = (size_t)0U;
5065 }
5066 size_t input_to_consume =
5067 Eurydice_slice_len(inputs[0U], uint8_t) - input_consumed;
5068 size_t num_blocks = input_to_consume / (size_t)168U;
5069 size_t remainder = input_to_consume % (size_t)168U;
5070 for (size_t i = (size_t)0U; i < num_blocks; i++) {
5071 size_t i0 = i;
5072 uint64_t(*uu____4)[5U] = self->inner.st;
5073 /* Passing arrays by value in Rust generates a copy in C */
5074 Eurydice_slice copy_of_inputs[1U];
5075 memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
5076 Eurydice_slice ret[1U];
5077 libcrux_sha3_portable_keccak_slice_n_5a(
5078 copy_of_inputs, input_consumed + i0 * (size_t)168U, (size_t)168U, ret);
5079 libcrux_sha3_portable_keccak_load_block_5a_b83(uu____4, ret);
5080 libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner);
5081 }
5082 return remainder;
5083 }
5084
5085 /**
5086 Absorb
5087
5088 This function takes any number of bytes to absorb and buffers if it's not
5089 enough. The function assumes that all input slices in `blocks` have the same
5090 length.
5091
5092 Only a multiple of `RATE` blocks are absorbed.
5093 For the remaining bytes [`absorb_final`] needs to be called.
5094
5095 This works best with relatively small `inputs`.
5096 */
5097 /**
5098 This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
5099 PARALLEL_LANES, RATE>[TraitClause@0]#2}
5100 */
5101 /**
5102 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d
5103 with types uint64_t
5104 with const generics
5105 - PARALLEL_LANES= 1
5106 - RATE= 168
5107 */
libcrux_sha3_generic_keccak_absorb_9d_7b0(libcrux_sha3_generic_keccak_KeccakXofState_78 * self,Eurydice_slice inputs[1U])5108 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b0(
5109 libcrux_sha3_generic_keccak_KeccakXofState_78 *self,
5110 Eurydice_slice inputs[1U]) {
5111 libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self;
5112 /* Passing arrays by value in Rust generates a copy in C */
5113 Eurydice_slice copy_of_inputs[1U];
5114 memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
5115 size_t input_remainder_len =
5116 libcrux_sha3_generic_keccak_absorb_full_9d_f80(uu____0, copy_of_inputs);
5117 if (input_remainder_len > (size_t)0U) {
5118 size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
5119 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
5120 size_t i0 = i;
5121 Eurydice_slice uu____2 = Eurydice_array_to_subslice2(
5122 self->buf[i0], self->buf_len, self->buf_len + input_remainder_len,
5123 uint8_t);
5124 Eurydice_slice_copy(
5125 uu____2,
5126 Eurydice_slice_subslice_from(
5127 inputs[i0], input_len - input_remainder_len, uint8_t, size_t),
5128 uint8_t);
5129 }
5130 self->buf_len = self->buf_len + input_remainder_len;
5131 }
5132 }
5133
5134 /**
5135 This function found in impl
5136 {(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for
5137 libcrux_sha3::portable::incremental::Shake128Absorb)}
5138 */
libcrux_sha3_portable_incremental_absorb_1c(libcrux_sha3_generic_keccak_KeccakXofState_78 * self,Eurydice_slice input)5139 static inline void libcrux_sha3_portable_incremental_absorb_1c(
5140 libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) {
5141 Eurydice_slice buf[1U] = {input};
5142 libcrux_sha3_generic_keccak_absorb_9d_7b0(self, buf);
5143 }
5144
5145 typedef libcrux_sha3_generic_keccak_KeccakXofState_78
5146 libcrux_sha3_portable_incremental_Shake128Squeeze;
5147
5148 /**
5149 Absorb a final block.
5150
5151 The `inputs` block may be empty. Everything in the `inputs` block beyond
5152 `RATE` bytes is ignored.
5153 */
5154 /**
5155 This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
5156 PARALLEL_LANES, RATE>[TraitClause@0]#2}
5157 */
5158 /**
5159 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d
5160 with types uint64_t
5161 with const generics
5162 - PARALLEL_LANES= 1
5163 - RATE= 168
5164 - DELIMITER= 31
5165 */
libcrux_sha3_generic_keccak_absorb_final_9d_250(libcrux_sha3_generic_keccak_KeccakXofState_78 * self,Eurydice_slice inputs[1U])5166 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_250(
5167 libcrux_sha3_generic_keccak_KeccakXofState_78 *self,
5168 Eurydice_slice inputs[1U]) {
5169 libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self;
5170 /* Passing arrays by value in Rust generates a copy in C */
5171 Eurydice_slice copy_of_inputs[1U];
5172 memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice));
5173 size_t input_remainder_len =
5174 libcrux_sha3_generic_keccak_absorb_full_9d_f80(uu____0, copy_of_inputs);
5175 size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
5176 uint8_t blocks[1U][200U] = {{0U}};
5177 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
5178 size_t i0 = i;
5179 if (self->buf_len > (size_t)0U) {
5180 Eurydice_slice uu____2 = Eurydice_array_to_subslice2(
5181 blocks[i0], (size_t)0U, self->buf_len, uint8_t);
5182 Eurydice_slice_copy(uu____2,
5183 Eurydice_array_to_subslice2(self->buf[i0], (size_t)0U,
5184 self->buf_len, uint8_t),
5185 uint8_t);
5186 }
5187 if (input_remainder_len > (size_t)0U) {
5188 Eurydice_slice uu____3 = Eurydice_array_to_subslice2(
5189 blocks[i0], self->buf_len, self->buf_len + input_remainder_len,
5190 uint8_t);
5191 Eurydice_slice_copy(
5192 uu____3,
5193 Eurydice_slice_subslice_from(
5194 inputs[i0], input_len - input_remainder_len, uint8_t, size_t),
5195 uint8_t);
5196 }
5197 blocks[i0][self->buf_len + input_remainder_len] = 31U;
5198 size_t uu____4 = i0;
5199 size_t uu____5 = (size_t)168U - (size_t)1U;
5200 blocks[uu____4][uu____5] = (uint32_t)blocks[uu____4][uu____5] | 128U;
5201 }
5202 uint64_t(*uu____6)[5U] = self->inner.st;
5203 uint8_t uu____7[1U][200U];
5204 memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U]));
5205 libcrux_sha3_portable_keccak_load_block_full_5a_d21(uu____6, uu____7);
5206 libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner);
5207 }
5208
5209 /**
5210 This function found in impl
5211 {(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for
5212 libcrux_sha3::portable::incremental::Shake128Absorb)}
5213 */
5214 static inline libcrux_sha3_generic_keccak_KeccakXofState_78
libcrux_sha3_portable_incremental_absorb_final_1c(libcrux_sha3_generic_keccak_KeccakXofState_78 self,Eurydice_slice input)5215 libcrux_sha3_portable_incremental_absorb_final_1c(
5216 libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) {
5217 Eurydice_slice buf[1U] = {input};
5218 libcrux_sha3_generic_keccak_absorb_final_9d_250(&self, buf);
5219 return self;
5220 }
5221
5222 /**
5223 An all zero block
5224 */
5225 /**
5226 This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
5227 PARALLEL_LANES, RATE>[TraitClause@0]#2}
5228 */
5229 /**
5230 A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d
5231 with types uint64_t
5232 with const generics
5233 - PARALLEL_LANES= 1
5234 - RATE= 168
5235 */
libcrux_sha3_generic_keccak_zero_block_9d_e60(uint8_t ret[168U])5236 static inline void libcrux_sha3_generic_keccak_zero_block_9d_e60(
5237 uint8_t ret[168U]) {
5238 ret[0U] = 0U;
5239 ret[1U] = 0U;
5240 ret[2U] = 0U;
5241 ret[3U] = 0U;
5242 ret[4U] = 0U;
5243 ret[5U] = 0U;
5244 ret[6U] = 0U;
5245 ret[7U] = 0U;
5246 ret[8U] = 0U;
5247 ret[9U] = 0U;
5248 ret[10U] = 0U;
5249 ret[11U] = 0U;
5250 ret[12U] = 0U;
5251 ret[13U] = 0U;
5252 ret[14U] = 0U;
5253 ret[15U] = 0U;
5254 ret[16U] = 0U;
5255 ret[17U] = 0U;
5256 ret[18U] = 0U;
5257 ret[19U] = 0U;
5258 ret[20U] = 0U;
5259 ret[21U] = 0U;
5260 ret[22U] = 0U;
5261 ret[23U] = 0U;
5262 ret[24U] = 0U;
5263 ret[25U] = 0U;
5264 ret[26U] = 0U;
5265 ret[27U] = 0U;
5266 ret[28U] = 0U;
5267 ret[29U] = 0U;
5268 ret[30U] = 0U;
5269 ret[31U] = 0U;
5270 ret[32U] = 0U;
5271 ret[33U] = 0U;
5272 ret[34U] = 0U;
5273 ret[35U] = 0U;
5274 ret[36U] = 0U;
5275 ret[37U] = 0U;
5276 ret[38U] = 0U;
5277 ret[39U] = 0U;
5278 ret[40U] = 0U;
5279 ret[41U] = 0U;
5280 ret[42U] = 0U;
5281 ret[43U] = 0U;
5282 ret[44U] = 0U;
5283 ret[45U] = 0U;
5284 ret[46U] = 0U;
5285 ret[47U] = 0U;
5286 ret[48U] = 0U;
5287 ret[49U] = 0U;
5288 ret[50U] = 0U;
5289 ret[51U] = 0U;
5290 ret[52U] = 0U;
5291 ret[53U] = 0U;
5292 ret[54U] = 0U;
5293 ret[55U] = 0U;
5294 ret[56U] = 0U;
5295 ret[57U] = 0U;
5296 ret[58U] = 0U;
5297 ret[59U] = 0U;
5298 ret[60U] = 0U;
5299 ret[61U] = 0U;
5300 ret[62U] = 0U;
5301 ret[63U] = 0U;
5302 ret[64U] = 0U;
5303 ret[65U] = 0U;
5304 ret[66U] = 0U;
5305 ret[67U] = 0U;
5306 ret[68U] = 0U;
5307 ret[69U] = 0U;
5308 ret[70U] = 0U;
5309 ret[71U] = 0U;
5310 ret[72U] = 0U;
5311 ret[73U] = 0U;
5312 ret[74U] = 0U;
5313 ret[75U] = 0U;
5314 ret[76U] = 0U;
5315 ret[77U] = 0U;
5316 ret[78U] = 0U;
5317 ret[79U] = 0U;
5318 ret[80U] = 0U;
5319 ret[81U] = 0U;
5320 ret[82U] = 0U;
5321 ret[83U] = 0U;
5322 ret[84U] = 0U;
5323 ret[85U] = 0U;
5324 ret[86U] = 0U;
5325 ret[87U] = 0U;
5326 ret[88U] = 0U;
5327 ret[89U] = 0U;
5328 ret[90U] = 0U;
5329 ret[91U] = 0U;
5330 ret[92U] = 0U;
5331 ret[93U] = 0U;
5332 ret[94U] = 0U;
5333 ret[95U] = 0U;
5334 ret[96U] = 0U;
5335 ret[97U] = 0U;
5336 ret[98U] = 0U;
5337 ret[99U] = 0U;
5338 ret[100U] = 0U;
5339 ret[101U] = 0U;
5340 ret[102U] = 0U;
5341 ret[103U] = 0U;
5342 ret[104U] = 0U;
5343 ret[105U] = 0U;
5344 ret[106U] = 0U;
5345 ret[107U] = 0U;
5346 ret[108U] = 0U;
5347 ret[109U] = 0U;
5348 ret[110U] = 0U;
5349 ret[111U] = 0U;
5350 ret[112U] = 0U;
5351 ret[113U] = 0U;
5352 ret[114U] = 0U;
5353 ret[115U] = 0U;
5354 ret[116U] = 0U;
5355 ret[117U] = 0U;
5356 ret[118U] = 0U;
5357 ret[119U] = 0U;
5358 ret[120U] = 0U;
5359 ret[121U] = 0U;
5360 ret[122U] = 0U;
5361 ret[123U] = 0U;
5362 ret[124U] = 0U;
5363 ret[125U] = 0U;
5364 ret[126U] = 0U;
5365 ret[127U] = 0U;
5366 ret[128U] = 0U;
5367 ret[129U] = 0U;
5368 ret[130U] = 0U;
5369 ret[131U] = 0U;
5370 ret[132U] = 0U;
5371 ret[133U] = 0U;
5372 ret[134U] = 0U;
5373 ret[135U] = 0U;
5374 ret[136U] = 0U;
5375 ret[137U] = 0U;
5376 ret[138U] = 0U;
5377 ret[139U] = 0U;
5378 ret[140U] = 0U;
5379 ret[141U] = 0U;
5380 ret[142U] = 0U;
5381 ret[143U] = 0U;
5382 ret[144U] = 0U;
5383 ret[145U] = 0U;
5384 ret[146U] = 0U;
5385 ret[147U] = 0U;
5386 ret[148U] = 0U;
5387 ret[149U] = 0U;
5388 ret[150U] = 0U;
5389 ret[151U] = 0U;
5390 ret[152U] = 0U;
5391 ret[153U] = 0U;
5392 ret[154U] = 0U;
5393 ret[155U] = 0U;
5394 ret[156U] = 0U;
5395 ret[157U] = 0U;
5396 ret[158U] = 0U;
5397 ret[159U] = 0U;
5398 ret[160U] = 0U;
5399 ret[161U] = 0U;
5400 ret[162U] = 0U;
5401 ret[163U] = 0U;
5402 ret[164U] = 0U;
5403 ret[165U] = 0U;
5404 ret[166U] = 0U;
5405 ret[167U] = 0U;
5406 }
5407
5408 /**
5409 Generate a new keccak xof state.
5410 */
5411 /**
5412 This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
5413 PARALLEL_LANES, RATE>[TraitClause@0]#2}
5414 */
5415 /**
5416 A monomorphic instance of libcrux_sha3.generic_keccak.new_9d
5417 with types uint64_t
5418 with const generics
5419 - PARALLEL_LANES= 1
5420 - RATE= 168
5421 */
5422 static inline libcrux_sha3_generic_keccak_KeccakXofState_78
libcrux_sha3_generic_keccak_new_9d_7e0(void)5423 libcrux_sha3_generic_keccak_new_9d_7e0(void) {
5424 libcrux_sha3_generic_keccak_KeccakXofState_78 lit;
5425 lit.inner = libcrux_sha3_generic_keccak_new_1e_f4();
5426 uint8_t ret[168U];
5427 libcrux_sha3_generic_keccak_zero_block_9d_e60(ret);
5428 memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t));
5429 lit.buf_len = (size_t)0U;
5430 lit.sponge = false;
5431 return lit;
5432 }
5433
5434 /**
5435 This function found in impl
5436 {(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for
5437 libcrux_sha3::portable::incremental::Shake128Absorb)}
5438 */
5439 static inline libcrux_sha3_generic_keccak_KeccakXofState_78
libcrux_sha3_portable_incremental_new_1c(void)5440 libcrux_sha3_portable_incremental_new_1c(void) {
5441 return libcrux_sha3_generic_keccak_new_9d_7e0();
5442 }
5443
5444 /**
5445 `out` has the exact size we want here. It must be less than or equal to `RATE`.
5446 */
5447 /**
5448 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
5449 usize> for u64)}
5450 */
5451 /**
5452 A monomorphic instance of libcrux_sha3.portable_keccak.store_5a
5453 with const generics
5454 - RATE= 136
5455 */
libcrux_sha3_portable_keccak_store_5a_1c(uint64_t (* state)[5U],Eurydice_slice out[1U])5456 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_1c(
5457 uint64_t (*state)[5U], Eurydice_slice out[1U]) {
5458 size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U;
5459 size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U;
5460 for (size_t i = (size_t)0U; i < num_full_blocks; i++) {
5461 size_t i0 = i;
5462 Eurydice_slice uu____0 = Eurydice_slice_subslice2(
5463 out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t);
5464 uint8_t ret[8U];
5465 core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret);
5466 Eurydice_slice_copy(
5467 uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
5468 }
5469 if (last_block_len != (size_t)0U) {
5470 Eurydice_slice uu____1 = Eurydice_slice_subslice2(
5471 out[0U], num_full_blocks * (size_t)8U,
5472 num_full_blocks * (size_t)8U + last_block_len, uint8_t);
5473 uint8_t ret[8U];
5474 core_num__u64_9__to_le_bytes(
5475 state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret);
5476 Eurydice_slice_copy(
5477 uu____1,
5478 Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t),
5479 uint8_t);
5480 }
5481 }
5482
5483 /**
5484 Squeeze `N` x `LEN` bytes.
5485 */
5486 /**
5487 This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
5488 PARALLEL_LANES, RATE>[TraitClause@0]#2}
5489 */
5490 /**
5491 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d
5492 with types uint64_t
5493 with const generics
5494 - PARALLEL_LANES= 1
5495 - RATE= 136
5496 */
libcrux_sha3_generic_keccak_squeeze_9d_96(libcrux_sha3_generic_keccak_KeccakXofState_4f * self,Eurydice_slice out[1U])5497 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_96(
5498 libcrux_sha3_generic_keccak_KeccakXofState_4f *self,
5499 Eurydice_slice out[1U]) {
5500 if (self->sponge) {
5501 libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner);
5502 }
5503 size_t out_len = Eurydice_slice_len(out[0U], uint8_t);
5504 size_t blocks = out_len / (size_t)136U;
5505 size_t last = out_len - out_len % (size_t)136U;
5506 size_t mid;
5507 if ((size_t)136U >= out_len) {
5508 mid = out_len;
5509 } else {
5510 mid = (size_t)136U;
5511 }
5512 Eurydice_slice_uint8_t_1size_t__x2 uu____0 =
5513 libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, mid);
5514 Eurydice_slice out00[1U];
5515 memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice));
5516 Eurydice_slice out_rest[1U];
5517 memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice));
5518 libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out00);
5519 core_ops_range_Range_b3 iter =
5520 core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
5521 (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
5522 .end = blocks}),
5523 core_ops_range_Range_b3, core_ops_range_Range_b3);
5524 while (true) {
5525 if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next(
5526 &iter, size_t, Option_b3)
5527 .tag == None) {
5528 break;
5529 } else {
5530 Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
5531 libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest,
5532 (size_t)136U);
5533 Eurydice_slice out0[1U];
5534 memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
5535 Eurydice_slice tmp[1U];
5536 memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice));
5537 libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner);
5538 libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out0);
5539 memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice));
5540 }
5541 }
5542 if (last < out_len) {
5543 libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner);
5544 libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out_rest);
5545 }
5546 self->sponge = true;
5547 }
5548
5549 /**
5550 Shake256 squeeze
5551 */
5552 /**
5553 This function found in impl
5554 {(libcrux_sha3::portable::incremental::XofSqueeze<136: usize> for
5555 libcrux_sha3::portable::incremental::Shake256Squeeze)#3}
5556 */
libcrux_sha3_portable_incremental_squeeze_8a(libcrux_sha3_generic_keccak_KeccakXofState_4f * self,Eurydice_slice out)5557 static inline void libcrux_sha3_portable_incremental_squeeze_8a(
5558 libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) {
5559 Eurydice_slice buf[1U] = {out};
5560 libcrux_sha3_generic_keccak_squeeze_9d_96(self, buf);
5561 }
5562
5563 /**
5564 `out` has the exact size we want here. It must be less than or equal to `RATE`.
5565 */
5566 /**
5567 This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1:
5568 usize> for u64)}
5569 */
5570 /**
5571 A monomorphic instance of libcrux_sha3.portable_keccak.store_5a
5572 with const generics
5573 - RATE= 168
5574 */
libcrux_sha3_portable_keccak_store_5a_1c0(uint64_t (* state)[5U],Eurydice_slice out[1U])5575 static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_1c0(
5576 uint64_t (*state)[5U], Eurydice_slice out[1U]) {
5577 size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U;
5578 size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U;
5579 for (size_t i = (size_t)0U; i < num_full_blocks; i++) {
5580 size_t i0 = i;
5581 Eurydice_slice uu____0 = Eurydice_slice_subslice2(
5582 out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t);
5583 uint8_t ret[8U];
5584 core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret);
5585 Eurydice_slice_copy(
5586 uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
5587 }
5588 if (last_block_len != (size_t)0U) {
5589 Eurydice_slice uu____1 = Eurydice_slice_subslice2(
5590 out[0U], num_full_blocks * (size_t)8U,
5591 num_full_blocks * (size_t)8U + last_block_len, uint8_t);
5592 uint8_t ret[8U];
5593 core_num__u64_9__to_le_bytes(
5594 state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret);
5595 Eurydice_slice_copy(
5596 uu____1,
5597 Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t),
5598 uint8_t);
5599 }
5600 }
5601
5602 /**
5603 Squeeze `N` x `LEN` bytes.
5604 */
5605 /**
5606 This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState<STATE,
5607 PARALLEL_LANES, RATE>[TraitClause@0]#2}
5608 */
5609 /**
5610 A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d
5611 with types uint64_t
5612 with const generics
5613 - PARALLEL_LANES= 1
5614 - RATE= 168
5615 */
libcrux_sha3_generic_keccak_squeeze_9d_960(libcrux_sha3_generic_keccak_KeccakXofState_78 * self,Eurydice_slice out[1U])5616 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_960(
5617 libcrux_sha3_generic_keccak_KeccakXofState_78 *self,
5618 Eurydice_slice out[1U]) {
5619 if (self->sponge) {
5620 libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner);
5621 }
5622 size_t out_len = Eurydice_slice_len(out[0U], uint8_t);
5623 size_t blocks = out_len / (size_t)168U;
5624 size_t last = out_len - out_len % (size_t)168U;
5625 size_t mid;
5626 if ((size_t)168U >= out_len) {
5627 mid = out_len;
5628 } else {
5629 mid = (size_t)168U;
5630 }
5631 Eurydice_slice_uint8_t_1size_t__x2 uu____0 =
5632 libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, mid);
5633 Eurydice_slice out00[1U];
5634 memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice));
5635 Eurydice_slice out_rest[1U];
5636 memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice));
5637 libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out00);
5638 core_ops_range_Range_b3 iter =
5639 core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
5640 (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U,
5641 .end = blocks}),
5642 core_ops_range_Range_b3, core_ops_range_Range_b3);
5643 while (true) {
5644 if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next(
5645 &iter, size_t, Option_b3)
5646 .tag == None) {
5647 break;
5648 } else {
5649 Eurydice_slice_uint8_t_1size_t__x2 uu____1 =
5650 libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest,
5651 (size_t)168U);
5652 Eurydice_slice out0[1U];
5653 memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice));
5654 Eurydice_slice tmp[1U];
5655 memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice));
5656 libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner);
5657 libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out0);
5658 memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice));
5659 }
5660 }
5661 if (last < out_len) {
5662 libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner);
5663 libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out_rest);
5664 }
5665 self->sponge = true;
5666 }
5667
5668 /**
5669 Shake128 squeeze
5670 */
5671 /**
5672 This function found in impl
5673 {(libcrux_sha3::portable::incremental::XofSqueeze<168: usize> for
5674 libcrux_sha3::portable::incremental::Shake128Squeeze)#1}
5675 */
libcrux_sha3_portable_incremental_squeeze_10(libcrux_sha3_generic_keccak_KeccakXofState_78 * self,Eurydice_slice out)5676 static inline void libcrux_sha3_portable_incremental_squeeze_10(
5677 libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) {
5678 Eurydice_slice buf[1U] = {out};
5679 libcrux_sha3_generic_keccak_squeeze_9d_960(self, buf);
5680 }
5681
5682 /**
5683 This function found in impl {(core::clone::Clone for
5684 libcrux_sha3::portable::KeccakState)}
5685 */
5686 static inline libcrux_sha3_generic_keccak_KeccakState_48
libcrux_sha3_portable_clone_3d(libcrux_sha3_generic_keccak_KeccakState_48 * self)5687 libcrux_sha3_portable_clone_3d(
5688 libcrux_sha3_generic_keccak_KeccakState_48 *self) {
5689 return self[0U];
5690 }
5691
5692 /**
5693 This function found in impl {(core::convert::From<libcrux_sha3::Algorithm> for
5694 u32)#1}
5695 */
libcrux_sha3_from_eb(libcrux_sha3_Algorithm v)5696 static inline uint32_t libcrux_sha3_from_eb(libcrux_sha3_Algorithm v) {
5697 uint32_t uu____0;
5698 switch (v) {
5699 case libcrux_sha3_Sha224: {
5700 uu____0 = 1U;
5701 break;
5702 }
5703 case libcrux_sha3_Sha256: {
5704 uu____0 = 2U;
5705 break;
5706 }
5707 case libcrux_sha3_Sha384: {
5708 uu____0 = 3U;
5709 break;
5710 }
5711 case libcrux_sha3_Sha512: {
5712 uu____0 = 4U;
5713 break;
5714 }
5715 default: {
5716 KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__,
5717 __LINE__);
5718 KRML_HOST_EXIT(253U);
5719 }
5720 }
5721 return uu____0;
5722 }
5723
5724 /**
5725 This function found in impl {(core::convert::From<u32> for
5726 libcrux_sha3::Algorithm)}
5727 */
libcrux_sha3_from_2d(uint32_t v)5728 static inline libcrux_sha3_Algorithm libcrux_sha3_from_2d(uint32_t v) {
5729 libcrux_sha3_Algorithm uu____0;
5730 switch (v) {
5731 case 1U: {
5732 uu____0 = libcrux_sha3_Sha224;
5733 break;
5734 }
5735 case 2U: {
5736 uu____0 = libcrux_sha3_Sha256;
5737 break;
5738 }
5739 case 3U: {
5740 uu____0 = libcrux_sha3_Sha384;
5741 break;
5742 }
5743 case 4U: {
5744 uu____0 = libcrux_sha3_Sha512;
5745 break;
5746 }
5747 default: {
5748 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
5749 "panic!");
5750 KRML_HOST_EXIT(255U);
5751 }
5752 }
5753 return uu____0;
5754 }
5755
5756 typedef uint8_t libcrux_sha3_Sha3_512Digest[64U];
5757
5758 typedef uint8_t libcrux_sha3_Sha3_384Digest[48U];
5759
5760 typedef uint8_t libcrux_sha3_Sha3_256Digest[32U];
5761
5762 typedef uint8_t libcrux_sha3_Sha3_224Digest[28U];
5763
5764 #if defined(__cplusplus)
5765 }
5766 #endif
5767
5768 #define __libcrux_sha3_portable_H_DEFINED
5769 #endif
5770
5771 /* from libcrux/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h */
5772 /*
5773 * SPDX-FileCopyrightText: 2024 Cryspen Sarl <info@cryspen.com>
5774 *
5775 * SPDX-License-Identifier: MIT or Apache-2.0
5776 *
5777 * This code was generated with the following revisions:
5778 * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4
5779 * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb
5780 * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908
5781 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty
5782 * Libcrux: 4ad532b206174114dd4140b718e7794a28fc59ee
5783 */
5784
5785 #ifndef __libcrux_mlkem768_portable_H
5786 #define __libcrux_mlkem768_portable_H
5787
5788 #if defined(__cplusplus)
5789 extern "C" {
5790 #endif
5791
5792
5793 #define LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE ((size_t)168U)
5794
5795 #define LIBCRUX_ML_KEM_HASH_FUNCTIONS_THREE_BLOCKS \
5796 (LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE * (size_t)3U)
5797
libcrux_ml_kem_hash_functions_portable_G(Eurydice_slice input,uint8_t ret[64U])5798 static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G(
5799 Eurydice_slice input, uint8_t ret[64U]) {
5800 uint8_t digest[64U] = {0U};
5801 libcrux_sha3_portable_sha512(
5802 Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input);
5803 memcpy(ret, digest, (size_t)64U * sizeof(uint8_t));
5804 }
5805
libcrux_ml_kem_hash_functions_portable_H(Eurydice_slice input,uint8_t ret[32U])5806 static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H(
5807 Eurydice_slice input, uint8_t ret[32U]) {
5808 uint8_t digest[32U] = {0U};
5809 libcrux_sha3_portable_sha256(
5810 Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input);
5811 memcpy(ret, digest, (size_t)32U * sizeof(uint8_t));
5812 }
5813
5814 #define LIBCRUX_ML_KEM_IND_CCA_ENCAPS_SEED_SIZE \
5815 (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)
5816
5817 #define LIBCRUX_ML_KEM_IND_CCA_KEY_GENERATION_SEED_SIZE \
5818 (LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + \
5819 LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)
5820
5821 typedef uint8_t libcrux_ml_kem_ind_cca_MlKemSharedSecret[32U];
5822
5823 static const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] =
5824 {(int16_t)-1044, (int16_t)-758, (int16_t)-359, (int16_t)-1517,
5825 (int16_t)1493, (int16_t)1422, (int16_t)287, (int16_t)202,
5826 (int16_t)-171, (int16_t)622, (int16_t)1577, (int16_t)182,
5827 (int16_t)962, (int16_t)-1202, (int16_t)-1474, (int16_t)1468,
5828 (int16_t)573, (int16_t)-1325, (int16_t)264, (int16_t)383,
5829 (int16_t)-829, (int16_t)1458, (int16_t)-1602, (int16_t)-130,
5830 (int16_t)-681, (int16_t)1017, (int16_t)732, (int16_t)608,
5831 (int16_t)-1542, (int16_t)411, (int16_t)-205, (int16_t)-1571,
5832 (int16_t)1223, (int16_t)652, (int16_t)-552, (int16_t)1015,
5833 (int16_t)-1293, (int16_t)1491, (int16_t)-282, (int16_t)-1544,
5834 (int16_t)516, (int16_t)-8, (int16_t)-320, (int16_t)-666,
5835 (int16_t)-1618, (int16_t)-1162, (int16_t)126, (int16_t)1469,
5836 (int16_t)-853, (int16_t)-90, (int16_t)-271, (int16_t)830,
5837 (int16_t)107, (int16_t)-1421, (int16_t)-247, (int16_t)-951,
5838 (int16_t)-398, (int16_t)961, (int16_t)-1508, (int16_t)-725,
5839 (int16_t)448, (int16_t)-1065, (int16_t)677, (int16_t)-1275,
5840 (int16_t)-1103, (int16_t)430, (int16_t)555, (int16_t)843,
5841 (int16_t)-1251, (int16_t)871, (int16_t)1550, (int16_t)105,
5842 (int16_t)422, (int16_t)587, (int16_t)177, (int16_t)-235,
5843 (int16_t)-291, (int16_t)-460, (int16_t)1574, (int16_t)1653,
5844 (int16_t)-246, (int16_t)778, (int16_t)1159, (int16_t)-147,
5845 (int16_t)-777, (int16_t)1483, (int16_t)-602, (int16_t)1119,
5846 (int16_t)-1590, (int16_t)644, (int16_t)-872, (int16_t)349,
5847 (int16_t)418, (int16_t)329, (int16_t)-156, (int16_t)-75,
5848 (int16_t)817, (int16_t)1097, (int16_t)603, (int16_t)610,
5849 (int16_t)1322, (int16_t)-1285, (int16_t)-1465, (int16_t)384,
5850 (int16_t)-1215, (int16_t)-136, (int16_t)1218, (int16_t)-1335,
5851 (int16_t)-874, (int16_t)220, (int16_t)-1187, (int16_t)-1659,
5852 (int16_t)-1185, (int16_t)-1530, (int16_t)-1278, (int16_t)794,
5853 (int16_t)-1510, (int16_t)-854, (int16_t)-870, (int16_t)478,
5854 (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991,
5855 (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628};
5856
5857 #define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR ((size_t)16U)
5858
5859 #define LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT \
5860 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / \
5861 LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR)
5862
5863 #define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS ((int16_t)3329)
5864
5865 #define LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS \
5866 ((int16_t)1353)
5867
5868 #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \
5869 (62209U)
5870
5871 typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s {
5872 int16_t elements[16U];
5873 } libcrux_ml_kem_vector_portable_vector_type_PortableVector;
5874
5875 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_vector_type_from_i16_array(Eurydice_slice array)5876 libcrux_ml_kem_vector_portable_vector_type_from_i16_array(
5877 Eurydice_slice array) {
5878 libcrux_ml_kem_vector_portable_vector_type_PortableVector lit;
5879 int16_t ret[16U];
5880 Result_c0 dst;
5881 Eurydice_slice_to_array2(
5882 &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t),
5883 Eurydice_slice, int16_t[16U]);
5884 unwrap_41_f9(dst, ret);
5885 memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t));
5886 return lit;
5887 }
5888
5889 /**
5890 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
5891 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
5892 */
5893 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array)5894 libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) {
5895 return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array);
5896 }
5897
5898 typedef struct uint8_t_x11_s {
5899 uint8_t fst;
5900 uint8_t snd;
5901 uint8_t thd;
5902 uint8_t f3;
5903 uint8_t f4;
5904 uint8_t f5;
5905 uint8_t f6;
5906 uint8_t f7;
5907 uint8_t f8;
5908 uint8_t f9;
5909 uint8_t f10;
5910 } uint8_t_x11;
5911
5912 static KRML_MUSTINLINE uint8_t_x11
libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v)5913 libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) {
5914 uint8_t r0 = (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *);
5915 uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t,
5916 int16_t *) &
5917 (int16_t)31)
5918 << 3U |
5919 (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t,
5920 int16_t *) >>
5921 8U);
5922 uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t,
5923 int16_t *) &
5924 (int16_t)3)
5925 << 6U |
5926 (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t,
5927 int16_t *) >>
5928 5U);
5929 uint8_t r3 =
5930 (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) >> 2U &
5931 (int16_t)255);
5932 uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t,
5933 int16_t *) &
5934 (int16_t)127)
5935 << 1U |
5936 (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t,
5937 int16_t *) >>
5938 10U);
5939 uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t,
5940 int16_t *) &
5941 (int16_t)15)
5942 << 4U |
5943 (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t,
5944 int16_t *) >>
5945 7U);
5946 uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t,
5947 int16_t *) &
5948 (int16_t)1)
5949 << 7U |
5950 (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t,
5951 int16_t *) >>
5952 4U);
5953 uint8_t r7 =
5954 (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) >> 1U &
5955 (int16_t)255);
5956 uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t,
5957 int16_t *) &
5958 (int16_t)63)
5959 << 2U |
5960 (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t,
5961 int16_t *) >>
5962 9U);
5963 uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t,
5964 int16_t *) &
5965 (int16_t)7)
5966 << 5U |
5967 (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t,
5968 int16_t *) >>
5969 6U);
5970 uint8_t r10 =
5971 (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) >> 3U);
5972 return (CLITERAL(uint8_t_x11){.fst = r0,
5973 .snd = r1,
5974 .thd = r2,
5975 .f3 = r3,
5976 .f4 = r4,
5977 .f5 = r5,
5978 .f6 = r6,
5979 .f7 = r7,
5980 .f8 = r8,
5981 .f9 = r9,
5982 .f10 = r10});
5983 }
5984
5985 static KRML_MUSTINLINE void
libcrux_ml_kem_vector_portable_serialize_serialize_11(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,uint8_t ret[22U])5986 libcrux_ml_kem_vector_portable_serialize_serialize_11(
5987 libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
5988 uint8_t ret[22U]) {
5989 uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int(
5990 Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t));
5991 uint8_t_x11 r11_21 =
5992 libcrux_ml_kem_vector_portable_serialize_serialize_11_int(
5993 Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U,
5994 int16_t));
5995 uint8_t result[22U] = {0U};
5996 result[0U] = r0_10.fst;
5997 result[1U] = r0_10.snd;
5998 result[2U] = r0_10.thd;
5999 result[3U] = r0_10.f3;
6000 result[4U] = r0_10.f4;
6001 result[5U] = r0_10.f5;
6002 result[6U] = r0_10.f6;
6003 result[7U] = r0_10.f7;
6004 result[8U] = r0_10.f8;
6005 result[9U] = r0_10.f9;
6006 result[10U] = r0_10.f10;
6007 result[11U] = r11_21.fst;
6008 result[12U] = r11_21.snd;
6009 result[13U] = r11_21.thd;
6010 result[14U] = r11_21.f3;
6011 result[15U] = r11_21.f4;
6012 result[16U] = r11_21.f5;
6013 result[17U] = r11_21.f6;
6014 result[18U] = r11_21.f7;
6015 result[19U] = r11_21.f8;
6016 result[20U] = r11_21.f9;
6017 result[21U] = r11_21.f10;
6018 memcpy(ret, result, (size_t)22U * sizeof(uint8_t));
6019 }
6020
6021 /**
6022 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
6023 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
6024 */
libcrux_ml_kem_vector_portable_serialize_11_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,uint8_t ret[22U])6025 static inline void libcrux_ml_kem_vector_portable_serialize_11_0d(
6026 libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
6027 uint8_t ret[22U]) {
6028 libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret);
6029 }
6030
6031 typedef struct int16_t_x8_s {
6032 int16_t fst;
6033 int16_t snd;
6034 int16_t thd;
6035 int16_t f3;
6036 int16_t f4;
6037 int16_t f5;
6038 int16_t f6;
6039 int16_t f7;
6040 } int16_t_x8;
6041
6042 static KRML_MUSTINLINE int16_t_x8
libcrux_ml_kem_vector_portable_serialize_deserialize_11_int(Eurydice_slice bytes)6043 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int(
6044 Eurydice_slice bytes) {
6045 int16_t r0 =
6046 ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) &
6047 (int16_t)7)
6048 << 8U |
6049 (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *);
6050 int16_t r1 =
6051 ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) &
6052 (int16_t)63)
6053 << 5U |
6054 (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >>
6055 3U;
6056 int16_t r2 =
6057 (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) &
6058 (int16_t)1)
6059 << 10U |
6060 (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *)
6061 << 2U) |
6062 (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >>
6063 6U;
6064 int16_t r3 =
6065 ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) &
6066 (int16_t)15)
6067 << 7U |
6068 (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) >>
6069 1U;
6070 int16_t r4 =
6071 ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) &
6072 (int16_t)127)
6073 << 4U |
6074 (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) >>
6075 4U;
6076 int16_t r5 =
6077 (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) &
6078 (int16_t)3)
6079 << 9U |
6080 (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *)
6081 << 1U) |
6082 (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >>
6083 7U;
6084 int16_t r6 =
6085 ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) &
6086 (int16_t)31)
6087 << 6U |
6088 (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >>
6089 2U;
6090 int16_t r7 =
6091 (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *)
6092 << 3U |
6093 (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) >>
6094 5U;
6095 return (CLITERAL(int16_t_x8){.fst = r0,
6096 .snd = r1,
6097 .thd = r2,
6098 .f3 = r3,
6099 .f4 = r4,
6100 .f5 = r5,
6101 .f6 = r6,
6102 .f7 = r7});
6103 }
6104
6105 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_vector_type_zero(void)6106 libcrux_ml_kem_vector_portable_vector_type_zero(void) {
6107 libcrux_ml_kem_vector_portable_vector_type_PortableVector lit;
6108 lit.elements[0U] = (int16_t)0;
6109 lit.elements[1U] = (int16_t)0;
6110 lit.elements[2U] = (int16_t)0;
6111 lit.elements[3U] = (int16_t)0;
6112 lit.elements[4U] = (int16_t)0;
6113 lit.elements[5U] = (int16_t)0;
6114 lit.elements[6U] = (int16_t)0;
6115 lit.elements[7U] = (int16_t)0;
6116 lit.elements[8U] = (int16_t)0;
6117 lit.elements[9U] = (int16_t)0;
6118 lit.elements[10U] = (int16_t)0;
6119 lit.elements[11U] = (int16_t)0;
6120 lit.elements[12U] = (int16_t)0;
6121 lit.elements[13U] = (int16_t)0;
6122 lit.elements[14U] = (int16_t)0;
6123 lit.elements[15U] = (int16_t)0;
6124 return lit;
6125 }
6126
6127 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes)6128 libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) {
6129 int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int(
6130 Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t));
6131 int16_t_x8 v8_15 =
6132 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int(
6133 Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t));
6134 libcrux_ml_kem_vector_portable_vector_type_PortableVector v =
6135 libcrux_ml_kem_vector_portable_vector_type_zero();
6136 v.elements[0U] = v0_7.fst;
6137 v.elements[1U] = v0_7.snd;
6138 v.elements[2U] = v0_7.thd;
6139 v.elements[3U] = v0_7.f3;
6140 v.elements[4U] = v0_7.f4;
6141 v.elements[5U] = v0_7.f5;
6142 v.elements[6U] = v0_7.f6;
6143 v.elements[7U] = v0_7.f7;
6144 v.elements[8U] = v8_15.fst;
6145 v.elements[9U] = v8_15.snd;
6146 v.elements[10U] = v8_15.thd;
6147 v.elements[11U] = v8_15.f3;
6148 v.elements[12U] = v8_15.f4;
6149 v.elements[13U] = v8_15.f5;
6150 v.elements[14U] = v8_15.f6;
6151 v.elements[15U] = v8_15.f7;
6152 return v;
6153 }
6154
6155 /**
6156 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
6157 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
6158 */
6159 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a)6160 libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) {
6161 return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a);
6162 }
6163
6164 static KRML_MUSTINLINE void
libcrux_ml_kem_vector_portable_vector_type_to_i16_array(libcrux_ml_kem_vector_portable_vector_type_PortableVector x,int16_t ret[16U])6165 libcrux_ml_kem_vector_portable_vector_type_to_i16_array(
6166 libcrux_ml_kem_vector_portable_vector_type_PortableVector x,
6167 int16_t ret[16U]) {
6168 memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t));
6169 }
6170
6171 /**
6172 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
6173 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
6174 */
libcrux_ml_kem_vector_portable_to_i16_array_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector x,int16_t ret[16U])6175 static inline void libcrux_ml_kem_vector_portable_to_i16_array_0d(
6176 libcrux_ml_kem_vector_portable_vector_type_PortableVector x,
6177 int16_t ret[16U]) {
6178 libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret);
6179 }
6180
6181 static const uint8_t
6182 libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE
6183 [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
6184 255U, 255U, 255U, 255U, 255U, 255U, 255U},
6185 {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
6186 255U, 255U, 255U, 255U, 255U, 255U},
6187 {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
6188 255U, 255U, 255U, 255U, 255U, 255U},
6189 {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U,
6190 255U, 255U, 255U, 255U, 255U, 255U},
6191 {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
6192 255U, 255U, 255U, 255U, 255U, 255U},
6193 {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U,
6194 255U, 255U, 255U, 255U, 255U, 255U},
6195 {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U,
6196 255U, 255U, 255U, 255U, 255U, 255U},
6197 {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U,
6198 255U, 255U, 255U, 255U, 255U},
6199 {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
6200 255U, 255U, 255U, 255U, 255U, 255U},
6201 {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U,
6202 255U, 255U, 255U, 255U, 255U, 255U},
6203 {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U,
6204 255U, 255U, 255U, 255U, 255U, 255U},
6205 {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U,
6206 255U, 255U, 255U, 255U, 255U},
6207 {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U,
6208 255U, 255U, 255U, 255U, 255U, 255U},
6209 {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U,
6210 255U, 255U, 255U, 255U, 255U},
6211 {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U,
6212 255U, 255U, 255U, 255U, 255U},
6213 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U,
6214 255U, 255U, 255U, 255U},
6215 {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
6216 255U, 255U, 255U, 255U, 255U, 255U},
6217 {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U,
6218 255U, 255U, 255U, 255U, 255U, 255U},
6219 {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U,
6220 255U, 255U, 255U, 255U, 255U, 255U},
6221 {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U,
6222 255U, 255U, 255U, 255U, 255U},
6223 {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U,
6224 255U, 255U, 255U, 255U, 255U, 255U},
6225 {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U,
6226 255U, 255U, 255U, 255U, 255U},
6227 {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U,
6228 255U, 255U, 255U, 255U, 255U},
6229 {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U,
6230 255U, 255U, 255U, 255U},
6231 {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U,
6232 255U, 255U, 255U, 255U, 255U, 255U},
6233 {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U,
6234 255U, 255U, 255U, 255U, 255U},
6235 {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U,
6236 255U, 255U, 255U, 255U, 255U},
6237 {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U,
6238 255U, 255U, 255U, 255U},
6239 {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U,
6240 255U, 255U, 255U, 255U, 255U},
6241 {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U,
6242 255U, 255U, 255U, 255U},
6243 {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U,
6244 255U, 255U, 255U, 255U},
6245 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U,
6246 255U, 255U, 255U, 255U},
6247 {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
6248 255U, 255U, 255U, 255U, 255U, 255U, 255U},
6249 {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U,
6250 255U, 255U, 255U, 255U, 255U, 255U},
6251 {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U,
6252 255U, 255U, 255U, 255U, 255U, 255U},
6253 {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U,
6254 255U, 255U, 255U, 255U, 255U},
6255 {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U,
6256 255U, 255U, 255U, 255U, 255U, 255U},
6257 {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U,
6258 255U, 255U, 255U, 255U, 255U},
6259 {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U,
6260 255U, 255U, 255U, 255U, 255U},
6261 {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U,
6262 255U, 255U, 255U, 255U, 255U},
6263 {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U,
6264 255U, 255U, 255U, 255U, 255U, 255U},
6265 {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U,
6266 255U, 255U, 255U, 255U, 255U},
6267 {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U,
6268 255U, 255U, 255U, 255U, 255U},
6269 {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U,
6270 255U, 255U, 255U, 255U, 255U},
6271 {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U,
6272 255U, 255U, 255U, 255U, 255U},
6273 {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U,
6274 255U, 255U, 255U, 255U, 255U},
6275 {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U,
6276 255U, 255U, 255U, 255U, 255U},
6277 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U,
6278 255U, 255U, 255U, 255U},
6279 {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U,
6280 255U, 255U, 255U, 255U, 255U, 255U},
6281 {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U,
6282 255U, 255U, 255U, 255U, 255U},
6283 {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U,
6284 255U, 255U, 255U, 255U, 255U},
6285 {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U,
6286 255U, 255U, 255U, 255U, 255U},
6287 {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U,
6288 255U, 255U, 255U, 255U, 255U},
6289 {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U,
6290 255U, 255U, 255U, 255U, 255U},
6291 {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U,
6292 255U, 255U, 255U, 255U, 255U},
6293 {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U,
6294 255U, 255U, 255U, 255U},
6295 {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U,
6296 255U, 255U, 255U, 255U, 255U},
6297 {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U,
6298 255U, 255U, 255U, 255U, 255U},
6299 {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U,
6300 255U, 255U, 255U, 255U, 255U},
6301 {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U,
6302 255U, 255U, 255U, 255U},
6303 {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U,
6304 255U, 255U, 255U, 255U, 255U},
6305 {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U,
6306 255U, 255U, 255U, 255U},
6307 {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U,
6308 255U, 255U, 255U, 255U},
6309 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U,
6310 255U, 255U, 255U},
6311 {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
6312 255U, 255U, 255U, 255U, 255U, 255U, 255U},
6313 {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U,
6314 255U, 255U, 255U, 255U, 255U, 255U},
6315 {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U,
6316 255U, 255U, 255U, 255U, 255U, 255U},
6317 {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U,
6318 255U, 255U, 255U, 255U, 255U},
6319 {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U,
6320 255U, 255U, 255U, 255U, 255U, 255U},
6321 {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U,
6322 255U, 255U, 255U, 255U, 255U},
6323 {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U,
6324 255U, 255U, 255U, 255U, 255U},
6325 {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U,
6326 255U, 255U, 255U, 255U, 255U},
6327 {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U,
6328 255U, 255U, 255U, 255U, 255U, 255U},
6329 {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U,
6330 255U, 255U, 255U, 255U, 255U},
6331 {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U,
6332 255U, 255U, 255U, 255U, 255U},
6333 {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U,
6334 255U, 255U, 255U, 255U, 255U},
6335 {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U,
6336 255U, 255U, 255U, 255U, 255U},
6337 {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U,
6338 255U, 255U, 255U, 255U, 255U},
6339 {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U,
6340 255U, 255U, 255U, 255U, 255U},
6341 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U,
6342 255U, 255U, 255U, 255U},
6343 {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U,
6344 255U, 255U, 255U, 255U, 255U, 255U},
6345 {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U,
6346 255U, 255U, 255U, 255U, 255U},
6347 {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U,
6348 255U, 255U, 255U, 255U, 255U},
6349 {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U,
6350 255U, 255U, 255U, 255U, 255U},
6351 {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U,
6352 255U, 255U, 255U, 255U, 255U},
6353 {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U,
6354 255U, 255U, 255U, 255U, 255U},
6355 {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U,
6356 255U, 255U, 255U, 255U, 255U},
6357 {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U,
6358 255U, 255U, 255U, 255U},
6359 {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U,
6360 255U, 255U, 255U, 255U, 255U},
6361 {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U,
6362 255U, 255U, 255U, 255U, 255U},
6363 {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U,
6364 255U, 255U, 255U, 255U, 255U},
6365 {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U,
6366 255U, 255U, 255U, 255U},
6367 {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U,
6368 255U, 255U, 255U, 255U, 255U},
6369 {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U,
6370 255U, 255U, 255U, 255U},
6371 {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U,
6372 255U, 255U, 255U, 255U},
6373 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U,
6374 255U, 255U, 255U},
6375 {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U,
6376 255U, 255U, 255U, 255U, 255U, 255U},
6377 {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U,
6378 255U, 255U, 255U, 255U, 255U, 255U},
6379 {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U,
6380 255U, 255U, 255U, 255U, 255U, 255U},
6381 {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U,
6382 255U, 255U, 255U, 255U, 255U},
6383 {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U,
6384 255U, 255U, 255U, 255U, 255U, 255U},
6385 {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U,
6386 255U, 255U, 255U, 255U, 255U},
6387 {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U,
6388 255U, 255U, 255U, 255U, 255U},
6389 {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U,
6390 255U, 255U, 255U, 255U},
6391 {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U,
6392 255U, 255U, 255U, 255U, 255U, 255U},
6393 {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U,
6394 255U, 255U, 255U, 255U, 255U},
6395 {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U,
6396 255U, 255U, 255U, 255U, 255U},
6397 {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U,
6398 255U, 255U, 255U, 255U},
6399 {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U,
6400 255U, 255U, 255U, 255U, 255U},
6401 {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U,
6402 255U, 255U, 255U, 255U},
6403 {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U,
6404 255U, 255U, 255U, 255U},
6405 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U,
6406 255U, 255U, 255U, 255U},
6407 {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U,
6408 255U, 255U, 255U, 255U, 255U, 255U},
6409 {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U,
6410 255U, 255U, 255U, 255U, 255U},
6411 {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U,
6412 255U, 255U, 255U, 255U, 255U},
6413 {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U,
6414 255U, 255U, 255U, 255U},
6415 {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U,
6416 255U, 255U, 255U, 255U, 255U},
6417 {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U,
6418 255U, 255U, 255U, 255U},
6419 {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U,
6420 255U, 255U, 255U, 255U},
6421 {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U,
6422 255U, 255U, 255U, 255U},
6423 {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U,
6424 255U, 255U, 255U, 255U, 255U},
6425 {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U,
6426 255U, 255U, 255U, 255U},
6427 {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U,
6428 255U, 255U, 255U, 255U},
6429 {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U,
6430 255U, 255U, 255U, 255U},
6431 {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U,
6432 255U, 255U, 255U, 255U},
6433 {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U,
6434 255U, 255U, 255U, 255U},
6435 {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U,
6436 255U, 255U, 255U, 255U},
6437 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U,
6438 13U, 255U, 255U},
6439 {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U,
6440 255U, 255U, 255U, 255U, 255U, 255U, 255U},
6441 {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U,
6442 255U, 255U, 255U, 255U, 255U, 255U},
6443 {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U,
6444 255U, 255U, 255U, 255U, 255U, 255U},
6445 {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U,
6446 255U, 255U, 255U, 255U, 255U},
6447 {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U,
6448 255U, 255U, 255U, 255U, 255U, 255U},
6449 {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U,
6450 255U, 255U, 255U, 255U, 255U},
6451 {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U,
6452 255U, 255U, 255U, 255U, 255U},
6453 {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U,
6454 255U, 255U, 255U, 255U, 255U},
6455 {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U,
6456 255U, 255U, 255U, 255U, 255U, 255U},
6457 {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U,
6458 255U, 255U, 255U, 255U, 255U},
6459 {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U,
6460 255U, 255U, 255U, 255U, 255U},
6461 {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U,
6462 255U, 255U, 255U, 255U, 255U},
6463 {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U,
6464 255U, 255U, 255U, 255U, 255U},
6465 {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U,
6466 255U, 255U, 255U, 255U, 255U},
6467 {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U,
6468 255U, 255U, 255U, 255U, 255U},
6469 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U,
6470 255U, 255U, 255U, 255U},
6471 {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U,
6472 255U, 255U, 255U, 255U, 255U, 255U},
6473 {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U,
6474 255U, 255U, 255U, 255U, 255U},
6475 {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U,
6476 255U, 255U, 255U, 255U, 255U},
6477 {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U,
6478 255U, 255U, 255U, 255U, 255U},
6479 {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U,
6480 255U, 255U, 255U, 255U, 255U},
6481 {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U,
6482 255U, 255U, 255U, 255U, 255U},
6483 {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U,
6484 255U, 255U, 255U, 255U, 255U},
6485 {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U,
6486 255U, 255U, 255U, 255U},
6487 {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U,
6488 255U, 255U, 255U, 255U, 255U},
6489 {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U,
6490 255U, 255U, 255U, 255U, 255U},
6491 {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U,
6492 255U, 255U, 255U, 255U, 255U},
6493 {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U,
6494 255U, 255U, 255U, 255U},
6495 {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U,
6496 255U, 255U, 255U, 255U, 255U},
6497 {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U,
6498 255U, 255U, 255U, 255U},
6499 {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U,
6500 255U, 255U, 255U, 255U},
6501 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U,
6502 255U, 255U, 255U},
6503 {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U,
6504 255U, 255U, 255U, 255U, 255U, 255U},
6505 {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U,
6506 255U, 255U, 255U, 255U, 255U, 255U},
6507 {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U,
6508 255U, 255U, 255U, 255U, 255U, 255U},
6509 {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U,
6510 255U, 255U, 255U, 255U, 255U},
6511 {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U,
6512 255U, 255U, 255U, 255U, 255U, 255U},
6513 {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U,
6514 255U, 255U, 255U, 255U, 255U},
6515 {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U,
6516 255U, 255U, 255U, 255U, 255U},
6517 {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U,
6518 255U, 255U, 255U, 255U},
6519 {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U,
6520 255U, 255U, 255U, 255U, 255U, 255U},
6521 {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U,
6522 255U, 255U, 255U, 255U, 255U},
6523 {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U,
6524 255U, 255U, 255U, 255U, 255U},
6525 {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U,
6526 255U, 255U, 255U, 255U},
6527 {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U,
6528 255U, 255U, 255U, 255U, 255U},
6529 {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U,
6530 255U, 255U, 255U, 255U},
6531 {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U,
6532 255U, 255U, 255U, 255U},
6533 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U,
6534 255U, 255U, 255U, 255U},
6535 {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U,
6536 255U, 255U, 255U, 255U, 255U, 255U},
6537 {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U,
6538 255U, 255U, 255U, 255U, 255U},
6539 {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U,
6540 255U, 255U, 255U, 255U, 255U},
6541 {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U,
6542 255U, 255U, 255U, 255U},
6543 {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U,
6544 255U, 255U, 255U, 255U, 255U},
6545 {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U,
6546 255U, 255U, 255U, 255U},
6547 {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U,
6548 255U, 255U, 255U, 255U},
6549 {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U,
6550 255U, 255U, 255U, 255U},
6551 {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U,
6552 255U, 255U, 255U, 255U, 255U},
6553 {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U,
6554 255U, 255U, 255U, 255U},
6555 {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U,
6556 255U, 255U, 255U, 255U},
6557 {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U,
6558 255U, 255U, 255U, 255U},
6559 {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U,
6560 255U, 255U, 255U, 255U},
6561 {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U,
6562 255U, 255U, 255U, 255U},
6563 {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U,
6564 255U, 255U, 255U, 255U},
6565 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U,
6566 15U, 255U, 255U},
6567 {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U,
6568 255U, 255U, 255U, 255U, 255U, 255U},
6569 {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U,
6570 255U, 255U, 255U, 255U, 255U, 255U},
6571 {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U,
6572 255U, 255U, 255U, 255U, 255U, 255U},
6573 {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6574 255U, 255U, 255U, 255U, 255U},
6575 {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U,
6576 255U, 255U, 255U, 255U, 255U, 255U},
6577 {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6578 255U, 255U, 255U, 255U, 255U},
6579 {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6580 255U, 255U, 255U, 255U, 255U},
6581 {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U,
6582 255U, 255U, 255U, 255U},
6583 {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U,
6584 255U, 255U, 255U, 255U, 255U, 255U},
6585 {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6586 255U, 255U, 255U, 255U, 255U},
6587 {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6588 255U, 255U, 255U, 255U, 255U},
6589 {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U,
6590 255U, 255U, 255U, 255U},
6591 {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6592 255U, 255U, 255U, 255U, 255U},
6593 {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U,
6594 255U, 255U, 255U, 255U},
6595 {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U,
6596 255U, 255U, 255U, 255U},
6597 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U,
6598 255U, 255U, 255U, 255U},
6599 {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U,
6600 255U, 255U, 255U, 255U, 255U, 255U},
6601 {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6602 255U, 255U, 255U, 255U, 255U},
6603 {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6604 255U, 255U, 255U, 255U, 255U},
6605 {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U,
6606 255U, 255U, 255U, 255U},
6607 {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6608 255U, 255U, 255U, 255U, 255U},
6609 {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U,
6610 255U, 255U, 255U, 255U},
6611 {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U,
6612 255U, 255U, 255U, 255U},
6613 {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U,
6614 255U, 255U, 255U, 255U},
6615 {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6616 255U, 255U, 255U, 255U, 255U},
6617 {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U,
6618 255U, 255U, 255U, 255U},
6619 {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U,
6620 255U, 255U, 255U, 255U},
6621 {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U,
6622 255U, 255U, 255U, 255U},
6623 {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U,
6624 255U, 255U, 255U, 255U},
6625 {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U,
6626 255U, 255U, 255U, 255U},
6627 {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U,
6628 255U, 255U, 255U, 255U},
6629 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U,
6630 15U, 255U, 255U},
6631 {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U,
6632 255U, 255U, 255U, 255U, 255U, 255U},
6633 {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6634 255U, 255U, 255U, 255U, 255U},
6635 {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6636 255U, 255U, 255U, 255U, 255U},
6637 {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U,
6638 255U, 255U, 255U, 255U, 255U},
6639 {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6640 255U, 255U, 255U, 255U, 255U},
6641 {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U,
6642 255U, 255U, 255U, 255U, 255U},
6643 {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U,
6644 255U, 255U, 255U, 255U, 255U},
6645 {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U,
6646 255U, 255U, 255U, 255U},
6647 {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6648 255U, 255U, 255U, 255U, 255U},
6649 {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U,
6650 255U, 255U, 255U, 255U, 255U},
6651 {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U,
6652 255U, 255U, 255U, 255U, 255U},
6653 {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U,
6654 255U, 255U, 255U, 255U},
6655 {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U,
6656 255U, 255U, 255U, 255U, 255U},
6657 {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U,
6658 255U, 255U, 255U, 255U},
6659 {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U,
6660 255U, 255U, 255U, 255U},
6661 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U,
6662 15U, 255U, 255U},
6663 {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U,
6664 255U, 255U, 255U, 255U, 255U},
6665 {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U,
6666 255U, 255U, 255U, 255U, 255U},
6667 {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U,
6668 255U, 255U, 255U, 255U, 255U},
6669 {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U,
6670 255U, 255U, 255U, 255U},
6671 {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U,
6672 255U, 255U, 255U, 255U, 255U},
6673 {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U,
6674 255U, 255U, 255U, 255U},
6675 {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U,
6676 255U, 255U, 255U, 255U},
6677 {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U,
6678 15U, 255U, 255U},
6679 {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U,
6680 255U, 255U, 255U, 255U, 255U},
6681 {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U,
6682 255U, 255U, 255U, 255U},
6683 {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U,
6684 255U, 255U, 255U, 255U},
6685 {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U,
6686 15U, 255U, 255U},
6687 {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U,
6688 255U, 255U, 255U, 255U},
6689 {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U,
6690 15U, 255U, 255U},
6691 {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U,
6692 15U, 255U, 255U},
6693 {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U,
6694 13U, 14U, 15U}};
6695
6696 /**
6697 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
6698 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
6699 */
6700 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ZERO_0d(void)6701 libcrux_ml_kem_vector_portable_ZERO_0d(void) {
6702 return libcrux_ml_kem_vector_portable_vector_type_zero();
6703 }
6704
6705 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_arithmetic_add(libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,libcrux_ml_kem_vector_portable_vector_type_PortableVector * rhs)6706 libcrux_ml_kem_vector_portable_arithmetic_add(
6707 libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,
6708 libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) {
6709 for (size_t i = (size_t)0U;
6710 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
6711 size_t i0 = i;
6712 size_t uu____0 = i0;
6713 lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0];
6714 }
6715 return lhs;
6716 }
6717
6718 /**
6719 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
6720 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
6721 */
6722 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_add_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,libcrux_ml_kem_vector_portable_vector_type_PortableVector * rhs)6723 libcrux_ml_kem_vector_portable_add_0d(
6724 libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,
6725 libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) {
6726 return libcrux_ml_kem_vector_portable_arithmetic_add(lhs, rhs);
6727 }
6728
6729 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_arithmetic_sub(libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,libcrux_ml_kem_vector_portable_vector_type_PortableVector * rhs)6730 libcrux_ml_kem_vector_portable_arithmetic_sub(
6731 libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,
6732 libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) {
6733 for (size_t i = (size_t)0U;
6734 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
6735 size_t i0 = i;
6736 size_t uu____0 = i0;
6737 lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0];
6738 }
6739 return lhs;
6740 }
6741
6742 /**
6743 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
6744 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
6745 */
6746 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_sub_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,libcrux_ml_kem_vector_portable_vector_type_PortableVector * rhs)6747 libcrux_ml_kem_vector_portable_sub_0d(
6748 libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,
6749 libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) {
6750 return libcrux_ml_kem_vector_portable_arithmetic_sub(lhs, rhs);
6751 }
6752
6753 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,int16_t c)6754 libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(
6755 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) {
6756 for (size_t i = (size_t)0U;
6757 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
6758 size_t i0 = i;
6759 size_t uu____0 = i0;
6760 v.elements[uu____0] = v.elements[uu____0] * c;
6761 }
6762 return v;
6763 }
6764
6765 /**
6766 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
6767 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
6768 */
6769 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_multiply_by_constant_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,int16_t c)6770 libcrux_ml_kem_vector_portable_multiply_by_constant_0d(
6771 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) {
6772 return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(v, c);
6773 }
6774
6775 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,int16_t c)6776 libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(
6777 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) {
6778 for (size_t i = (size_t)0U;
6779 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
6780 size_t i0 = i;
6781 size_t uu____0 = i0;
6782 v.elements[uu____0] = v.elements[uu____0] & c;
6783 }
6784 return v;
6785 }
6786
6787 /**
6788 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
6789 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
6790 */
6791 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,int16_t c)6792 libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d(
6793 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) {
6794 return libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(v,
6795 c);
6796 }
6797
6798 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)6799 libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(
6800 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
6801 core_ops_range_Range_b3 iter =
6802 core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter(
6803 (CLITERAL(core_ops_range_Range_b3){
6804 .start = (size_t)0U,
6805 .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}),
6806 core_ops_range_Range_b3, core_ops_range_Range_b3);
6807 while (true) {
6808 Option_b3 uu____0 =
6809 core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next(
6810 &iter, size_t, Option_b3);
6811 if (!(uu____0.tag == None)) {
6812 size_t i = uu____0.f0;
6813 if (v.elements[i] >= (int16_t)3329) {
6814 size_t uu____1 = i;
6815 v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329;
6816 }
6817 continue;
6818 }
6819 return v;
6820 }
6821 }
6822
6823 /**
6824 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
6825 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
6826 */
6827 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_cond_subtract_3329_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)6828 libcrux_ml_kem_vector_portable_cond_subtract_3329_0d(
6829 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
6830 return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v);
6831 }
6832
6833 #define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER \
6834 ((int32_t)20159)
6835
6836 #define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT ((int32_t)26)
6837
6838 #define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R \
6839 ((int32_t)1 << (uint32_t) \
6840 LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT)
6841
6842 /**
6843 Signed Barrett Reduction
6844
6845 Given an input `value`, `barrett_reduce` outputs a representative `result`
6846 such that:
6847
6848 - result ≡ value (mod FIELD_MODULUS)
6849 - the absolute value of `result` is bound as follows:
6850
6851 `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1)
6852
6853 In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`.
6854 */
6855 static inline int16_t
libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element(int16_t value)6856 libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element(
6857 int16_t value) {
6858 int32_t t = (int32_t)value *
6859 LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER +
6860 (LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R >> 1U);
6861 int16_t quotient =
6862 (int16_t)(t >>
6863 (uint32_t)
6864 LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT);
6865 return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
6866 }
6867
6868 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)6869 libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(
6870 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
6871 for (size_t i = (size_t)0U;
6872 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
6873 size_t i0 = i;
6874 v.elements[i0] =
6875 libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element(
6876 v.elements[i0]);
6877 }
6878 return v;
6879 }
6880
6881 /**
6882 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
6883 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
6884 */
6885 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_barrett_reduce_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)6886 libcrux_ml_kem_vector_portable_barrett_reduce_0d(
6887 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
6888 return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v);
6889 }
6890
6891 #define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT (16U)
6892
6893 #define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_R \
6894 ((int32_t)1 << (uint32_t) \
6895 LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT)
6896
6897 /**
6898 Signed Montgomery Reduction
6899
6900 Given an input `value`, `montgomery_reduce` outputs a representative `o`
6901 such that:
6902
6903 - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS)
6904 - the absolute value of `o` is bound as follows:
6905
6906 `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2)
6907
6908 In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 ·
6909 FIELD_MODULUS) / 2`.
6910 */
6911 static inline int16_t
libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element(int32_t value)6912 libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element(
6913 int32_t value) {
6914 int32_t k =
6915 (int32_t)(int16_t)value *
6916 (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R;
6917 int32_t k_times_modulus =
6918 (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
6919 int16_t c =
6920 (int16_t)(k_times_modulus >>
6921 (uint32_t)
6922 LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT);
6923 int16_t value_high =
6924 (int16_t)(value >>
6925 (uint32_t)
6926 LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT);
6927 return value_high - c;
6928 }
6929
6930 /**
6931 If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to
6932 `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to
6933 `x · y`, as follows:
6934
6935 `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)`
6936
6937 `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a
6938 representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod
6939 FIELD_MODULUS)`.
6940 */
6941 static KRML_MUSTINLINE int16_t
libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer(int16_t fe,int16_t fer)6942 libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer(
6943 int16_t fe, int16_t fer) {
6944 return libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element(
6945 (int32_t)fe * (int32_t)fer);
6946 }
6947
6948 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,int16_t c)6949 libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant(
6950 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) {
6951 for (size_t i = (size_t)0U;
6952 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
6953 size_t i0 = i;
6954 v.elements[i0] =
6955 libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer(
6956 v.elements[i0], c);
6957 }
6958 return v;
6959 }
6960
6961 /**
6962 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
6963 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
6964 */
6965 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,int16_t r)6966 libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
6967 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r) {
6968 return libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant(
6969 v, r);
6970 }
6971
6972 /**
6973 The `compress_*` functions implement the `Compress` function specified in the
6974 NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as:
6975
6976 ```plaintext
6977 Compress_d: ℤq -> ℤ_{2ᵈ}
6978 Compress_d(x) = ⌈(2ᵈ/q)·x⌋
6979 ```
6980
6981 Since `⌈x⌋ = ⌊x + 1/2⌋` we have:
6982
6983 ```plaintext
6984 Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋
6985 = ⌊(2^{d+1}·x + q) / 2q⌋
6986 ```
6987
6988 For further information about the function implementations, consult the
6989 `implementation_notes.pdf` document in this directory.
6990
6991 The NIST FIPS 203 standard can be found at
6992 <https://csrc.nist.gov/pubs/fips/203/ipd>.
6993 */
6994 static inline uint8_t
libcrux_ml_kem_vector_portable_compress_compress_message_coefficient(uint16_t fe)6995 libcrux_ml_kem_vector_portable_compress_compress_message_coefficient(
6996 uint16_t fe) {
6997 int16_t shifted = (int16_t)1664 - (int16_t)fe;
6998 int16_t mask = shifted >> 15U;
6999 int16_t shifted_to_positive = mask ^ shifted;
7000 int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832;
7001 return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1);
7002 }
7003
7004 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_compress_1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)7005 libcrux_ml_kem_vector_portable_compress_compress_1(
7006 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
7007 for (size_t i = (size_t)0U;
7008 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
7009 size_t i0 = i;
7010 v.elements[i0] = (int16_t)
7011 libcrux_ml_kem_vector_portable_compress_compress_message_coefficient(
7012 (uint16_t)v.elements[i0]);
7013 }
7014 return v;
7015 }
7016
7017 /**
7018 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7019 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7020 */
7021 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_1_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)7022 libcrux_ml_kem_vector_portable_compress_1_0d(
7023 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
7024 return libcrux_ml_kem_vector_portable_compress_compress_1(v);
7025 }
7026
7027 static KRML_MUSTINLINE uint32_t
libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits(uint8_t n,uint32_t value)7028 libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits(
7029 uint8_t n, uint32_t value) {
7030 return value & ((1U << (uint32_t)n) - 1U);
7031 }
7032
7033 static inline int16_t
libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient(uint8_t coefficient_bits,uint16_t fe)7034 libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient(
7035 uint8_t coefficient_bits, uint16_t fe) {
7036 uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits;
7037 compressed = compressed + 1664ULL;
7038 compressed = compressed * 10321340ULL;
7039 compressed = compressed >> 35U;
7040 return (int16_t)
7041 libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits(
7042 coefficient_bits, (uint32_t)compressed);
7043 }
7044
libcrux_ml_kem_vector_portable_ntt_ntt_step(libcrux_ml_kem_vector_portable_vector_type_PortableVector * v,int16_t zeta,size_t i,size_t j)7045 static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step(
7046 libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta,
7047 size_t i, size_t j) {
7048 int16_t t =
7049 libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer(
7050 v->elements[j], zeta);
7051 v->elements[j] = v->elements[i] - t;
7052 v->elements[i] = v->elements[i] + t;
7053 }
7054
7055 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,int16_t zeta0,int16_t zeta1,int16_t zeta2,int16_t zeta3)7056 libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(
7057 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0,
7058 int16_t zeta1, int16_t zeta2, int16_t zeta3) {
7059 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U,
7060 (size_t)2U);
7061 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U,
7062 (size_t)3U);
7063 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)4U,
7064 (size_t)6U);
7065 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)5U,
7066 (size_t)7U);
7067 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)8U,
7068 (size_t)10U);
7069 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)9U,
7070 (size_t)11U);
7071 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)12U,
7072 (size_t)14U);
7073 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)13U,
7074 (size_t)15U);
7075 return v;
7076 }
7077
7078 /**
7079 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7080 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7081 */
7082 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,int16_t zeta0,int16_t zeta1,int16_t zeta2,int16_t zeta3)7083 libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d(
7084 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0,
7085 int16_t zeta1, int16_t zeta2, int16_t zeta3) {
7086 return libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(a, zeta0, zeta1,
7087 zeta2, zeta3);
7088 }
7089
7090 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,int16_t zeta0,int16_t zeta1)7091 libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(
7092 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0,
7093 int16_t zeta1) {
7094 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U,
7095 (size_t)4U);
7096 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U,
7097 (size_t)5U);
7098 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)2U,
7099 (size_t)6U);
7100 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)3U,
7101 (size_t)7U);
7102 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)8U,
7103 (size_t)12U);
7104 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)9U,
7105 (size_t)13U);
7106 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)10U,
7107 (size_t)14U);
7108 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)11U,
7109 (size_t)15U);
7110 return v;
7111 }
7112
7113 /**
7114 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7115 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7116 */
7117 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,int16_t zeta0,int16_t zeta1)7118 libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d(
7119 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0,
7120 int16_t zeta1) {
7121 return libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(a, zeta0, zeta1);
7122 }
7123
7124 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,int16_t zeta)7125 libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(
7126 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) {
7127 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)0U, (size_t)8U);
7128 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)1U, (size_t)9U);
7129 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)2U,
7130 (size_t)10U);
7131 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)3U,
7132 (size_t)11U);
7133 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)4U,
7134 (size_t)12U);
7135 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)5U,
7136 (size_t)13U);
7137 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)6U,
7138 (size_t)14U);
7139 libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)7U,
7140 (size_t)15U);
7141 return v;
7142 }
7143
7144 /**
7145 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7146 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7147 */
7148 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,int16_t zeta)7149 libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d(
7150 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) {
7151 return libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(a, zeta);
7152 }
7153
libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(libcrux_ml_kem_vector_portable_vector_type_PortableVector * v,int16_t zeta,size_t i,size_t j)7154 static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(
7155 libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta,
7156 size_t i, size_t j) {
7157 int16_t a_minus_b = v->elements[j] - v->elements[i];
7158 v->elements[i] =
7159 libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element(
7160 v->elements[i] + v->elements[j]);
7161 v->elements[j] =
7162 libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer(
7163 a_minus_b, zeta);
7164 }
7165
7166 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,int16_t zeta0,int16_t zeta1,int16_t zeta2,int16_t zeta3)7167 libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step(
7168 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0,
7169 int16_t zeta1, int16_t zeta2, int16_t zeta3) {
7170 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U,
7171 (size_t)2U);
7172 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U,
7173 (size_t)3U);
7174 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)4U,
7175 (size_t)6U);
7176 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)5U,
7177 (size_t)7U);
7178 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)8U,
7179 (size_t)10U);
7180 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)9U,
7181 (size_t)11U);
7182 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)12U,
7183 (size_t)14U);
7184 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)13U,
7185 (size_t)15U);
7186 return v;
7187 }
7188
7189 /**
7190 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7191 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7192 */
7193 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,int16_t zeta0,int16_t zeta1,int16_t zeta2,int16_t zeta3)7194 libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d(
7195 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0,
7196 int16_t zeta1, int16_t zeta2, int16_t zeta3) {
7197 return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step(
7198 a, zeta0, zeta1, zeta2, zeta3);
7199 }
7200
7201 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,int16_t zeta0,int16_t zeta1)7202 libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(
7203 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0,
7204 int16_t zeta1) {
7205 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U,
7206 (size_t)4U);
7207 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U,
7208 (size_t)5U);
7209 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)2U,
7210 (size_t)6U);
7211 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)3U,
7212 (size_t)7U);
7213 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)8U,
7214 (size_t)12U);
7215 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)9U,
7216 (size_t)13U);
7217 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)10U,
7218 (size_t)14U);
7219 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)11U,
7220 (size_t)15U);
7221 return v;
7222 }
7223
7224 /**
7225 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7226 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7227 */
7228 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,int16_t zeta0,int16_t zeta1)7229 libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d(
7230 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0,
7231 int16_t zeta1) {
7232 return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(a, zeta0,
7233 zeta1);
7234 }
7235
7236 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,int16_t zeta)7237 libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(
7238 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) {
7239 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)0U,
7240 (size_t)8U);
7241 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)1U,
7242 (size_t)9U);
7243 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)2U,
7244 (size_t)10U);
7245 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)3U,
7246 (size_t)11U);
7247 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)4U,
7248 (size_t)12U);
7249 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)5U,
7250 (size_t)13U);
7251 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)6U,
7252 (size_t)14U);
7253 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)7U,
7254 (size_t)15U);
7255 return v;
7256 }
7257
7258 /**
7259 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7260 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7261 */
7262 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,int16_t zeta)7263 libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d(
7264 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) {
7265 return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta);
7266 }
7267
7268 /**
7269 Compute the product of two Kyber binomials with respect to the
7270 modulus `X² - zeta`.
7271
7272 This function almost implements <strong>Algorithm 11</strong> of the
7273 NIST FIPS 203 standard, which is reproduced below:
7274
7275 ```plaintext
7276 Input: a₀, a₁, b₀, b₁ ∈ ℤq.
7277 Input: γ ∈ ℤq.
7278 Output: c₀, c₁ ∈ ℤq.
7279
7280 c₀ ← a₀·b₀ + a₁·b₁·γ
7281 c₁ ← a₀·b₁ + a₁·b₀
7282 return c₀, c₁
7283 ```
7284 We say "almost" because the coefficients output by this function are in
7285 the Montgomery domain (unlike in the specification).
7286
7287 The NIST FIPS 203 standard can be found at
7288 <https://csrc.nist.gov/pubs/fips/203/ipd>.
7289 */
7290 static KRML_MUSTINLINE void
libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(libcrux_ml_kem_vector_portable_vector_type_PortableVector * a,libcrux_ml_kem_vector_portable_vector_type_PortableVector * b,int16_t zeta,size_t i,size_t j,libcrux_ml_kem_vector_portable_vector_type_PortableVector * out)7291 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
7292 libcrux_ml_kem_vector_portable_vector_type_PortableVector *a,
7293 libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta,
7294 size_t i, size_t j,
7295 libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) {
7296 int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element(
7297 (int32_t)a->elements[i] * (int32_t)b->elements[i] +
7298 (int32_t)
7299 libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element(
7300 (int32_t)a->elements[j] * (int32_t)b->elements[j]) *
7301 (int32_t)zeta);
7302 int16_t o1 =
7303 libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element(
7304 (int32_t)a->elements[i] * (int32_t)b->elements[j] +
7305 (int32_t)a->elements[j] * (int32_t)b->elements[i]);
7306 out->elements[i] = o0;
7307 out->elements[j] = o1;
7308 }
7309
7310 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_ntt_multiply(libcrux_ml_kem_vector_portable_vector_type_PortableVector * lhs,libcrux_ml_kem_vector_portable_vector_type_PortableVector * rhs,int16_t zeta0,int16_t zeta1,int16_t zeta2,int16_t zeta3)7311 libcrux_ml_kem_vector_portable_ntt_ntt_multiply(
7312 libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs,
7313 libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs,
7314 int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) {
7315 libcrux_ml_kem_vector_portable_vector_type_PortableVector out =
7316 libcrux_ml_kem_vector_portable_vector_type_zero();
7317 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
7318 lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out);
7319 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
7320 lhs, rhs, -zeta0, (size_t)2U, (size_t)3U, &out);
7321 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
7322 lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out);
7323 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
7324 lhs, rhs, -zeta1, (size_t)6U, (size_t)7U, &out);
7325 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
7326 lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out);
7327 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
7328 lhs, rhs, -zeta2, (size_t)10U, (size_t)11U, &out);
7329 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
7330 lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out);
7331 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
7332 lhs, rhs, -zeta3, (size_t)14U, (size_t)15U, &out);
7333 return out;
7334 }
7335
7336 /**
7337 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7338 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7339 */
7340 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_multiply_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector * lhs,libcrux_ml_kem_vector_portable_vector_type_PortableVector * rhs,int16_t zeta0,int16_t zeta1,int16_t zeta2,int16_t zeta3)7341 libcrux_ml_kem_vector_portable_ntt_multiply_0d(
7342 libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs,
7343 libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs,
7344 int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) {
7345 return libcrux_ml_kem_vector_portable_ntt_ntt_multiply(lhs, rhs, zeta0, zeta1,
7346 zeta2, zeta3);
7347 }
7348
7349 static KRML_MUSTINLINE void
libcrux_ml_kem_vector_portable_serialize_serialize_1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,uint8_t ret[2U])7350 libcrux_ml_kem_vector_portable_serialize_serialize_1(
7351 libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
7352 uint8_t ret[2U]) {
7353 uint8_t result[2U] = {0U};
7354 for (size_t i = (size_t)0U; i < (size_t)8U; i++) {
7355 size_t i0 = i;
7356 size_t uu____0 = (size_t)0U;
7357 result[uu____0] = (uint32_t)result[uu____0] |
7358 (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0;
7359 }
7360 for (size_t i = (size_t)8U; i < (size_t)16U; i++) {
7361 size_t i0 = i;
7362 size_t uu____1 = (size_t)1U;
7363 result[uu____1] =
7364 (uint32_t)result[uu____1] | (uint32_t)(uint8_t)v.elements[i0]
7365 << (uint32_t)(i0 - (size_t)8U);
7366 }
7367 memcpy(ret, result, (size_t)2U * sizeof(uint8_t));
7368 }
7369
7370 /**
7371 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7372 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7373 */
libcrux_ml_kem_vector_portable_serialize_1_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,uint8_t ret[2U])7374 static inline void libcrux_ml_kem_vector_portable_serialize_1_0d(
7375 libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
7376 uint8_t ret[2U]) {
7377 libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret);
7378 }
7379
7380 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v)7381 libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) {
7382 libcrux_ml_kem_vector_portable_vector_type_PortableVector result =
7383 libcrux_ml_kem_vector_portable_vector_type_zero();
7384 for (size_t i = (size_t)0U; i < (size_t)8U; i++) {
7385 size_t i0 = i;
7386 result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index(
7387 v, (size_t)0U, uint8_t, uint8_t *) >>
7388 (uint32_t)i0 &
7389 1U);
7390 }
7391 for (size_t i = (size_t)8U;
7392 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
7393 size_t i0 = i;
7394 result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index(
7395 v, (size_t)1U, uint8_t, uint8_t *) >>
7396 (uint32_t)(i0 - (size_t)8U) &
7397 1U);
7398 }
7399 return result;
7400 }
7401
7402 /**
7403 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7404 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7405 */
7406 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a)7407 libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) {
7408 return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a);
7409 }
7410
7411 typedef struct uint8_t_x4_s {
7412 uint8_t fst;
7413 uint8_t snd;
7414 uint8_t thd;
7415 uint8_t f3;
7416 } uint8_t_x4;
7417
7418 static KRML_MUSTINLINE uint8_t_x4
libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v)7419 libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) {
7420 uint8_t result0 =
7421 (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *)
7422 << 4U |
7423 (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t,
7424 int16_t *);
7425 uint8_t result1 =
7426 (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *)
7427 << 4U |
7428 (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)2U, int16_t,
7429 int16_t *);
7430 uint8_t result2 =
7431 (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *)
7432 << 4U |
7433 (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)4U, int16_t,
7434 int16_t *);
7435 uint8_t result3 =
7436 (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *)
7437 << 4U |
7438 (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)6U, int16_t,
7439 int16_t *);
7440 return (CLITERAL(uint8_t_x4){
7441 .fst = result0, .snd = result1, .thd = result2, .f3 = result3});
7442 }
7443
7444 static KRML_MUSTINLINE void
libcrux_ml_kem_vector_portable_serialize_serialize_4(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,uint8_t ret[8U])7445 libcrux_ml_kem_vector_portable_serialize_serialize_4(
7446 libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
7447 uint8_t ret[8U]) {
7448 uint8_t_x4 result0_3 =
7449 libcrux_ml_kem_vector_portable_serialize_serialize_4_int(
7450 Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U,
7451 int16_t));
7452 uint8_t_x4 result4_7 =
7453 libcrux_ml_kem_vector_portable_serialize_serialize_4_int(
7454 Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U,
7455 int16_t));
7456 uint8_t result[8U] = {0U};
7457 result[0U] = result0_3.fst;
7458 result[1U] = result0_3.snd;
7459 result[2U] = result0_3.thd;
7460 result[3U] = result0_3.f3;
7461 result[4U] = result4_7.fst;
7462 result[5U] = result4_7.snd;
7463 result[6U] = result4_7.thd;
7464 result[7U] = result4_7.f3;
7465 memcpy(ret, result, (size_t)8U * sizeof(uint8_t));
7466 }
7467
7468 /**
7469 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7470 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7471 */
libcrux_ml_kem_vector_portable_serialize_4_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,uint8_t ret[8U])7472 static inline void libcrux_ml_kem_vector_portable_serialize_4_0d(
7473 libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
7474 uint8_t ret[8U]) {
7475 libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret);
7476 }
7477
7478 static KRML_MUSTINLINE int16_t_x8
libcrux_ml_kem_vector_portable_serialize_deserialize_4_int(Eurydice_slice bytes)7479 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int(
7480 Eurydice_slice bytes) {
7481 int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U,
7482 uint8_t, uint8_t *) &
7483 15U);
7484 int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U,
7485 uint8_t, uint8_t *) >>
7486 4U &
7487 15U);
7488 int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U,
7489 uint8_t, uint8_t *) &
7490 15U);
7491 int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U,
7492 uint8_t, uint8_t *) >>
7493 4U &
7494 15U);
7495 int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U,
7496 uint8_t, uint8_t *) &
7497 15U);
7498 int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U,
7499 uint8_t, uint8_t *) >>
7500 4U &
7501 15U);
7502 int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U,
7503 uint8_t, uint8_t *) &
7504 15U);
7505 int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U,
7506 uint8_t, uint8_t *) >>
7507 4U &
7508 15U);
7509 return (CLITERAL(int16_t_x8){.fst = v0,
7510 .snd = v1,
7511 .thd = v2,
7512 .f3 = v3,
7513 .f4 = v4,
7514 .f5 = v5,
7515 .f6 = v6,
7516 .f7 = v7});
7517 }
7518
7519 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes)7520 libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) {
7521 int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int(
7522 Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t));
7523 int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int(
7524 Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t));
7525 libcrux_ml_kem_vector_portable_vector_type_PortableVector v =
7526 libcrux_ml_kem_vector_portable_vector_type_zero();
7527 v.elements[0U] = v0_7.fst;
7528 v.elements[1U] = v0_7.snd;
7529 v.elements[2U] = v0_7.thd;
7530 v.elements[3U] = v0_7.f3;
7531 v.elements[4U] = v0_7.f4;
7532 v.elements[5U] = v0_7.f5;
7533 v.elements[6U] = v0_7.f6;
7534 v.elements[7U] = v0_7.f7;
7535 v.elements[8U] = v8_15.fst;
7536 v.elements[9U] = v8_15.snd;
7537 v.elements[10U] = v8_15.thd;
7538 v.elements[11U] = v8_15.f3;
7539 v.elements[12U] = v8_15.f4;
7540 v.elements[13U] = v8_15.f5;
7541 v.elements[14U] = v8_15.f6;
7542 v.elements[15U] = v8_15.f7;
7543 return v;
7544 }
7545
7546 /**
7547 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7548 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7549 */
7550 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a)7551 libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) {
7552 return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a);
7553 }
7554
7555 typedef struct uint8_t_x5_s {
7556 uint8_t fst;
7557 uint8_t snd;
7558 uint8_t thd;
7559 uint8_t f3;
7560 uint8_t f4;
7561 } uint8_t_x5;
7562
7563 static KRML_MUSTINLINE uint8_t_x5
libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v)7564 libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) {
7565 uint8_t r0 =
7566 (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) |
7567 Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) << 5U);
7568 uint8_t r1 =
7569 (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 3U |
7570 Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *)
7571 << 2U) |
7572 Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) << 7U);
7573 uint8_t r2 =
7574 (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 1U |
7575 Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) << 4U);
7576 uint8_t r3 =
7577 (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) >> 4U |
7578 Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *)
7579 << 1U) |
7580 Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) << 6U);
7581 uint8_t r4 =
7582 (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) >> 2U |
7583 Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) << 3U);
7584 return (CLITERAL(uint8_t_x5){
7585 .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4});
7586 }
7587
7588 static KRML_MUSTINLINE void
libcrux_ml_kem_vector_portable_serialize_serialize_5(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,uint8_t ret[10U])7589 libcrux_ml_kem_vector_portable_serialize_serialize_5(
7590 libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
7591 uint8_t ret[10U]) {
7592 uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int(
7593 Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t));
7594 uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int(
7595 Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U,
7596 int16_t));
7597 uint8_t result[10U] = {0U};
7598 result[0U] = r0_4.fst;
7599 result[1U] = r0_4.snd;
7600 result[2U] = r0_4.thd;
7601 result[3U] = r0_4.f3;
7602 result[4U] = r0_4.f4;
7603 result[5U] = r5_9.fst;
7604 result[6U] = r5_9.snd;
7605 result[7U] = r5_9.thd;
7606 result[8U] = r5_9.f3;
7607 result[9U] = r5_9.f4;
7608 memcpy(ret, result, (size_t)10U * sizeof(uint8_t));
7609 }
7610
7611 /**
7612 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7613 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7614 */
libcrux_ml_kem_vector_portable_serialize_5_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,uint8_t ret[10U])7615 static inline void libcrux_ml_kem_vector_portable_serialize_5_0d(
7616 libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
7617 uint8_t ret[10U]) {
7618 libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret);
7619 }
7620
7621 static KRML_MUSTINLINE int16_t_x8
libcrux_ml_kem_vector_portable_serialize_deserialize_5_int(Eurydice_slice bytes)7622 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int(
7623 Eurydice_slice bytes) {
7624 int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U,
7625 uint8_t, uint8_t *) &
7626 31U);
7627 int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)1U,
7628 uint8_t, uint8_t *) &
7629 3U) << 3U |
7630 (uint32_t)Eurydice_slice_index(bytes, (size_t)0U,
7631 uint8_t, uint8_t *) >>
7632 5U);
7633 int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U,
7634 uint8_t, uint8_t *) >>
7635 2U &
7636 31U);
7637 int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)2U,
7638 uint8_t, uint8_t *) &
7639 15U)
7640 << 1U |
7641 (uint32_t)Eurydice_slice_index(bytes, (size_t)1U,
7642 uint8_t, uint8_t *) >>
7643 7U);
7644 int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)3U,
7645 uint8_t, uint8_t *) &
7646 1U) << 4U |
7647 (uint32_t)Eurydice_slice_index(bytes, (size_t)2U,
7648 uint8_t, uint8_t *) >>
7649 4U);
7650 int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U,
7651 uint8_t, uint8_t *) >>
7652 1U &
7653 31U);
7654 int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)4U,
7655 uint8_t, uint8_t *) &
7656 7U) << 2U |
7657 (uint32_t)Eurydice_slice_index(bytes, (size_t)3U,
7658 uint8_t, uint8_t *) >>
7659 6U);
7660 int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)4U,
7661 uint8_t, uint8_t *) >>
7662 3U);
7663 return (CLITERAL(int16_t_x8){.fst = v0,
7664 .snd = v1,
7665 .thd = v2,
7666 .f3 = v3,
7667 .f4 = v4,
7668 .f5 = v5,
7669 .f6 = v6,
7670 .f7 = v7});
7671 }
7672
7673 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes)7674 libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) {
7675 int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int(
7676 Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t));
7677 int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int(
7678 Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t));
7679 libcrux_ml_kem_vector_portable_vector_type_PortableVector v =
7680 libcrux_ml_kem_vector_portable_vector_type_zero();
7681 v.elements[0U] = v0_7.fst;
7682 v.elements[1U] = v0_7.snd;
7683 v.elements[2U] = v0_7.thd;
7684 v.elements[3U] = v0_7.f3;
7685 v.elements[4U] = v0_7.f4;
7686 v.elements[5U] = v0_7.f5;
7687 v.elements[6U] = v0_7.f6;
7688 v.elements[7U] = v0_7.f7;
7689 v.elements[8U] = v8_15.fst;
7690 v.elements[9U] = v8_15.snd;
7691 v.elements[10U] = v8_15.thd;
7692 v.elements[11U] = v8_15.f3;
7693 v.elements[12U] = v8_15.f4;
7694 v.elements[13U] = v8_15.f5;
7695 v.elements[14U] = v8_15.f6;
7696 v.elements[15U] = v8_15.f7;
7697 return v;
7698 }
7699
7700 /**
7701 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7702 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7703 */
7704 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a)7705 libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) {
7706 return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a);
7707 }
7708
7709 static KRML_MUSTINLINE uint8_t_x5
libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v)7710 libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) {
7711 uint8_t r0 =
7712 (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) &
7713 (int16_t)255);
7714 uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t,
7715 int16_t *) &
7716 (int16_t)63)
7717 << 2U |
7718 (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t,
7719 int16_t *) >>
7720 8U &
7721 (int16_t)3);
7722 uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t,
7723 int16_t *) &
7724 (int16_t)15)
7725 << 4U |
7726 (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t,
7727 int16_t *) >>
7728 6U &
7729 (int16_t)15);
7730 uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t,
7731 int16_t *) &
7732 (int16_t)3)
7733 << 6U |
7734 (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t,
7735 int16_t *) >>
7736 4U &
7737 (int16_t)63);
7738 uint8_t r4 =
7739 (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 2U &
7740 (int16_t)255);
7741 return (CLITERAL(uint8_t_x5){
7742 .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4});
7743 }
7744
7745 static KRML_MUSTINLINE void
libcrux_ml_kem_vector_portable_serialize_serialize_10(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,uint8_t ret[20U])7746 libcrux_ml_kem_vector_portable_serialize_serialize_10(
7747 libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
7748 uint8_t ret[20U]) {
7749 uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int(
7750 Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t));
7751 uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int(
7752 Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t));
7753 uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int(
7754 Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U,
7755 int16_t));
7756 uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int(
7757 Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U,
7758 int16_t));
7759 uint8_t result[20U] = {0U};
7760 result[0U] = r0_4.fst;
7761 result[1U] = r0_4.snd;
7762 result[2U] = r0_4.thd;
7763 result[3U] = r0_4.f3;
7764 result[4U] = r0_4.f4;
7765 result[5U] = r5_9.fst;
7766 result[6U] = r5_9.snd;
7767 result[7U] = r5_9.thd;
7768 result[8U] = r5_9.f3;
7769 result[9U] = r5_9.f4;
7770 result[10U] = r10_14.fst;
7771 result[11U] = r10_14.snd;
7772 result[12U] = r10_14.thd;
7773 result[13U] = r10_14.f3;
7774 result[14U] = r10_14.f4;
7775 result[15U] = r15_19.fst;
7776 result[16U] = r15_19.snd;
7777 result[17U] = r15_19.thd;
7778 result[18U] = r15_19.f3;
7779 result[19U] = r15_19.f4;
7780 memcpy(ret, result, (size_t)20U * sizeof(uint8_t));
7781 }
7782
7783 /**
7784 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7785 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7786 */
libcrux_ml_kem_vector_portable_serialize_10_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,uint8_t ret[20U])7787 static inline void libcrux_ml_kem_vector_portable_serialize_10_0d(
7788 libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
7789 uint8_t ret[20U]) {
7790 libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret);
7791 }
7792
7793 static KRML_MUSTINLINE int16_t_x8
libcrux_ml_kem_vector_portable_serialize_deserialize_10_int(Eurydice_slice bytes)7794 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int(
7795 Eurydice_slice bytes) {
7796 int16_t r0 =
7797 ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) &
7798 (int16_t)3)
7799 << 8U |
7800 ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *) &
7801 (int16_t)255);
7802 int16_t r1 =
7803 ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) &
7804 (int16_t)15)
7805 << 6U |
7806 (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >>
7807 2U;
7808 int16_t r2 =
7809 ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) &
7810 (int16_t)63)
7811 << 4U |
7812 (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >>
7813 4U;
7814 int16_t r3 =
7815 (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *)
7816 << 2U |
7817 (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) >>
7818 6U;
7819 int16_t r4 =
7820 ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) &
7821 (int16_t)3)
7822 << 8U |
7823 ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) &
7824 (int16_t)255);
7825 int16_t r5 =
7826 ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) &
7827 (int16_t)15)
7828 << 6U |
7829 (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >>
7830 2U;
7831 int16_t r6 =
7832 ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) &
7833 (int16_t)63)
7834 << 4U |
7835 (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) >>
7836 4U;
7837 int16_t r7 =
7838 (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *)
7839 << 2U |
7840 (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >>
7841 6U;
7842 return (CLITERAL(int16_t_x8){.fst = r0,
7843 .snd = r1,
7844 .thd = r2,
7845 .f3 = r3,
7846 .f4 = r4,
7847 .f5 = r5,
7848 .f6 = r6,
7849 .f7 = r7});
7850 }
7851
7852 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes)7853 libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) {
7854 int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int(
7855 Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t));
7856 int16_t_x8 v8_15 =
7857 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int(
7858 Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t));
7859 libcrux_ml_kem_vector_portable_vector_type_PortableVector v =
7860 libcrux_ml_kem_vector_portable_vector_type_zero();
7861 v.elements[0U] = v0_7.fst;
7862 v.elements[1U] = v0_7.snd;
7863 v.elements[2U] = v0_7.thd;
7864 v.elements[3U] = v0_7.f3;
7865 v.elements[4U] = v0_7.f4;
7866 v.elements[5U] = v0_7.f5;
7867 v.elements[6U] = v0_7.f6;
7868 v.elements[7U] = v0_7.f7;
7869 v.elements[8U] = v8_15.fst;
7870 v.elements[9U] = v8_15.snd;
7871 v.elements[10U] = v8_15.thd;
7872 v.elements[11U] = v8_15.f3;
7873 v.elements[12U] = v8_15.f4;
7874 v.elements[13U] = v8_15.f5;
7875 v.elements[14U] = v8_15.f6;
7876 v.elements[15U] = v8_15.f7;
7877 return v;
7878 }
7879
7880 /**
7881 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7882 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7883 */
7884 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a)7885 libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) {
7886 return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a);
7887 }
7888
7889 typedef struct uint8_t_x3_s {
7890 uint8_t fst;
7891 uint8_t snd;
7892 uint8_t thd;
7893 } uint8_t_x3;
7894
7895 static KRML_MUSTINLINE uint8_t_x3
libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v)7896 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) {
7897 uint8_t r0 =
7898 (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) &
7899 (int16_t)255);
7900 uint8_t r1 =
7901 (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) >> 8U |
7902 (Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) &
7903 (int16_t)15)
7904 << 4U);
7905 uint8_t r2 =
7906 (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 4U &
7907 (int16_t)255);
7908 return (CLITERAL(uint8_t_x3){.fst = r0, .snd = r1, .thd = r2});
7909 }
7910
7911 static KRML_MUSTINLINE void
libcrux_ml_kem_vector_portable_serialize_serialize_12(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,uint8_t ret[24U])7912 libcrux_ml_kem_vector_portable_serialize_serialize_12(
7913 libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
7914 uint8_t ret[24U]) {
7915 uint8_t_x3 r0_2 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int(
7916 Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t));
7917 uint8_t_x3 r3_5 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int(
7918 Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t));
7919 uint8_t_x3 r6_8 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int(
7920 Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t));
7921 uint8_t_x3 r9_11 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int(
7922 Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t));
7923 uint8_t_x3 r12_14 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int(
7924 Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U,
7925 int16_t));
7926 uint8_t_x3 r15_17 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int(
7927 Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U,
7928 int16_t));
7929 uint8_t_x3 r18_20 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int(
7930 Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U,
7931 int16_t));
7932 uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int(
7933 Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U,
7934 int16_t));
7935 uint8_t result[24U] = {0U};
7936 result[0U] = r0_2.fst;
7937 result[1U] = r0_2.snd;
7938 result[2U] = r0_2.thd;
7939 result[3U] = r3_5.fst;
7940 result[4U] = r3_5.snd;
7941 result[5U] = r3_5.thd;
7942 result[6U] = r6_8.fst;
7943 result[7U] = r6_8.snd;
7944 result[8U] = r6_8.thd;
7945 result[9U] = r9_11.fst;
7946 result[10U] = r9_11.snd;
7947 result[11U] = r9_11.thd;
7948 result[12U] = r12_14.fst;
7949 result[13U] = r12_14.snd;
7950 result[14U] = r12_14.thd;
7951 result[15U] = r15_17.fst;
7952 result[16U] = r15_17.snd;
7953 result[17U] = r15_17.thd;
7954 result[18U] = r18_20.fst;
7955 result[19U] = r18_20.snd;
7956 result[20U] = r18_20.thd;
7957 result[21U] = r21_23.fst;
7958 result[22U] = r21_23.snd;
7959 result[23U] = r21_23.thd;
7960 memcpy(ret, result, (size_t)24U * sizeof(uint8_t));
7961 }
7962
7963 /**
7964 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
7965 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
7966 */
libcrux_ml_kem_vector_portable_serialize_12_0d(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,uint8_t ret[24U])7967 static inline void libcrux_ml_kem_vector_portable_serialize_12_0d(
7968 libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
7969 uint8_t ret[24U]) {
7970 libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret);
7971 }
7972
7973 typedef struct int16_t_x2_s {
7974 int16_t fst;
7975 int16_t snd;
7976 } int16_t_x2;
7977
7978 static KRML_MUSTINLINE int16_t_x2
libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(Eurydice_slice bytes)7979 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
7980 Eurydice_slice bytes) {
7981 int16_t byte0 =
7982 (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *);
7983 int16_t byte1 =
7984 (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *);
7985 int16_t byte2 =
7986 (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *);
7987 int16_t r0 = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255);
7988 int16_t r1 = byte2 << 4U | (byte1 >> 4U & (int16_t)15);
7989 return (CLITERAL(int16_t_x2){.fst = r0, .snd = r1});
7990 }
7991
7992 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes)7993 libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) {
7994 int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
7995 Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t));
7996 int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
7997 Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t));
7998 int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
7999 Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t));
8000 int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
8001 Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t));
8002 int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
8003 Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t));
8004 int16_t_x2 v10_11 =
8005 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
8006 Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t));
8007 int16_t_x2 v12_13 =
8008 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
8009 Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t));
8010 int16_t_x2 v14_15 =
8011 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
8012 Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t));
8013 libcrux_ml_kem_vector_portable_vector_type_PortableVector re =
8014 libcrux_ml_kem_vector_portable_vector_type_zero();
8015 re.elements[0U] = v0_1.fst;
8016 re.elements[1U] = v0_1.snd;
8017 re.elements[2U] = v2_3.fst;
8018 re.elements[3U] = v2_3.snd;
8019 re.elements[4U] = v4_5.fst;
8020 re.elements[5U] = v4_5.snd;
8021 re.elements[6U] = v6_7.fst;
8022 re.elements[7U] = v6_7.snd;
8023 re.elements[8U] = v8_9.fst;
8024 re.elements[9U] = v8_9.snd;
8025 re.elements[10U] = v10_11.fst;
8026 re.elements[11U] = v10_11.snd;
8027 re.elements[12U] = v12_13.fst;
8028 re.elements[13U] = v12_13.snd;
8029 re.elements[14U] = v14_15.fst;
8030 re.elements[15U] = v14_15.snd;
8031 return re;
8032 }
8033
8034 /**
8035 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
8036 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
8037 */
8038 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a)8039 libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) {
8040 return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a);
8041 }
8042
8043 static KRML_MUSTINLINE size_t
libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a,Eurydice_slice result)8044 libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a,
8045 Eurydice_slice result) {
8046 size_t sampled = (size_t)0U;
8047 for (size_t i = (size_t)0U; i < Eurydice_slice_len(a, uint8_t) / (size_t)3U;
8048 i++) {
8049 size_t i0 = i;
8050 int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U,
8051 uint8_t, uint8_t *);
8052 int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U,
8053 uint8_t, uint8_t *);
8054 int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U,
8055 uint8_t, uint8_t *);
8056 int16_t d1 = (b2 & (int16_t)15) << 8U | b1;
8057 int16_t d2 = b3 << 4U | b2 >> 4U;
8058 bool uu____0;
8059 int16_t uu____1;
8060 bool uu____2;
8061 size_t uu____3;
8062 int16_t uu____4;
8063 size_t uu____5;
8064 int16_t uu____6;
8065 if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) {
8066 if (sampled < (size_t)16U) {
8067 Eurydice_slice_index(result, sampled, int16_t, int16_t *) = d1;
8068 sampled++;
8069 uu____1 = d2;
8070 uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
8071 uu____0 = uu____1 < uu____6;
8072 if (uu____0) {
8073 uu____3 = sampled;
8074 uu____2 = uu____3 < (size_t)16U;
8075 if (uu____2) {
8076 uu____4 = d2;
8077 uu____5 = sampled;
8078 Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4;
8079 sampled++;
8080 continue;
8081 }
8082 }
8083 continue;
8084 }
8085 }
8086 uu____1 = d2;
8087 uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
8088 uu____0 = uu____1 < uu____6;
8089 if (uu____0) {
8090 uu____3 = sampled;
8091 uu____2 = uu____3 < (size_t)16U;
8092 if (uu____2) {
8093 uu____4 = d2;
8094 uu____5 = sampled;
8095 Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4;
8096 sampled++;
8097 continue;
8098 }
8099 }
8100 }
8101 return sampled;
8102 }
8103
8104 /**
8105 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
8106 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
8107 */
libcrux_ml_kem_vector_portable_rej_sample_0d(Eurydice_slice a,Eurydice_slice out)8108 static inline size_t libcrux_ml_kem_vector_portable_rej_sample_0d(
8109 Eurydice_slice a, Eurydice_slice out) {
8110 return libcrux_ml_kem_vector_portable_sampling_rej_sample(a, out);
8111 }
8112
8113 #define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U)
8114
8115 #define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 \
8116 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \
8117 LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U)
8118
8119 #define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U)
8120
8121 #define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 \
8122 (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768)
8123
8124 #define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U)
8125
8126 #define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 \
8127 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \
8128 LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U)
8129
8130 #define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 \
8131 (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768)
8132
8133 #define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 \
8134 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \
8135 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \
8136 LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U)
8137
8138 #define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 \
8139 (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U)
8140
8141 #define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 \
8142 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \
8143 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \
8144 LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U)
8145
8146 #define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U)
8147
8148 #define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE \
8149 (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U)
8150
8151 #define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U)
8152
8153 #define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE \
8154 (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U)
8155
8156 #define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE \
8157 (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \
8158 LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768)
8159
8160 typedef libcrux_ml_kem_types_MlKemPrivateKey_55
8161 libcrux_ml_kem_mlkem768_MlKem768PrivateKey;
8162
8163 typedef libcrux_ml_kem_types_MlKemPublicKey_15
8164 libcrux_ml_kem_mlkem768_MlKem768PublicKey;
8165
8166 #define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 \
8167 (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \
8168 LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U)
8169
8170 #define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 \
8171 (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + \
8172 LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + \
8173 LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \
8174 LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)
8175
8176 /**
8177 A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement
8178 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8179
8180 */
8181 typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s {
8182 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U];
8183 } libcrux_ml_kem_polynomial_PolynomialRingElement_f0;
8184
8185 /**
8186 This function found in impl
8187 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}
8188 */
8189 /**
8190 A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89
8191 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8192 with const generics
8193
8194 */
8195 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_polynomial_ZERO_89_ea(void)8196 libcrux_ml_kem_polynomial_ZERO_89_ea(void) {
8197 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit;
8198 lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8199 lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8200 lit.coefficients[2U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8201 lit.coefficients[3U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8202 lit.coefficients[4U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8203 lit.coefficients[5U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8204 lit.coefficients[6U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8205 lit.coefficients[7U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8206 lit.coefficients[8U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8207 lit.coefficients[9U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8208 lit.coefficients[10U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8209 lit.coefficients[11U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8210 lit.coefficients[12U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8211 lit.coefficients[13U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8212 lit.coefficients[14U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8213 lit.coefficients[15U] = libcrux_ml_kem_vector_portable_ZERO_0d();
8214 return lit;
8215 }
8216
8217 /**
8218 A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key.closure
8219 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8220 with const generics
8221 - K= 3
8222 */
8223 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_6b(size_t _)8224 libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_6b(size_t _) {
8225 return libcrux_ml_kem_polynomial_ZERO_89_ea();
8226 }
8227
8228 /**
8229 A monomorphic instance of
8230 libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types
8231 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
8232
8233 */
8234 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_af(Eurydice_slice serialized)8235 libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_af(
8236 Eurydice_slice serialized) {
8237 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
8238 libcrux_ml_kem_polynomial_ZERO_89_ea();
8239 for (size_t i = (size_t)0U;
8240 i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
8241 size_t i0 = i;
8242 Eurydice_slice bytes = Eurydice_slice_subslice2(
8243 serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t);
8244 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
8245 libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes);
8246 re.coefficients[i0] = uu____0;
8247 }
8248 return re;
8249 }
8250
8251 /**
8252 Call [`deserialize_to_uncompressed_ring_element`] for each ring element.
8253 */
8254 /**
8255 A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key
8256 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8257 with const generics
8258 - K= 3
8259 */
libcrux_ml_kem_ind_cpa_deserialize_secret_key_24(Eurydice_slice secret_key,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U])8260 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_24(
8261 Eurydice_slice secret_key,
8262 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
8263 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U];
8264 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
8265 secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_ea();
8266 }
8267 for (size_t i = (size_t)0U;
8268 i < Eurydice_slice_len(secret_key, uint8_t) /
8269 LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT;
8270 i++) {
8271 size_t i0 = i;
8272 Eurydice_slice secret_bytes = Eurydice_slice_subslice2(
8273 secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
8274 i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT +
8275 LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
8276 uint8_t);
8277 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
8278 libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_af(
8279 secret_bytes);
8280 secret_as_ntt[i0] = uu____0;
8281 }
8282 memcpy(
8283 ret, secret_as_ntt,
8284 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
8285 }
8286
8287 /**
8288 A monomorphic instance of
8289 libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types
8290 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
8291 - $3size_t
8292 */
8293 typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8_s {
8294 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U];
8295 } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8;
8296
8297 /**
8298 A monomorphic instance of
8299 libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.closure with types
8300 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
8301 - K= 3
8302 - CIPHERTEXT_SIZE= 1088
8303 - U_COMPRESSION_FACTOR= 10
8304 */
8305 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_7c(size_t _)8306 libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_7c(size_t _) {
8307 return libcrux_ml_kem_polynomial_ZERO_89_ea();
8308 }
8309
8310 /**
8311 A monomorphic instance of
8312 libcrux_ml_kem.vector.portable.compress.decompress_ciphertext_coefficient with
8313 const generics
8314 - COEFFICIENT_BITS= 10
8315 */
8316 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)8317 libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b(
8318 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
8319 for (size_t i = (size_t)0U;
8320 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
8321 size_t i0 = i;
8322 int32_t decompressed = (int32_t)v.elements[i0] *
8323 (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
8324 decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)10);
8325 decompressed = decompressed >> (uint32_t)((int32_t)10 + (int32_t)1);
8326 v.elements[i0] = (int16_t)decompressed;
8327 }
8328 return v;
8329 }
8330
8331 /**
8332 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
8333 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
8334 */
8335 /**
8336 A monomorphic instance of
8337 libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_0d with const
8338 generics
8339 - COEFFICIENT_BITS= 10
8340 */
8341 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)8342 libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a(
8343 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
8344 return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b(
8345 v);
8346 }
8347
8348 /**
8349 A monomorphic instance of
8350 libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types
8351 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
8352
8353 */
8354 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_serialize_deserialize_then_decompress_10_2c(Eurydice_slice serialized)8355 libcrux_ml_kem_serialize_deserialize_then_decompress_10_2c(
8356 Eurydice_slice serialized) {
8357 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
8358 libcrux_ml_kem_polynomial_ZERO_89_ea();
8359 for (size_t i = (size_t)0U;
8360 i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) {
8361 size_t i0 = i;
8362 Eurydice_slice bytes = Eurydice_slice_subslice2(
8363 serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t);
8364 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
8365 libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes);
8366 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
8367 libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a(
8368 coefficient);
8369 re.coefficients[i0] = uu____0;
8370 }
8371 return re;
8372 }
8373
8374 /**
8375 A monomorphic instance of
8376 libcrux_ml_kem.vector.portable.compress.decompress_ciphertext_coefficient with
8377 const generics
8378 - COEFFICIENT_BITS= 11
8379 */
8380 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)8381 libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b0(
8382 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
8383 for (size_t i = (size_t)0U;
8384 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
8385 size_t i0 = i;
8386 int32_t decompressed = (int32_t)v.elements[i0] *
8387 (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
8388 decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)11);
8389 decompressed = decompressed >> (uint32_t)((int32_t)11 + (int32_t)1);
8390 v.elements[i0] = (int16_t)decompressed;
8391 }
8392 return v;
8393 }
8394
8395 /**
8396 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
8397 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
8398 */
8399 /**
8400 A monomorphic instance of
8401 libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_0d with const
8402 generics
8403 - COEFFICIENT_BITS= 11
8404 */
8405 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)8406 libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a0(
8407 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
8408 return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b0(
8409 v);
8410 }
8411
8412 /**
8413 A monomorphic instance of
8414 libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types
8415 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
8416
8417 */
8418 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_serialize_deserialize_then_decompress_11_8d(Eurydice_slice serialized)8419 libcrux_ml_kem_serialize_deserialize_then_decompress_11_8d(
8420 Eurydice_slice serialized) {
8421 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
8422 libcrux_ml_kem_polynomial_ZERO_89_ea();
8423 for (size_t i = (size_t)0U;
8424 i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) {
8425 size_t i0 = i;
8426 Eurydice_slice bytes = Eurydice_slice_subslice2(
8427 serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t);
8428 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
8429 libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes);
8430 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
8431 libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a0(
8432 coefficient);
8433 re.coefficients[i0] = uu____0;
8434 }
8435 return re;
8436 }
8437
8438 /**
8439 A monomorphic instance of
8440 libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types
8441 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
8442 - COMPRESSION_FACTOR= 10
8443 */
8444 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_34(Eurydice_slice serialized)8445 libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_34(
8446 Eurydice_slice serialized) {
8447 return libcrux_ml_kem_serialize_deserialize_then_decompress_10_2c(serialized);
8448 }
8449
8450 typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s {
8451 libcrux_ml_kem_vector_portable_vector_type_PortableVector fst;
8452 libcrux_ml_kem_vector_portable_vector_type_PortableVector snd;
8453 } libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2;
8454
8455 /**
8456 A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe
8457 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8458 with const generics
8459
8460 */
8461 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_traits_montgomery_multiply_fe_67(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,int16_t fer)8462 libcrux_ml_kem_vector_traits_montgomery_multiply_fe_67(
8463 libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) {
8464 return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v,
8465 fer);
8466 }
8467
8468 /**
8469 A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step
8470 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8471 with const generics
8472
8473 */
8474 static KRML_MUSTINLINE
8475 libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2
libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0c(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,libcrux_ml_kem_vector_portable_vector_type_PortableVector b,int16_t zeta_r)8476 libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0c(
8477 libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
8478 libcrux_ml_kem_vector_portable_vector_type_PortableVector b,
8479 int16_t zeta_r) {
8480 libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
8481 libcrux_ml_kem_vector_traits_montgomery_multiply_fe_67(b, zeta_r);
8482 b = libcrux_ml_kem_vector_portable_sub_0d(a, &t);
8483 a = libcrux_ml_kem_vector_portable_add_0d(a, &t);
8484 return (
8485 CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){
8486 .fst = a, .snd = b});
8487 }
8488
8489 /**
8490 A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus
8491 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8492 with const generics
8493
8494 */
libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(size_t * zeta_i,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re,size_t layer,size_t _initial_coefficient_bound)8495 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(
8496 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
8497 size_t layer, size_t _initial_coefficient_bound) {
8498 size_t step = (size_t)1U << (uint32_t)layer;
8499 for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
8500 size_t round = i0;
8501 zeta_i[0U] = zeta_i[0U] + (size_t)1U;
8502 size_t offset = round * step * (size_t)2U;
8503 size_t offset_vec = offset / (size_t)16U;
8504 size_t step_vec = step / (size_t)16U;
8505 for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
8506 size_t j = i;
8507 libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 =
8508 libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0c(
8509 re->coefficients[j], re->coefficients[j + step_vec],
8510 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);
8511 libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst;
8512 libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd;
8513 re->coefficients[j] = x;
8514 re->coefficients[j + step_vec] = y;
8515 }
8516 }
8517 }
8518
8519 /**
8520 A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3
8521 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8522 with const generics
8523
8524 */
libcrux_ml_kem_ntt_ntt_at_layer_3_fd(size_t * zeta_i,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re,size_t _layer,size_t _initial_coefficient_bound)8525 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_fd(
8526 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
8527 size_t _layer, size_t _initial_coefficient_bound) {
8528 for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
8529 size_t round = i;
8530 zeta_i[0U] = zeta_i[0U] + (size_t)1U;
8531 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
8532 libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d(
8533 re->coefficients[round],
8534 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);
8535 re->coefficients[round] = uu____0;
8536 }
8537 }
8538
8539 /**
8540 A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2
8541 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8542 with const generics
8543
8544 */
libcrux_ml_kem_ntt_ntt_at_layer_2_ad(size_t * zeta_i,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re,size_t _layer,size_t _initial_coefficient_bound)8545 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_ad(
8546 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
8547 size_t _layer, size_t _initial_coefficient_bound) {
8548 for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
8549 size_t round = i;
8550 zeta_i[0U] = zeta_i[0U] + (size_t)1U;
8551 re->coefficients[round] =
8552 libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d(
8553 re->coefficients[round],
8554 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]],
8555 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] +
8556 (size_t)1U]);
8557 zeta_i[0U] = zeta_i[0U] + (size_t)1U;
8558 }
8559 }
8560
8561 /**
8562 A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1
8563 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8564 with const generics
8565
8566 */
libcrux_ml_kem_ntt_ntt_at_layer_1_a2(size_t * zeta_i,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re,size_t _layer,size_t _initial_coefficient_bound)8567 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_a2(
8568 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
8569 size_t _layer, size_t _initial_coefficient_bound) {
8570 for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
8571 size_t round = i;
8572 zeta_i[0U] = zeta_i[0U] + (size_t)1U;
8573 re->coefficients[round] =
8574 libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d(
8575 re->coefficients[round],
8576 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]],
8577 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] +
8578 (size_t)1U],
8579 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] +
8580 (size_t)2U],
8581 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] +
8582 (size_t)3U]);
8583 zeta_i[0U] = zeta_i[0U] + (size_t)3U;
8584 }
8585 }
8586
8587 /**
8588 This function found in impl
8589 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}
8590 */
8591 /**
8592 A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89
8593 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8594 with const generics
8595
8596 */
libcrux_ml_kem_polynomial_poly_barrett_reduce_89_8b(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * self)8597 static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_8b(
8598 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) {
8599 for (size_t i = (size_t)0U;
8600 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
8601 size_t i0 = i;
8602 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
8603 libcrux_ml_kem_vector_portable_barrett_reduce_0d(
8604 self->coefficients[i0]);
8605 self->coefficients[i0] = uu____0;
8606 }
8607 }
8608
8609 /**
8610 A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u
8611 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8612 with const generics
8613 - VECTOR_U_COMPRESSION_FACTOR= 10
8614 */
libcrux_ml_kem_ntt_ntt_vector_u_9f(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re)8615 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_9f(
8616 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
8617 size_t zeta_i = (size_t)0U;
8618 libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)7U,
8619 (size_t)3328U);
8620 libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)6U,
8621 (size_t)3328U);
8622 libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)5U,
8623 (size_t)3328U);
8624 libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)4U,
8625 (size_t)3328U);
8626 libcrux_ml_kem_ntt_ntt_at_layer_3_fd(&zeta_i, re, (size_t)3U, (size_t)3328U);
8627 libcrux_ml_kem_ntt_ntt_at_layer_2_ad(&zeta_i, re, (size_t)2U, (size_t)3328U);
8628 libcrux_ml_kem_ntt_ntt_at_layer_1_a2(&zeta_i, re, (size_t)1U, (size_t)3328U);
8629 libcrux_ml_kem_polynomial_poly_barrett_reduce_89_8b(re);
8630 }
8631
8632 /**
8633 Call [`deserialize_then_decompress_ring_element_u`] on each ring element
8634 in the `ciphertext`.
8635 */
8636 /**
8637 A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u
8638 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8639 with const generics
8640 - K= 3
8641 - CIPHERTEXT_SIZE= 1088
8642 - U_COMPRESSION_FACTOR= 10
8643 */
8644 static KRML_MUSTINLINE void
libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_f4(uint8_t * ciphertext,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U])8645 libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_f4(
8646 uint8_t *ciphertext,
8647 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
8648 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U];
8649 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
8650 u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_ea();
8651 }
8652 for (size_t i = (size_t)0U;
8653 i < Eurydice_slice_len(
8654 Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t),
8655 uint8_t) /
8656 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
8657 (size_t)10U / (size_t)8U);
8658 i++) {
8659 size_t i0 = i;
8660 Eurydice_slice u_bytes = Eurydice_array_to_subslice2(
8661 ciphertext,
8662 i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
8663 (size_t)10U / (size_t)8U),
8664 i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
8665 (size_t)10U / (size_t)8U) +
8666 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
8667 (size_t)10U / (size_t)8U,
8668 uint8_t);
8669 u_as_ntt[i0] =
8670 libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_34(
8671 u_bytes);
8672 libcrux_ml_kem_ntt_ntt_vector_u_9f(&u_as_ntt[i0]);
8673 }
8674 memcpy(
8675 ret, u_as_ntt,
8676 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
8677 }
8678
8679 /**
8680 A monomorphic instance of
8681 libcrux_ml_kem.vector.portable.compress.decompress_ciphertext_coefficient with
8682 const generics
8683 - COEFFICIENT_BITS= 4
8684 */
8685 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)8686 libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b1(
8687 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
8688 for (size_t i = (size_t)0U;
8689 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
8690 size_t i0 = i;
8691 int32_t decompressed = (int32_t)v.elements[i0] *
8692 (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
8693 decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)4);
8694 decompressed = decompressed >> (uint32_t)((int32_t)4 + (int32_t)1);
8695 v.elements[i0] = (int16_t)decompressed;
8696 }
8697 return v;
8698 }
8699
8700 /**
8701 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
8702 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
8703 */
8704 /**
8705 A monomorphic instance of
8706 libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_0d with const
8707 generics
8708 - COEFFICIENT_BITS= 4
8709 */
8710 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)8711 libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a1(
8712 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
8713 return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b1(
8714 v);
8715 }
8716
8717 /**
8718 A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4
8719 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8720 with const generics
8721
8722 */
8723 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_serialize_deserialize_then_decompress_4_41(Eurydice_slice serialized)8724 libcrux_ml_kem_serialize_deserialize_then_decompress_4_41(
8725 Eurydice_slice serialized) {
8726 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
8727 libcrux_ml_kem_polynomial_ZERO_89_ea();
8728 for (size_t i = (size_t)0U;
8729 i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) {
8730 size_t i0 = i;
8731 Eurydice_slice bytes = Eurydice_slice_subslice2(
8732 serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t);
8733 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
8734 libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes);
8735 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
8736 libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a1(
8737 coefficient);
8738 re.coefficients[i0] = uu____0;
8739 }
8740 return re;
8741 }
8742
8743 /**
8744 A monomorphic instance of
8745 libcrux_ml_kem.vector.portable.compress.decompress_ciphertext_coefficient with
8746 const generics
8747 - COEFFICIENT_BITS= 5
8748 */
8749 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)8750 libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b2(
8751 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
8752 for (size_t i = (size_t)0U;
8753 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
8754 size_t i0 = i;
8755 int32_t decompressed = (int32_t)v.elements[i0] *
8756 (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
8757 decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)5);
8758 decompressed = decompressed >> (uint32_t)((int32_t)5 + (int32_t)1);
8759 v.elements[i0] = (int16_t)decompressed;
8760 }
8761 return v;
8762 }
8763
8764 /**
8765 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
8766 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
8767 */
8768 /**
8769 A monomorphic instance of
8770 libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_0d with const
8771 generics
8772 - COEFFICIENT_BITS= 5
8773 */
8774 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)8775 libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a2(
8776 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
8777 return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_6b2(
8778 v);
8779 }
8780
8781 /**
8782 A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5
8783 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8784 with const generics
8785
8786 */
8787 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_serialize_deserialize_then_decompress_5_4e(Eurydice_slice serialized)8788 libcrux_ml_kem_serialize_deserialize_then_decompress_5_4e(
8789 Eurydice_slice serialized) {
8790 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
8791 libcrux_ml_kem_polynomial_ZERO_89_ea();
8792 for (size_t i = (size_t)0U;
8793 i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) {
8794 size_t i0 = i;
8795 Eurydice_slice bytes = Eurydice_slice_subslice2(
8796 serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t);
8797 re.coefficients[i0] =
8798 libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes);
8799 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 =
8800 libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_5a2(
8801 re.coefficients[i0]);
8802 re.coefficients[i0] = uu____1;
8803 }
8804 return re;
8805 }
8806
8807 /**
8808 A monomorphic instance of
8809 libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types
8810 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
8811 - COMPRESSION_FACTOR= 4
8812 */
8813 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_56(Eurydice_slice serialized)8814 libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_56(
8815 Eurydice_slice serialized) {
8816 return libcrux_ml_kem_serialize_deserialize_then_decompress_4_41(serialized);
8817 }
8818
8819 /**
8820 Given two `KyberPolynomialRingElement`s in their NTT representations,
8821 compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`,
8822 the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation:
8823
8824 ```plaintext
8825 ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X²
8826 - ζ^(2·BitRev₇(i) + 1))
8827 ```
8828
8829 This function almost implements <strong>Algorithm 10</strong> of the
8830 NIST FIPS 203 standard, which is reproduced below:
8831
8832 ```plaintext
8833 Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆.
8834 Output: An array ĥ ∈ ℤq.
8835
8836 for(i ← 0; i < 128; i++)
8837 (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1],
8838 ζ^(2·BitRev₇(i) + 1)) end for return ĥ
8839 ```
8840 We say "almost" because the coefficients of the ring element output by
8841 this function are in the Montgomery domain.
8842
8843 The NIST FIPS 203 standard can be found at
8844 <https://csrc.nist.gov/pubs/fips/203/ipd>.
8845 */
8846 /**
8847 This function found in impl
8848 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}
8849 */
8850 /**
8851 A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89
8852 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8853 with const generics
8854
8855 */
8856 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_polynomial_ntt_multiply_89_2a(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * self,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * rhs)8857 libcrux_ml_kem_polynomial_ntt_multiply_89_2a(
8858 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
8859 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) {
8860 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out =
8861 libcrux_ml_kem_polynomial_ZERO_89_ea();
8862 for (size_t i = (size_t)0U;
8863 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
8864 size_t i0 = i;
8865 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
8866 libcrux_ml_kem_vector_portable_ntt_multiply_0d(
8867 &self->coefficients[i0], &rhs->coefficients[i0],
8868 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U +
8869 (size_t)4U * i0],
8870 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U +
8871 (size_t)4U * i0 +
8872 (size_t)1U],
8873 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U +
8874 (size_t)4U * i0 +
8875 (size_t)2U],
8876 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U +
8877 (size_t)4U * i0 +
8878 (size_t)3U]);
8879 out.coefficients[i0] = uu____0;
8880 }
8881 return out;
8882 }
8883
8884 /**
8885 Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise
8886 sum of their constituent coefficients.
8887 */
8888 /**
8889 This function found in impl
8890 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}
8891 */
8892 /**
8893 A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89
8894 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8895 with const generics
8896 - K= 3
8897 */
libcrux_ml_kem_polynomial_add_to_ring_element_89_84(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * self,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * rhs)8898 static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_84(
8899 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
8900 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) {
8901 for (size_t i = (size_t)0U;
8902 i < Eurydice_slice_len(
8903 Eurydice_array_to_slice(
8904 (size_t)16U, self->coefficients,
8905 libcrux_ml_kem_vector_portable_vector_type_PortableVector),
8906 libcrux_ml_kem_vector_portable_vector_type_PortableVector);
8907 i++) {
8908 size_t i0 = i;
8909 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
8910 libcrux_ml_kem_vector_portable_add_0d(self->coefficients[i0],
8911 &rhs->coefficients[i0]);
8912 self->coefficients[i0] = uu____0;
8913 }
8914 }
8915
8916 /**
8917 A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1
8918 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8919 with const generics
8920
8921 */
libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_83(size_t * zeta_i,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re,size_t _layer)8922 static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_83(
8923 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
8924 size_t _layer) {
8925 for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
8926 size_t round = i;
8927 zeta_i[0U] = zeta_i[0U] - (size_t)1U;
8928 re->coefficients[round] =
8929 libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d(
8930 re->coefficients[round],
8931 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]],
8932 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] -
8933 (size_t)1U],
8934 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] -
8935 (size_t)2U],
8936 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] -
8937 (size_t)3U]);
8938 zeta_i[0U] = zeta_i[0U] - (size_t)3U;
8939 }
8940 }
8941
8942 /**
8943 A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2
8944 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8945 with const generics
8946
8947 */
libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_c3(size_t * zeta_i,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re,size_t _layer)8948 static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_c3(
8949 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
8950 size_t _layer) {
8951 for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
8952 size_t round = i;
8953 zeta_i[0U] = zeta_i[0U] - (size_t)1U;
8954 re->coefficients[round] =
8955 libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d(
8956 re->coefficients[round],
8957 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]],
8958 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] -
8959 (size_t)1U]);
8960 zeta_i[0U] = zeta_i[0U] - (size_t)1U;
8961 }
8962 }
8963
8964 /**
8965 A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3
8966 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8967 with const generics
8968
8969 */
libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_68(size_t * zeta_i,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re,size_t _layer)8970 static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_68(
8971 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
8972 size_t _layer) {
8973 for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
8974 size_t round = i;
8975 zeta_i[0U] = zeta_i[0U] - (size_t)1U;
8976 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
8977 libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d(
8978 re->coefficients[round],
8979 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);
8980 re->coefficients[round] = uu____0;
8981 }
8982 }
8983
8984 /**
8985 A monomorphic instance of
8986 libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types
8987 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
8988
8989 */
8990 static KRML_MUSTINLINE
8991 libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2
libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_65(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,libcrux_ml_kem_vector_portable_vector_type_PortableVector b,int16_t zeta_r)8992 libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_65(
8993 libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
8994 libcrux_ml_kem_vector_portable_vector_type_PortableVector b,
8995 int16_t zeta_r) {
8996 libcrux_ml_kem_vector_portable_vector_type_PortableVector a_minus_b =
8997 libcrux_ml_kem_vector_portable_sub_0d(b, &a);
8998 a = libcrux_ml_kem_vector_portable_barrett_reduce_0d(
8999 libcrux_ml_kem_vector_portable_add_0d(a, &b));
9000 b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_67(a_minus_b, zeta_r);
9001 return (
9002 CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){
9003 .fst = a, .snd = b});
9004 }
9005
9006 /**
9007 A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus
9008 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
9009 with const generics
9010
9011 */
9012 static KRML_MUSTINLINE void
libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e(size_t * zeta_i,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re,size_t layer)9013 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e(
9014 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
9015 size_t layer) {
9016 size_t step = (size_t)1U << (uint32_t)layer;
9017 for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
9018 size_t round = i0;
9019 zeta_i[0U] = zeta_i[0U] - (size_t)1U;
9020 size_t offset = round * step * (size_t)2U;
9021 size_t offset_vec =
9022 offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR;
9023 size_t step_vec =
9024 step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR;
9025 for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
9026 size_t j = i;
9027 libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 =
9028 libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_65(
9029 re->coefficients[j], re->coefficients[j + step_vec],
9030 libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);
9031 libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst;
9032 libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd;
9033 re->coefficients[j] = x;
9034 re->coefficients[j + step_vec] = y;
9035 }
9036 }
9037 }
9038
9039 /**
9040 A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery
9041 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
9042 with const generics
9043 - K= 3
9044 */
libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f6(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re)9045 static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f6(
9046 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
9047 size_t zeta_i =
9048 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
9049 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_83(&zeta_i, re, (size_t)1U);
9050 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_c3(&zeta_i, re, (size_t)2U);
9051 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_68(&zeta_i, re, (size_t)3U);
9052 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e(&zeta_i, re,
9053 (size_t)4U);
9054 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e(&zeta_i, re,
9055 (size_t)5U);
9056 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e(&zeta_i, re,
9057 (size_t)6U);
9058 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e(&zeta_i, re,
9059 (size_t)7U);
9060 libcrux_ml_kem_polynomial_poly_barrett_reduce_89_8b(re);
9061 }
9062
9063 /**
9064 This function found in impl
9065 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}
9066 */
9067 /**
9068 A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89
9069 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
9070 with const generics
9071
9072 */
9073 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_polynomial_subtract_reduce_89_d4(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * self,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b)9074 libcrux_ml_kem_polynomial_subtract_reduce_89_d4(
9075 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
9076 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) {
9077 for (size_t i = (size_t)0U;
9078 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
9079 size_t i0 = i;
9080 libcrux_ml_kem_vector_portable_vector_type_PortableVector
9081 coefficient_normal_form =
9082 libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
9083 b.coefficients[i0], (int16_t)1441);
9084 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
9085 libcrux_ml_kem_vector_portable_barrett_reduce_0d(
9086 libcrux_ml_kem_vector_portable_sub_0d(self->coefficients[i0],
9087 &coefficient_normal_form));
9088 b.coefficients[i0] = uu____0;
9089 }
9090 return b;
9091 }
9092
9093 /**
9094 The following functions compute various expressions involving
9095 vectors and matrices. The computation of these expressions has been
9096 abstracted away into these functions in order to save on loop iterations.
9097 Compute v − InverseNTT(sᵀ ◦ NTT(u))
9098 */
9099 /**
9100 A monomorphic instance of libcrux_ml_kem.matrix.compute_message
9101 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
9102 with const generics
9103 - K= 3
9104 */
9105 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_matrix_compute_message_b3(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * v,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * secret_as_ntt,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * u_as_ntt)9106 libcrux_ml_kem_matrix_compute_message_b3(
9107 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v,
9108 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt,
9109 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) {
9110 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result =
9111 libcrux_ml_kem_polynomial_ZERO_89_ea();
9112 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9113 size_t i0 = i;
9114 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
9115 libcrux_ml_kem_polynomial_ntt_multiply_89_2a(&secret_as_ntt[i0],
9116 &u_as_ntt[i0]);
9117 libcrux_ml_kem_polynomial_add_to_ring_element_89_84(&result, &product);
9118 }
9119 libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f6(&result);
9120 result = libcrux_ml_kem_polynomial_subtract_reduce_89_d4(v, result);
9121 return result;
9122 }
9123
9124 /**
9125 A monomorphic instance of libcrux_ml_kem.vector.portable.arithmetic.shift_right
9126 with const generics
9127 - SHIFT_BY= 15
9128 */
9129 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_arithmetic_shift_right_94(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)9130 libcrux_ml_kem_vector_portable_arithmetic_shift_right_94(
9131 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
9132 for (size_t i = (size_t)0U;
9133 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
9134 size_t i0 = i;
9135 v.elements[i0] = v.elements[i0] >> (uint32_t)(int32_t)15;
9136 }
9137 return v;
9138 }
9139
9140 /**
9141 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
9142 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
9143 */
9144 /**
9145 A monomorphic instance of libcrux_ml_kem.vector.portable.shift_right_0d
9146 with const generics
9147 - SHIFT_BY= 15
9148 */
9149 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_shift_right_0d_19(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)9150 libcrux_ml_kem_vector_portable_shift_right_0d_19(
9151 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
9152 return libcrux_ml_kem_vector_portable_arithmetic_shift_right_94(v);
9153 }
9154
9155 /**
9156 A monomorphic instance of
9157 libcrux_ml_kem.vector.traits.to_unsigned_representative with types
9158 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
9159
9160 */
9161 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_traits_to_unsigned_representative_db(libcrux_ml_kem_vector_portable_vector_type_PortableVector a)9162 libcrux_ml_kem_vector_traits_to_unsigned_representative_db(
9163 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
9164 libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
9165 libcrux_ml_kem_vector_portable_shift_right_0d_19(a);
9166 libcrux_ml_kem_vector_portable_vector_type_PortableVector fm =
9167 libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d(
9168 t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
9169 return libcrux_ml_kem_vector_portable_add_0d(a, &fm);
9170 }
9171
9172 /**
9173 A monomorphic instance of
9174 libcrux_ml_kem.serialize.compress_then_serialize_message with types
9175 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
9176
9177 */
9178 static KRML_MUSTINLINE void
libcrux_ml_kem_serialize_compress_then_serialize_message_aa(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re,uint8_t ret[32U])9179 libcrux_ml_kem_serialize_compress_then_serialize_message_aa(
9180 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) {
9181 uint8_t serialized[32U] = {0U};
9182 for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
9183 size_t i0 = i;
9184 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
9185 libcrux_ml_kem_vector_traits_to_unsigned_representative_db(
9186 re.coefficients[i0]);
9187 libcrux_ml_kem_vector_portable_vector_type_PortableVector
9188 coefficient_compressed =
9189 libcrux_ml_kem_vector_portable_compress_1_0d(coefficient);
9190 uint8_t bytes[2U];
9191 libcrux_ml_kem_vector_portable_serialize_1_0d(coefficient_compressed,
9192 bytes);
9193 Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
9194 serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t);
9195 Eurydice_slice_copy(
9196 uu____0, Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), uint8_t);
9197 }
9198 memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t));
9199 }
9200
9201 /**
9202 This function implements <strong>Algorithm 14</strong> of the
9203 NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm.
9204
9205 Algorithm 14 is reproduced below:
9206
9207 ```plaintext
9208 Input: decryption key dkₚₖₑ ∈ ��^{384k}.
9209 Input: ciphertext c ∈ ��^{32(dᵤk + dᵥ)}.
9210 Output: message m ∈ ��^{32}.
9211
9212 c₁ ← c[0 : 32dᵤk]
9213 c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)]
9214 u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁))
9215 v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂))
9216 ŝ ← ByteDecode₁₂(dkₚₖₑ)
9217 w ← v - NTT-¹(ŝᵀ ◦ NTT(u))
9218 m ← ByteEncode₁(Compress₁(w))
9219 return m
9220 ```
9221
9222 The NIST FIPS 203 standard can be found at
9223 <https://csrc.nist.gov/pubs/fips/203/ipd>.
9224 */
9225 /**
9226 A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked
9227 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
9228 with const generics
9229 - K= 3
9230 - CIPHERTEXT_SIZE= 1088
9231 - VECTOR_U_ENCODED_SIZE= 960
9232 - U_COMPRESSION_FACTOR= 10
9233 - V_COMPRESSION_FACTOR= 4
9234 */
libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d(libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 * secret_key,uint8_t * ciphertext,uint8_t ret[32U])9235 static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d(
9236 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key,
9237 uint8_t *ciphertext, uint8_t ret[32U]) {
9238 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U];
9239 libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_f4(ciphertext, u_as_ntt);
9240 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
9241 libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_56(
9242 Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
9243 (size_t)960U, uint8_t, size_t));
9244 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message =
9245 libcrux_ml_kem_matrix_compute_message_b3(&v, secret_key->secret_as_ntt,
9246 u_as_ntt);
9247 uint8_t ret0[32U];
9248 libcrux_ml_kem_serialize_compress_then_serialize_message_aa(message, ret0);
9249 memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
9250 }
9251
9252 /**
9253 A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt
9254 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
9255 with const generics
9256 - K= 3
9257 - CIPHERTEXT_SIZE= 1088
9258 - VECTOR_U_ENCODED_SIZE= 960
9259 - U_COMPRESSION_FACTOR= 10
9260 - V_COMPRESSION_FACTOR= 4
9261 */
libcrux_ml_kem_ind_cpa_decrypt_43(Eurydice_slice secret_key,uint8_t * ciphertext,uint8_t ret[32U])9262 static inline void libcrux_ml_kem_ind_cpa_decrypt_43(Eurydice_slice secret_key,
9263 uint8_t *ciphertext,
9264 uint8_t ret[32U]) {
9265 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U];
9266 libcrux_ml_kem_ind_cpa_deserialize_secret_key_24(secret_key, secret_as_ntt);
9267 /* Passing arrays by value in Rust generates a copy in C */
9268 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U];
9269 memcpy(
9270 copy_of_secret_as_ntt, secret_as_ntt,
9271 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
9272 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8
9273 secret_key_unpacked;
9274 memcpy(
9275 secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
9276 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
9277 uint8_t ret0[32U];
9278 libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d(&secret_key_unpacked, ciphertext,
9279 ret0);
9280 memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
9281 }
9282
9283 /**
9284 This function found in impl {(libcrux_ml_kem::hash_functions::Hash<K> for
9285 libcrux_ml_kem::hash_functions::portable::PortableHash<K>)}
9286 */
9287 /**
9288 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1
9289 with const generics
9290 - K= 3
9291 */
libcrux_ml_kem_hash_functions_portable_G_f1_e4(Eurydice_slice input,uint8_t ret[64U])9292 static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_e4(
9293 Eurydice_slice input, uint8_t ret[64U]) {
9294 libcrux_ml_kem_hash_functions_portable_G(input, ret);
9295 }
9296
9297 /**
9298 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF
9299 with const generics
9300 - LEN= 32
9301 */
libcrux_ml_kem_hash_functions_portable_PRF_2b(Eurydice_slice input,uint8_t ret[32U])9302 static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_2b(
9303 Eurydice_slice input, uint8_t ret[32U]) {
9304 uint8_t digest[32U] = {0U};
9305 libcrux_sha3_portable_shake256(
9306 Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input);
9307 memcpy(ret, digest, (size_t)32U * sizeof(uint8_t));
9308 }
9309
9310 /**
9311 This function found in impl {(libcrux_ml_kem::hash_functions::Hash<K> for
9312 libcrux_ml_kem::hash_functions::portable::PortableHash<K>)}
9313 */
9314 /**
9315 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF_f1
9316 with const generics
9317 - K= 3
9318 - LEN= 32
9319 */
libcrux_ml_kem_hash_functions_portable_PRF_f1_ee(Eurydice_slice input,uint8_t ret[32U])9320 static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_ee(
9321 Eurydice_slice input, uint8_t ret[32U]) {
9322 libcrux_ml_kem_hash_functions_portable_PRF_2b(input, ret);
9323 }
9324
9325 /**
9326 A monomorphic instance of
9327 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types
9328 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
9329 - PUBLIC_KEY_SIZE= 1152
9330 - K= 3
9331 */
9332 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_cd(size_t _i)9333 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_cd(
9334 size_t _i) {
9335 return libcrux_ml_kem_polynomial_ZERO_89_ea();
9336 }
9337
9338 /**
9339 Only use with public values.
9340
9341 This MUST NOT be used with secret inputs, like its caller
9342 `deserialize_ring_elements_reduced`.
9343 */
9344 /**
9345 A monomorphic instance of
9346 libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types
9347 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
9348
9349 */
9350 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_4c(Eurydice_slice serialized)9351 libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_4c(
9352 Eurydice_slice serialized) {
9353 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
9354 libcrux_ml_kem_polynomial_ZERO_89_ea();
9355 for (size_t i = (size_t)0U;
9356 i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
9357 size_t i0 = i;
9358 Eurydice_slice bytes = Eurydice_slice_subslice2(
9359 serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t);
9360 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
9361 libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes);
9362 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
9363 libcrux_ml_kem_vector_portable_cond_subtract_3329_0d(coefficient);
9364 re.coefficients[i0] = uu____0;
9365 }
9366 return re;
9367 }
9368
9369 /**
9370 This function deserializes ring elements and reduces the result by the field
9371 modulus.
9372
9373 This function MUST NOT be used on secret inputs.
9374 */
9375 /**
9376 A monomorphic instance of
9377 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
9378 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
9379 - PUBLIC_KEY_SIZE= 1152
9380 - K= 3
9381 */
9382 static KRML_MUSTINLINE void
libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_33(Eurydice_slice public_key,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U])9383 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_33(
9384 Eurydice_slice public_key,
9385 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
9386 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U];
9387 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9388 deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_ea();
9389 }
9390 for (size_t i = (size_t)0U;
9391 i < Eurydice_slice_len(public_key, uint8_t) /
9392 LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT;
9393 i++) {
9394 size_t i0 = i;
9395 Eurydice_slice ring_element = Eurydice_slice_subslice2(
9396 public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
9397 i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT +
9398 LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
9399 uint8_t);
9400 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
9401 libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_4c(
9402 ring_element);
9403 deserialized_pk[i0] = uu____0;
9404 }
9405 memcpy(
9406 ret, deserialized_pk,
9407 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
9408 }
9409
9410 /**
9411 A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure.closure
9412 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
9413 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
9414 generics
9415 - K= 3
9416 */
9417 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_78(size_t _j)9418 libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_78(size_t _j) {
9419 return libcrux_ml_kem_polynomial_ZERO_89_ea();
9420 }
9421
9422 /**
9423 A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure
9424 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
9425 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
9426 generics
9427 - K= 3
9428 */
libcrux_ml_kem_matrix_sample_matrix_A_closure_4b(size_t _i,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U])9429 static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_4b(
9430 size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
9431 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9432 ret[i] = libcrux_ml_kem_polynomial_ZERO_89_ea();
9433 }
9434 }
9435
9436 /**
9437 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PortableHash
9438 with const generics
9439 - $3size_t
9440 */
9441 typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash_58_s {
9442 libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U];
9443 } libcrux_ml_kem_hash_functions_portable_PortableHash_58;
9444
9445 /**
9446 A monomorphic instance of
9447 libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics
9448 - K= 3
9449 */
9450 static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58
libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_b7(uint8_t input[3U][34U])9451 libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_b7(
9452 uint8_t input[3U][34U]) {
9453 libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U];
9454 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9455 shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();
9456 }
9457 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9458 size_t i0 = i;
9459 libcrux_sha3_portable_incremental_shake128_absorb_final(
9460 &shake128_state[i0],
9461 Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));
9462 }
9463 /* Passing arrays by value in Rust generates a copy in C */
9464 libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[3U];
9465 memcpy(copy_of_shake128_state, shake128_state,
9466 (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48));
9467 libcrux_ml_kem_hash_functions_portable_PortableHash_58 lit;
9468 memcpy(lit.shake128_state, copy_of_shake128_state,
9469 (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48));
9470 return lit;
9471 }
9472
9473 /**
9474 This function found in impl {(libcrux_ml_kem::hash_functions::Hash<K> for
9475 libcrux_ml_kem::hash_functions::portable::PortableHash<K>)}
9476 */
9477 /**
9478 A monomorphic instance of
9479 libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_f1 with const
9480 generics
9481 - K= 3
9482 */
9483 static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58
libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_8c(uint8_t input[3U][34U])9484 libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_8c(
9485 uint8_t input[3U][34U]) {
9486 /* Passing arrays by value in Rust generates a copy in C */
9487 uint8_t copy_of_input[3U][34U];
9488 memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U]));
9489 return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_b7(
9490 copy_of_input);
9491 }
9492
9493 /**
9494 A monomorphic instance of
9495 libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const
9496 generics
9497 - K= 3
9498 */
9499 static KRML_MUSTINLINE void
libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_ca(libcrux_ml_kem_hash_functions_portable_PortableHash_58 * st,uint8_t ret[3U][504U])9500 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_ca(
9501 libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st,
9502 uint8_t ret[3U][504U]) {
9503 uint8_t out[3U][504U] = {{0U}};
9504 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9505 size_t i0 = i;
9506 libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(
9507 &st->shake128_state[i0],
9508 Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));
9509 }
9510 memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U]));
9511 }
9512
9513 /**
9514 This function found in impl {(libcrux_ml_kem::hash_functions::Hash<K> for
9515 libcrux_ml_kem::hash_functions::portable::PortableHash<K>)}
9516 */
9517 /**
9518 A monomorphic instance of
9519 libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with
9520 const generics
9521 - K= 3
9522 */
9523 static KRML_MUSTINLINE void
libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_69(libcrux_ml_kem_hash_functions_portable_PortableHash_58 * self,uint8_t ret[3U][504U])9524 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_69(
9525 libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self,
9526 uint8_t ret[3U][504U]) {
9527 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_ca(self,
9528 ret);
9529 }
9530
9531 /**
9532 If `bytes` contains a set of uniformly random bytes, this function
9533 uniformly samples a ring element `â` that is treated as being the NTT
9534 representation of the corresponding polynomial `a`.
9535
9536 Since rejection sampling is used, it is possible the supplied bytes are
9537 not enough to sample the element, in which case an `Err` is returned and the
9538 caller must try again with a fresh set of bytes.
9539
9540 This function <strong>partially</strong> implements <strong>Algorithm
9541 6</strong> of the NIST FIPS 203 standard, We say "partially" because this
9542 implementation only accepts a finite set of bytes as input and returns an error
9543 if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other
9544 hand samples from an infinite stream of bytes until the ring element is filled.
9545 Algorithm 6 is reproduced below:
9546
9547 ```plaintext
9548 Input: byte stream B ∈ ��*.
9549 Output: array â ∈ ℤ₂₅₆.
9550
9551 i ← 0
9552 j ← 0
9553 while j < 256 do
9554 d₁ ← B[i] + 256·(B[i+1] mod 16)
9555 d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2]
9556 if d₁ < q then
9557 â[j] ← d₁
9558 j ← j + 1
9559 end if
9560 if d₂ < q and j < 256 then
9561 â[j] ← d₂
9562 j ← j + 1
9563 end if
9564 i ← i + 3
9565 end while
9566 return â
9567 ```
9568
9569 The NIST FIPS 203 standard can be found at
9570 <https://csrc.nist.gov/pubs/fips/203/ipd>.
9571 */
9572 /**
9573 A monomorphic instance of
9574 libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types
9575 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
9576 - K= 3
9577 - N= 504
9578 */
9579 static KRML_MUSTINLINE bool
libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_db(uint8_t randomness[3U][504U],size_t * sampled_coefficients,int16_t (* out)[272U])9580 libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_db(
9581 uint8_t randomness[3U][504U], size_t *sampled_coefficients,
9582 int16_t (*out)[272U]) {
9583 for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) {
9584 size_t i1 = i0;
9585 for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) {
9586 size_t r = i;
9587 if (sampled_coefficients[i1] <
9588 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
9589 Eurydice_slice uu____0 =
9590 Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U,
9591 r * (size_t)24U + (size_t)24U, uint8_t);
9592 size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d(
9593 uu____0, Eurydice_array_to_subslice2(
9594 out[i1], sampled_coefficients[i1],
9595 sampled_coefficients[i1] + (size_t)16U, int16_t));
9596 size_t uu____1 = i1;
9597 sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled;
9598 }
9599 }
9600 }
9601 bool done = true;
9602 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9603 size_t i0 = i;
9604 if (sampled_coefficients[i0] >=
9605 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
9606 sampled_coefficients[i0] =
9607 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT;
9608 } else {
9609 done = false;
9610 }
9611 }
9612 return done;
9613 }
9614
9615 /**
9616 A monomorphic instance of
9617 libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const
9618 generics
9619 - K= 3
9620 */
9621 static KRML_MUSTINLINE void
libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_dd(libcrux_ml_kem_hash_functions_portable_PortableHash_58 * st,uint8_t ret[3U][168U])9622 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_dd(
9623 libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st,
9624 uint8_t ret[3U][168U]) {
9625 uint8_t out[3U][168U] = {{0U}};
9626 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9627 size_t i0 = i;
9628 libcrux_sha3_portable_incremental_shake128_squeeze_next_block(
9629 &st->shake128_state[i0],
9630 Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));
9631 }
9632 memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U]));
9633 }
9634
9635 /**
9636 This function found in impl {(libcrux_ml_kem::hash_functions::Hash<K> for
9637 libcrux_ml_kem::hash_functions::portable::PortableHash<K>)}
9638 */
9639 /**
9640 A monomorphic instance of
9641 libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const
9642 generics
9643 - K= 3
9644 */
9645 static KRML_MUSTINLINE void
libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_60(libcrux_ml_kem_hash_functions_portable_PortableHash_58 * self,uint8_t ret[3U][168U])9646 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_60(
9647 libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self,
9648 uint8_t ret[3U][168U]) {
9649 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_dd(self, ret);
9650 }
9651
9652 /**
9653 If `bytes` contains a set of uniformly random bytes, this function
9654 uniformly samples a ring element `â` that is treated as being the NTT
9655 representation of the corresponding polynomial `a`.
9656
9657 Since rejection sampling is used, it is possible the supplied bytes are
9658 not enough to sample the element, in which case an `Err` is returned and the
9659 caller must try again with a fresh set of bytes.
9660
9661 This function <strong>partially</strong> implements <strong>Algorithm
9662 6</strong> of the NIST FIPS 203 standard, We say "partially" because this
9663 implementation only accepts a finite set of bytes as input and returns an error
9664 if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other
9665 hand samples from an infinite stream of bytes until the ring element is filled.
9666 Algorithm 6 is reproduced below:
9667
9668 ```plaintext
9669 Input: byte stream B ∈ ��*.
9670 Output: array â ∈ ℤ₂₅₆.
9671
9672 i ← 0
9673 j ← 0
9674 while j < 256 do
9675 d₁ ← B[i] + 256·(B[i+1] mod 16)
9676 d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2]
9677 if d₁ < q then
9678 â[j] ← d₁
9679 j ← j + 1
9680 end if
9681 if d₂ < q and j < 256 then
9682 â[j] ← d₂
9683 j ← j + 1
9684 end if
9685 i ← i + 3
9686 end while
9687 return â
9688 ```
9689
9690 The NIST FIPS 203 standard can be found at
9691 <https://csrc.nist.gov/pubs/fips/203/ipd>.
9692 */
9693 /**
9694 A monomorphic instance of
9695 libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types
9696 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
9697 - K= 3
9698 - N= 168
9699 */
9700 static KRML_MUSTINLINE bool
libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_db0(uint8_t randomness[3U][168U],size_t * sampled_coefficients,int16_t (* out)[272U])9701 libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_db0(
9702 uint8_t randomness[3U][168U], size_t *sampled_coefficients,
9703 int16_t (*out)[272U]) {
9704 for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) {
9705 size_t i1 = i0;
9706 for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) {
9707 size_t r = i;
9708 if (sampled_coefficients[i1] <
9709 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
9710 Eurydice_slice uu____0 =
9711 Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U,
9712 r * (size_t)24U + (size_t)24U, uint8_t);
9713 size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d(
9714 uu____0, Eurydice_array_to_subslice2(
9715 out[i1], sampled_coefficients[i1],
9716 sampled_coefficients[i1] + (size_t)16U, int16_t));
9717 size_t uu____1 = i1;
9718 sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled;
9719 }
9720 }
9721 }
9722 bool done = true;
9723 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9724 size_t i0 = i;
9725 if (sampled_coefficients[i0] >=
9726 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
9727 sampled_coefficients[i0] =
9728 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT;
9729 } else {
9730 done = false;
9731 }
9732 }
9733 return done;
9734 }
9735
9736 /**
9737 This function found in impl
9738 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}
9739 */
9740 /**
9741 A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89
9742 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
9743 with const generics
9744
9745 */
9746 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_polynomial_from_i16_array_89_c1(Eurydice_slice a)9747 libcrux_ml_kem_polynomial_from_i16_array_89_c1(Eurydice_slice a) {
9748 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result =
9749 libcrux_ml_kem_polynomial_ZERO_89_ea();
9750 for (size_t i = (size_t)0U;
9751 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
9752 size_t i0 = i;
9753 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
9754 libcrux_ml_kem_vector_portable_from_i16_array_0d(
9755 Eurydice_slice_subslice2(a, i0 * (size_t)16U,
9756 (i0 + (size_t)1U) * (size_t)16U, int16_t));
9757 result.coefficients[i0] = uu____0;
9758 }
9759 return result;
9760 }
9761
9762 /**
9763 A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure
9764 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
9765 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
9766 generics
9767 - K= 3
9768 */
9769 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_sampling_sample_from_xof_closure_04(int16_t s[272U])9770 libcrux_ml_kem_sampling_sample_from_xof_closure_04(int16_t s[272U]) {
9771 return libcrux_ml_kem_polynomial_from_i16_array_89_c1(
9772 Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t));
9773 }
9774
9775 /**
9776 A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof
9777 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
9778 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
9779 generics
9780 - K= 3
9781 */
libcrux_ml_kem_sampling_sample_from_xof_3f(uint8_t seeds[3U][34U],libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U])9782 static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_3f(
9783 uint8_t seeds[3U][34U],
9784 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
9785 size_t sampled_coefficients[3U] = {0U};
9786 int16_t out[3U][272U] = {{0U}};
9787 /* Passing arrays by value in Rust generates a copy in C */
9788 uint8_t copy_of_seeds[3U][34U];
9789 memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U]));
9790 libcrux_ml_kem_hash_functions_portable_PortableHash_58 xof_state =
9791 libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_8c(
9792 copy_of_seeds);
9793 uint8_t randomness0[3U][504U];
9794 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_69(
9795 &xof_state, randomness0);
9796 /* Passing arrays by value in Rust generates a copy in C */
9797 uint8_t copy_of_randomness0[3U][504U];
9798 memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U]));
9799 bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_db(
9800 copy_of_randomness0, sampled_coefficients, out);
9801 while (true) {
9802 if (done) {
9803 break;
9804 } else {
9805 uint8_t randomness[3U][168U];
9806 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_60(
9807 &xof_state, randomness);
9808 /* Passing arrays by value in Rust generates a copy in C */
9809 uint8_t copy_of_randomness[3U][168U];
9810 memcpy(copy_of_randomness, randomness,
9811 (size_t)3U * sizeof(uint8_t[168U]));
9812 done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_db0(
9813 copy_of_randomness, sampled_coefficients, out);
9814 }
9815 }
9816 /* Passing arrays by value in Rust generates a copy in C */
9817 int16_t copy_of_out[3U][272U];
9818 memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U]));
9819 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U];
9820 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9821 ret0[i] =
9822 libcrux_ml_kem_sampling_sample_from_xof_closure_04(copy_of_out[i]);
9823 }
9824 memcpy(
9825 ret, ret0,
9826 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
9827 }
9828
9829 /**
9830 A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A
9831 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
9832 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
9833 generics
9834 - K= 3
9835 */
libcrux_ml_kem_matrix_sample_matrix_A_38(uint8_t seed[34U],bool transpose,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U])9836 static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_38(
9837 uint8_t seed[34U], bool transpose,
9838 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) {
9839 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U];
9840 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9841 libcrux_ml_kem_matrix_sample_matrix_A_closure_4b(i, A_transpose[i]);
9842 }
9843 for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) {
9844 size_t i1 = i0;
9845 /* Passing arrays by value in Rust generates a copy in C */
9846 uint8_t copy_of_seed[34U];
9847 memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t));
9848 uint8_t seeds[3U][34U];
9849 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9850 memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));
9851 }
9852 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9853 size_t j = i;
9854 seeds[j][32U] = (uint8_t)i1;
9855 seeds[j][33U] = (uint8_t)j;
9856 }
9857 /* Passing arrays by value in Rust generates a copy in C */
9858 uint8_t copy_of_seeds[3U][34U];
9859 memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U]));
9860 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U];
9861 libcrux_ml_kem_sampling_sample_from_xof_3f(copy_of_seeds, sampled);
9862 for (size_t i = (size_t)0U;
9863 i < Eurydice_slice_len(
9864 Eurydice_array_to_slice(
9865 (size_t)3U, sampled,
9866 libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
9867 libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
9868 i++) {
9869 size_t j = i;
9870 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j];
9871 if (transpose) {
9872 A_transpose[j][i1] = sample;
9873 } else {
9874 A_transpose[i1][j] = sample;
9875 }
9876 }
9877 }
9878 memcpy(ret, A_transpose,
9879 (size_t)3U *
9880 sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]));
9881 }
9882
9883 /**
9884 A monomorphic instance of K.
9885 with types libcrux_ml_kem_polynomial_PolynomialRingElement
9886 libcrux_ml_kem_vector_portable_vector_type_PortableVector[3size_t], uint8_t
9887
9888 */
9889 typedef struct tuple_b0_s {
9890 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[3U];
9891 uint8_t snd;
9892 } tuple_b0;
9893
9894 /**
9895 A monomorphic instance of
9896 libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt.closure with types
9897 libcrux_ml_kem_vector_portable_vector_type_PortableVector,
9898 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
9899 generics
9900 - K= 3
9901 - ETA= 2
9902 - ETA_RANDOMNESS_SIZE= 128
9903 */
9904 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_f7(size_t _i)9905 libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_f7(size_t _i) {
9906 return libcrux_ml_kem_polynomial_ZERO_89_ea();
9907 }
9908
9909 /**
9910 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN
9911 with const generics
9912 - K= 3
9913 - LEN= 128
9914 */
libcrux_ml_kem_hash_functions_portable_PRFxN_c5(uint8_t (* input)[33U],uint8_t ret[3U][128U])9915 static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_c5(
9916 uint8_t (*input)[33U], uint8_t ret[3U][128U]) {
9917 uint8_t out[3U][128U] = {{0U}};
9918 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9919 size_t i0 = i;
9920 libcrux_sha3_portable_shake256(
9921 Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t),
9922 Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));
9923 }
9924 memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U]));
9925 }
9926
9927 /**
9928 This function found in impl {(libcrux_ml_kem::hash_functions::Hash<K> for
9929 libcrux_ml_kem::hash_functions::portable::PortableHash<K>)}
9930 */
9931 /**
9932 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN_f1
9933 with const generics
9934 - K= 3
9935 - LEN= 128
9936 */
libcrux_ml_kem_hash_functions_portable_PRFxN_f1_93(uint8_t (* input)[33U],uint8_t ret[3U][128U])9937 static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_93(
9938 uint8_t (*input)[33U], uint8_t ret[3U][128U]) {
9939 libcrux_ml_kem_hash_functions_portable_PRFxN_c5(input, ret);
9940 }
9941
9942 /**
9943 Given a series of uniformly random bytes in `randomness`, for some number
9944 `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring
9945 element from a binomial distribution centered at 0 that uses two sets of `eta`
9946 coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v`
9947 such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and:
9948
9949 ```plaintext
9950 - If v < 0, Pr[v] = Pr[-v]
9951 - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA)
9952 ```
9953
9954 The values `v < 0` are mapped to the appropriate `KyberFieldElement`.
9955
9956 The expected value is:
9957
9958 ```plaintext
9959 E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1]
9960 + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0.
9961 ```
9962
9963 And the variance is:
9964
9965 ```plaintext
9966 Var(X) = E[(X - E[X])^2]
9967 = E[X^2]
9968 = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) /
9969 2^(2 * ETA)) = ETA / 2
9970 ```
9971
9972 This function implements <strong>Algorithm 7</strong> of the NIST FIPS 203
9973 standard, which is reproduced below:
9974
9975 ```plaintext
9976 Input: byte array B ∈ ��^{64η}.
9977 Output: array f ∈ ℤ₂₅₆.
9978
9979 b ← BytesToBits(B)
9980 for (i ← 0; i < 256; i++)
9981 x ← ∑(j=0 to η - 1) b[2iη + j]
9982 y ← ∑(j=0 to η - 1) b[2iη + η + j]
9983 f[i] ← x−y mod q
9984 end for
9985 return f
9986 ```
9987
9988 The NIST FIPS 203 standard can be found at
9989 <https://csrc.nist.gov/pubs/fips/203/ipd>.
9990 */
9991 /**
9992 A monomorphic instance of
9993 libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types
9994 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
9995
9996 */
9997 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_85(Eurydice_slice randomness)9998 libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_85(
9999 Eurydice_slice randomness) {
10000 int16_t sampled_i16s[256U] = {0U};
10001 for (size_t i0 = (size_t)0U;
10002 i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) {
10003 size_t chunk_number = i0;
10004 Eurydice_slice byte_chunk = Eurydice_slice_subslice2(
10005 randomness, chunk_number * (size_t)4U,
10006 chunk_number * (size_t)4U + (size_t)4U, uint8_t);
10007 uint32_t random_bits_as_u32 =
10008 (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t,
10009 uint8_t *) |
10010 (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t,
10011 uint8_t *)
10012 << 8U) |
10013 (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t,
10014 uint8_t *)
10015 << 16U) |
10016 (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t,
10017 uint8_t *)
10018 << 24U;
10019 uint32_t even_bits = random_bits_as_u32 & 1431655765U;
10020 uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U;
10021 uint32_t coin_toss_outcomes = even_bits + odd_bits;
10022 for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) {
10023 uint32_t outcome_set = i;
10024 uint32_t outcome_set0 = outcome_set * 4U;
10025 int16_t outcome_1 =
10026 (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U);
10027 int16_t outcome_2 =
10028 (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U);
10029 size_t offset = (size_t)(outcome_set0 >> 2U);
10030 sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2;
10031 }
10032 }
10033 return libcrux_ml_kem_polynomial_from_i16_array_89_c1(
10034 Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t));
10035 }
10036
10037 /**
10038 A monomorphic instance of
10039 libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types
10040 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
10041
10042 */
10043 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_eb(Eurydice_slice randomness)10044 libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_eb(
10045 Eurydice_slice randomness) {
10046 int16_t sampled_i16s[256U] = {0U};
10047 for (size_t i0 = (size_t)0U;
10048 i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) {
10049 size_t chunk_number = i0;
10050 Eurydice_slice byte_chunk = Eurydice_slice_subslice2(
10051 randomness, chunk_number * (size_t)3U,
10052 chunk_number * (size_t)3U + (size_t)3U, uint8_t);
10053 uint32_t random_bits_as_u24 =
10054 ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t,
10055 uint8_t *) |
10056 (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t,
10057 uint8_t *)
10058 << 8U) |
10059 (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t,
10060 uint8_t *)
10061 << 16U;
10062 uint32_t first_bits = random_bits_as_u24 & 2396745U;
10063 uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U;
10064 uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U;
10065 uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits;
10066 for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) {
10067 int32_t outcome_set = i;
10068 int32_t outcome_set0 = outcome_set * (int32_t)6;
10069 int16_t outcome_1 =
10070 (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U);
10071 int16_t outcome_2 = (int16_t)(coin_toss_outcomes >>
10072 (uint32_t)(outcome_set0 + (int32_t)3) &
10073 7U);
10074 size_t offset = (size_t)(outcome_set0 / (int32_t)6);
10075 sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2;
10076 }
10077 }
10078 return libcrux_ml_kem_polynomial_from_i16_array_89_c1(
10079 Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t));
10080 }
10081
10082 /**
10083 A monomorphic instance of
10084 libcrux_ml_kem.sampling.sample_from_binomial_distribution with types
10085 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
10086 - ETA= 2
10087 */
10088 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_sampling_sample_from_binomial_distribution_c6(Eurydice_slice randomness)10089 libcrux_ml_kem_sampling_sample_from_binomial_distribution_c6(
10090 Eurydice_slice randomness) {
10091 return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_85(
10092 randomness);
10093 }
10094
10095 /**
10096 A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7
10097 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10098 with const generics
10099
10100 */
libcrux_ml_kem_ntt_ntt_at_layer_7_f4(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re)10101 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_f4(
10102 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
10103 size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
10104 for (size_t i = (size_t)0U; i < step; i++) {
10105 size_t j = i;
10106 libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
10107 libcrux_ml_kem_vector_portable_multiply_by_constant_0d(
10108 re->coefficients[j + step], (int16_t)-1600);
10109 re->coefficients[j + step] =
10110 libcrux_ml_kem_vector_portable_sub_0d(re->coefficients[j], &t);
10111 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 =
10112 libcrux_ml_kem_vector_portable_add_0d(re->coefficients[j], &t);
10113 re->coefficients[j] = uu____1;
10114 }
10115 }
10116
10117 /**
10118 A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element
10119 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10120 with const generics
10121
10122 */
10123 static KRML_MUSTINLINE void
libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_0f(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re)10124 libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_0f(
10125 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
10126 libcrux_ml_kem_ntt_ntt_at_layer_7_f4(re);
10127 size_t zeta_i = (size_t)1U;
10128 libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)6U,
10129 (size_t)3U);
10130 libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)5U,
10131 (size_t)3U);
10132 libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)4U,
10133 (size_t)3U);
10134 libcrux_ml_kem_ntt_ntt_at_layer_3_fd(&zeta_i, re, (size_t)3U, (size_t)3U);
10135 libcrux_ml_kem_ntt_ntt_at_layer_2_ad(&zeta_i, re, (size_t)2U, (size_t)3U);
10136 libcrux_ml_kem_ntt_ntt_at_layer_1_a2(&zeta_i, re, (size_t)1U, (size_t)3U);
10137 libcrux_ml_kem_polynomial_poly_barrett_reduce_89_8b(re);
10138 }
10139
10140 /**
10141 Sample a vector of ring elements from a centered binomial distribution and
10142 convert them into their NTT representations.
10143 */
10144 /**
10145 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt
10146 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
10147 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
10148 generics
10149 - K= 3
10150 - ETA= 2
10151 - ETA_RANDOMNESS_SIZE= 128
10152 */
10153 static KRML_MUSTINLINE tuple_b0
libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc(uint8_t prf_input[33U],uint8_t domain_separator)10154 libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc(uint8_t prf_input[33U],
10155 uint8_t domain_separator) {
10156 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U];
10157 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
10158 re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_ea();
10159 }
10160 /* Passing arrays by value in Rust generates a copy in C */
10161 uint8_t copy_of_prf_input[33U];
10162 memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
10163 uint8_t prf_inputs[3U][33U];
10164 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
10165 memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));
10166 }
10167 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
10168 size_t i0 = i;
10169 prf_inputs[i0][32U] = domain_separator;
10170 domain_separator = (uint32_t)domain_separator + 1U;
10171 }
10172 uint8_t prf_outputs[3U][128U];
10173 libcrux_ml_kem_hash_functions_portable_PRFxN_f1_93(prf_inputs, prf_outputs);
10174 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
10175 size_t i0 = i;
10176 re_as_ntt[i0] =
10177 libcrux_ml_kem_sampling_sample_from_binomial_distribution_c6(
10178 Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
10179 libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_0f(&re_as_ntt[i0]);
10180 }
10181 /* Passing arrays by value in Rust generates a copy in C */
10182 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U];
10183 memcpy(
10184 copy_of_re_as_ntt, re_as_ntt,
10185 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
10186 tuple_b0 lit;
10187 memcpy(
10188 lit.fst, copy_of_re_as_ntt,
10189 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
10190 lit.snd = domain_separator;
10191 return lit;
10192 }
10193
10194 /**
10195 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd.closure
10196 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
10197 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
10198 generics
10199 - K= 3
10200 - ETA2_RANDOMNESS_SIZE= 128
10201 - ETA2= 2
10202 */
10203 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_77(size_t _i)10204 libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_77(size_t _i) {
10205 return libcrux_ml_kem_polynomial_ZERO_89_ea();
10206 }
10207
10208 /**
10209 Sample a vector of ring elements from a centered binomial distribution.
10210 */
10211 /**
10212 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd
10213 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
10214 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
10215 generics
10216 - K= 3
10217 - ETA2_RANDOMNESS_SIZE= 128
10218 - ETA2= 2
10219 */
10220 static KRML_MUSTINLINE tuple_b0
libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_ac(uint8_t prf_input[33U],uint8_t domain_separator)10221 libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_ac(uint8_t prf_input[33U],
10222 uint8_t domain_separator) {
10223 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U];
10224 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
10225 error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_ea();
10226 }
10227 /* Passing arrays by value in Rust generates a copy in C */
10228 uint8_t copy_of_prf_input[33U];
10229 memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
10230 uint8_t prf_inputs[3U][33U];
10231 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
10232 memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));
10233 }
10234 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
10235 size_t i0 = i;
10236 prf_inputs[i0][32U] = domain_separator;
10237 domain_separator = (uint32_t)domain_separator + 1U;
10238 }
10239 uint8_t prf_outputs[3U][128U];
10240 libcrux_ml_kem_hash_functions_portable_PRFxN_f1_93(prf_inputs, prf_outputs);
10241 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
10242 size_t i0 = i;
10243 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 =
10244 libcrux_ml_kem_sampling_sample_from_binomial_distribution_c6(
10245 Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
10246 error_1[i0] = uu____1;
10247 }
10248 /* Passing arrays by value in Rust generates a copy in C */
10249 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[3U];
10250 memcpy(
10251 copy_of_error_1, error_1,
10252 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
10253 tuple_b0 lit;
10254 memcpy(
10255 lit.fst, copy_of_error_1,
10256 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
10257 lit.snd = domain_separator;
10258 return lit;
10259 }
10260
10261 /**
10262 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF
10263 with const generics
10264 - LEN= 128
10265 */
libcrux_ml_kem_hash_functions_portable_PRF_2b0(Eurydice_slice input,uint8_t ret[128U])10266 static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_2b0(
10267 Eurydice_slice input, uint8_t ret[128U]) {
10268 uint8_t digest[128U] = {0U};
10269 libcrux_sha3_portable_shake256(
10270 Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input);
10271 memcpy(ret, digest, (size_t)128U * sizeof(uint8_t));
10272 }
10273
10274 /**
10275 This function found in impl {(libcrux_ml_kem::hash_functions::Hash<K> for
10276 libcrux_ml_kem::hash_functions::portable::PortableHash<K>)}
10277 */
10278 /**
10279 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF_f1
10280 with const generics
10281 - K= 3
10282 - LEN= 128
10283 */
libcrux_ml_kem_hash_functions_portable_PRF_f1_ee0(Eurydice_slice input,uint8_t ret[128U])10284 static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_ee0(
10285 Eurydice_slice input, uint8_t ret[128U]) {
10286 libcrux_ml_kem_hash_functions_portable_PRF_2b0(input, ret);
10287 }
10288
10289 /**
10290 A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u.closure
10291 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10292 with const generics
10293 - K= 3
10294 */
10295 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_matrix_compute_vector_u_closure_d6(size_t _i)10296 libcrux_ml_kem_matrix_compute_vector_u_closure_d6(size_t _i) {
10297 return libcrux_ml_kem_polynomial_ZERO_89_ea();
10298 }
10299
10300 /**
10301 This function found in impl
10302 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}
10303 */
10304 /**
10305 A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89
10306 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10307 with const generics
10308
10309 */
libcrux_ml_kem_polynomial_add_error_reduce_89_38(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * self,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * error)10310 static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_38(
10311 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
10312 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) {
10313 for (size_t i = (size_t)0U;
10314 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
10315 size_t j = i;
10316 libcrux_ml_kem_vector_portable_vector_type_PortableVector
10317 coefficient_normal_form =
10318 libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
10319 self->coefficients[j], (int16_t)1441);
10320 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
10321 libcrux_ml_kem_vector_portable_barrett_reduce_0d(
10322 libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form,
10323 &error->coefficients[j]));
10324 self->coefficients[j] = uu____0;
10325 }
10326 }
10327
10328 /**
10329 Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁
10330 */
10331 /**
10332 A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u
10333 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10334 with const generics
10335 - K= 3
10336 */
libcrux_ml_kem_matrix_compute_vector_u_59(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (* a_as_ntt)[3U],libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * r_as_ntt,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * error_1,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U])10337 static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_59(
10338 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U],
10339 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
10340 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1,
10341 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
10342 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
10343 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
10344 result[i] = libcrux_ml_kem_polynomial_ZERO_89_ea();
10345 }
10346 for (size_t i0 = (size_t)0U;
10347 i0 < Eurydice_slice_len(
10348 Eurydice_array_to_slice(
10349 (size_t)3U, a_as_ntt,
10350 libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]),
10351 libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]);
10352 i0++) {
10353 size_t i1 = i0;
10354 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1];
10355 for (size_t i = (size_t)0U;
10356 i < Eurydice_slice_len(
10357 Eurydice_array_to_slice(
10358 (size_t)3U, row,
10359 libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
10360 libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
10361 i++) {
10362 size_t j = i;
10363 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j];
10364 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
10365 libcrux_ml_kem_polynomial_ntt_multiply_89_2a(a_element, &r_as_ntt[j]);
10366 libcrux_ml_kem_polynomial_add_to_ring_element_89_84(&result[i1],
10367 &product);
10368 }
10369 libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f6(&result[i1]);
10370 libcrux_ml_kem_polynomial_add_error_reduce_89_38(&result[i1], &error_1[i1]);
10371 }
10372 memcpy(
10373 ret, result,
10374 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
10375 }
10376
10377 /**
10378 A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1
10379 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10380 with const generics
10381
10382 */
10383 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_traits_decompress_1_63(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)10384 libcrux_ml_kem_vector_traits_decompress_1_63(
10385 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
10386 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
10387 libcrux_ml_kem_vector_portable_ZERO_0d();
10388 return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d(
10389 libcrux_ml_kem_vector_portable_sub_0d(uu____0, &v), (int16_t)1665);
10390 }
10391
10392 /**
10393 A monomorphic instance of
10394 libcrux_ml_kem.serialize.deserialize_then_decompress_message with types
10395 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
10396
10397 */
10398 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_serialize_deserialize_then_decompress_message_0d(uint8_t serialized[32U])10399 libcrux_ml_kem_serialize_deserialize_then_decompress_message_0d(
10400 uint8_t serialized[32U]) {
10401 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
10402 libcrux_ml_kem_polynomial_ZERO_89_ea();
10403 for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
10404 size_t i0 = i;
10405 libcrux_ml_kem_vector_portable_vector_type_PortableVector
10406 coefficient_compressed =
10407 libcrux_ml_kem_vector_portable_deserialize_1_0d(
10408 Eurydice_array_to_subslice2(serialized, (size_t)2U * i0,
10409 (size_t)2U * i0 + (size_t)2U,
10410 uint8_t));
10411 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
10412 libcrux_ml_kem_vector_traits_decompress_1_63(coefficient_compressed);
10413 re.coefficients[i0] = uu____0;
10414 }
10415 return re;
10416 }
10417
10418 /**
10419 This function found in impl
10420 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}
10421 */
10422 /**
10423 A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89
10424 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10425 with const generics
10426
10427 */
10428 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_polynomial_add_message_error_reduce_89_ea(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * self,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * message,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result)10429 libcrux_ml_kem_polynomial_add_message_error_reduce_89_ea(
10430 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
10431 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message,
10432 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) {
10433 for (size_t i = (size_t)0U;
10434 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
10435 size_t i0 = i;
10436 libcrux_ml_kem_vector_portable_vector_type_PortableVector
10437 coefficient_normal_form =
10438 libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
10439 result.coefficients[i0], (int16_t)1441);
10440 libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp =
10441 libcrux_ml_kem_vector_portable_add_0d(self->coefficients[i0],
10442 &message->coefficients[i0]);
10443 libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp0 =
10444 libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, &tmp);
10445 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
10446 libcrux_ml_kem_vector_portable_barrett_reduce_0d(tmp0);
10447 result.coefficients[i0] = uu____0;
10448 }
10449 return result;
10450 }
10451
10452 /**
10453 Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message
10454 */
10455 /**
10456 A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v
10457 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10458 with const generics
10459 - K= 3
10460 */
10461 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_matrix_compute_ring_element_v_54(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * t_as_ntt,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * r_as_ntt,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * error_2,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * message)10462 libcrux_ml_kem_matrix_compute_ring_element_v_54(
10463 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
10464 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
10465 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2,
10466 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) {
10467 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result =
10468 libcrux_ml_kem_polynomial_ZERO_89_ea();
10469 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
10470 size_t i0 = i;
10471 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
10472 libcrux_ml_kem_polynomial_ntt_multiply_89_2a(&t_as_ntt[i0],
10473 &r_as_ntt[i0]);
10474 libcrux_ml_kem_polynomial_add_to_ring_element_89_84(&result, &product);
10475 }
10476 libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f6(&result);
10477 result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_ea(
10478 error_2, message, result);
10479 return result;
10480 }
10481
10482 /**
10483 A monomorphic instance of libcrux_ml_kem.vector.portable.compress.compress
10484 with const generics
10485 - COEFFICIENT_BITS= 10
10486 */
10487 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_compress_02(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)10488 libcrux_ml_kem_vector_portable_compress_compress_02(
10489 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
10490 for (size_t i = (size_t)0U;
10491 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
10492 size_t i0 = i;
10493 int16_t uu____0 =
10494 libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient(
10495 (uint8_t)(int32_t)10, (uint16_t)v.elements[i0]);
10496 v.elements[i0] = uu____0;
10497 }
10498 return v;
10499 }
10500
10501 /**
10502 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
10503 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
10504 */
10505 /**
10506 A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d
10507 with const generics
10508 - COEFFICIENT_BITS= 10
10509 */
10510 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_0d_28(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)10511 libcrux_ml_kem_vector_portable_compress_0d_28(
10512 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
10513 return libcrux_ml_kem_vector_portable_compress_compress_02(v);
10514 }
10515
10516 /**
10517 A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10
10518 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10519 with const generics
10520 - OUT_LEN= 320
10521 */
10522 static KRML_MUSTINLINE void
libcrux_ml_kem_serialize_compress_then_serialize_10_fc(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re,uint8_t ret[320U])10523 libcrux_ml_kem_serialize_compress_then_serialize_10_fc(
10524 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) {
10525 uint8_t serialized[320U] = {0U};
10526 for (size_t i = (size_t)0U;
10527 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
10528 size_t i0 = i;
10529 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
10530 libcrux_ml_kem_vector_portable_compress_0d_28(
10531 libcrux_ml_kem_vector_traits_to_unsigned_representative_db(
10532 re->coefficients[i0]));
10533 uint8_t bytes[20U];
10534 libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes);
10535 Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
10536 serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t);
10537 Eurydice_slice_copy(
10538 uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t);
10539 }
10540 memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t));
10541 }
10542
10543 /**
10544 A monomorphic instance of libcrux_ml_kem.vector.portable.compress.compress
10545 with const generics
10546 - COEFFICIENT_BITS= 11
10547 */
10548 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_compress_020(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)10549 libcrux_ml_kem_vector_portable_compress_compress_020(
10550 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
10551 for (size_t i = (size_t)0U;
10552 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
10553 size_t i0 = i;
10554 int16_t uu____0 =
10555 libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient(
10556 (uint8_t)(int32_t)11, (uint16_t)v.elements[i0]);
10557 v.elements[i0] = uu____0;
10558 }
10559 return v;
10560 }
10561
10562 /**
10563 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
10564 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
10565 */
10566 /**
10567 A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d
10568 with const generics
10569 - COEFFICIENT_BITS= 11
10570 */
10571 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_0d_280(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)10572 libcrux_ml_kem_vector_portable_compress_0d_280(
10573 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
10574 return libcrux_ml_kem_vector_portable_compress_compress_020(v);
10575 }
10576
10577 /**
10578 A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11
10579 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10580 with const generics
10581 - OUT_LEN= 320
10582 */
10583 static KRML_MUSTINLINE void
libcrux_ml_kem_serialize_compress_then_serialize_11_e1(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re,uint8_t ret[320U])10584 libcrux_ml_kem_serialize_compress_then_serialize_11_e1(
10585 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) {
10586 uint8_t serialized[320U] = {0U};
10587 for (size_t i = (size_t)0U;
10588 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
10589 size_t i0 = i;
10590 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
10591 libcrux_ml_kem_vector_portable_compress_0d_280(
10592 libcrux_ml_kem_vector_traits_to_unsigned_representative_db(
10593 re->coefficients[i0]));
10594 uint8_t bytes[22U];
10595 libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes);
10596 Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
10597 serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t);
10598 Eurydice_slice_copy(
10599 uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t);
10600 }
10601 memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t));
10602 }
10603
10604 /**
10605 A monomorphic instance of
10606 libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types
10607 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
10608 - COMPRESSION_FACTOR= 10
10609 - OUT_LEN= 320
10610 */
10611 static KRML_MUSTINLINE void
libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_5f(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re,uint8_t ret[320U])10612 libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_5f(
10613 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) {
10614 uint8_t uu____0[320U];
10615 libcrux_ml_kem_serialize_compress_then_serialize_10_fc(re, uu____0);
10616 memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t));
10617 }
10618
10619 /**
10620 Call [`compress_then_serialize_ring_element_u`] on each ring element.
10621 */
10622 /**
10623 A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u
10624 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10625 with const generics
10626 - K= 3
10627 - OUT_LEN= 960
10628 - COMPRESSION_FACTOR= 10
10629 - BLOCK_LEN= 320
10630 */
libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a7(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U],Eurydice_slice out)10631 static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a7(
10632 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U],
10633 Eurydice_slice out) {
10634 for (size_t i = (size_t)0U;
10635 i < Eurydice_slice_len(
10636 Eurydice_array_to_slice(
10637 (size_t)3U, input,
10638 libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
10639 libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
10640 i++) {
10641 size_t i0 = i;
10642 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0];
10643 Eurydice_slice uu____0 = Eurydice_slice_subslice2(
10644 out, i0 * ((size_t)960U / (size_t)3U),
10645 (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t);
10646 uint8_t ret[320U];
10647 libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_5f(&re,
10648 ret);
10649 Eurydice_slice_copy(
10650 uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t);
10651 }
10652 }
10653
10654 /**
10655 A monomorphic instance of libcrux_ml_kem.vector.portable.compress.compress
10656 with const generics
10657 - COEFFICIENT_BITS= 4
10658 */
10659 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_compress_021(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)10660 libcrux_ml_kem_vector_portable_compress_compress_021(
10661 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
10662 for (size_t i = (size_t)0U;
10663 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
10664 size_t i0 = i;
10665 int16_t uu____0 =
10666 libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient(
10667 (uint8_t)(int32_t)4, (uint16_t)v.elements[i0]);
10668 v.elements[i0] = uu____0;
10669 }
10670 return v;
10671 }
10672
10673 /**
10674 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
10675 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
10676 */
10677 /**
10678 A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d
10679 with const generics
10680 - COEFFICIENT_BITS= 4
10681 */
10682 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_0d_281(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)10683 libcrux_ml_kem_vector_portable_compress_0d_281(
10684 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
10685 return libcrux_ml_kem_vector_portable_compress_compress_021(v);
10686 }
10687
10688 /**
10689 A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4
10690 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10691 with const generics
10692
10693 */
10694 static KRML_MUSTINLINE void
libcrux_ml_kem_serialize_compress_then_serialize_4_9a(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re,Eurydice_slice serialized)10695 libcrux_ml_kem_serialize_compress_then_serialize_4_9a(
10696 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re,
10697 Eurydice_slice serialized) {
10698 for (size_t i = (size_t)0U;
10699 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
10700 size_t i0 = i;
10701 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
10702 libcrux_ml_kem_vector_portable_compress_0d_281(
10703 libcrux_ml_kem_vector_traits_to_unsigned_representative_db(
10704 re.coefficients[i0]));
10705 uint8_t bytes[8U];
10706 libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes);
10707 Eurydice_slice_copy(
10708 Eurydice_slice_subslice2(serialized, (size_t)8U * i0,
10709 (size_t)8U * i0 + (size_t)8U, uint8_t),
10710 Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t);
10711 }
10712 }
10713
10714 /**
10715 A monomorphic instance of libcrux_ml_kem.vector.portable.compress.compress
10716 with const generics
10717 - COEFFICIENT_BITS= 5
10718 */
10719 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_compress_022(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)10720 libcrux_ml_kem_vector_portable_compress_compress_022(
10721 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
10722 for (size_t i = (size_t)0U;
10723 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
10724 size_t i0 = i;
10725 int16_t uu____0 =
10726 libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient(
10727 (uint8_t)(int32_t)5, (uint16_t)v.elements[i0]);
10728 v.elements[i0] = uu____0;
10729 }
10730 return v;
10731 }
10732
10733 /**
10734 This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
10735 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
10736 */
10737 /**
10738 A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d
10739 with const generics
10740 - COEFFICIENT_BITS= 5
10741 */
10742 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_0d_282(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)10743 libcrux_ml_kem_vector_portable_compress_0d_282(
10744 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
10745 return libcrux_ml_kem_vector_portable_compress_compress_022(v);
10746 }
10747
10748 /**
10749 A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5
10750 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10751 with const generics
10752
10753 */
10754 static KRML_MUSTINLINE void
libcrux_ml_kem_serialize_compress_then_serialize_5_1f(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re,Eurydice_slice serialized)10755 libcrux_ml_kem_serialize_compress_then_serialize_5_1f(
10756 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re,
10757 Eurydice_slice serialized) {
10758 for (size_t i = (size_t)0U;
10759 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
10760 size_t i0 = i;
10761 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients =
10762 libcrux_ml_kem_vector_portable_compress_0d_282(
10763 libcrux_ml_kem_vector_traits_to_unsigned_representative_db(
10764 re.coefficients[i0]));
10765 uint8_t bytes[10U];
10766 libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes);
10767 Eurydice_slice_copy(
10768 Eurydice_slice_subslice2(serialized, (size_t)10U * i0,
10769 (size_t)10U * i0 + (size_t)10U, uint8_t),
10770 Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t);
10771 }
10772 }
10773
10774 /**
10775 A monomorphic instance of
10776 libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types
10777 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
10778 - COMPRESSION_FACTOR= 4
10779 - OUT_LEN= 128
10780 */
10781 static KRML_MUSTINLINE void
libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_4e(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re,Eurydice_slice out)10782 libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_4e(
10783 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) {
10784 libcrux_ml_kem_serialize_compress_then_serialize_4_9a(re, out);
10785 }
10786
10787 /**
10788 A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt
10789 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
10790 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
10791 generics
10792 - K= 3
10793 - CIPHERTEXT_SIZE= 1088
10794 - T_AS_NTT_ENCODED_SIZE= 1152
10795 - C1_LEN= 960
10796 - C2_LEN= 128
10797 - U_COMPRESSION_FACTOR= 10
10798 - V_COMPRESSION_FACTOR= 4
10799 - BLOCK_LEN= 320
10800 - ETA1= 2
10801 - ETA1_RANDOMNESS_SIZE= 128
10802 - ETA2= 2
10803 - ETA2_RANDOMNESS_SIZE= 128
10804 */
libcrux_ml_kem_ind_cpa_encrypt_60(Eurydice_slice public_key,uint8_t message[32U],Eurydice_slice randomness,uint8_t ret[1088U])10805 static inline void libcrux_ml_kem_ind_cpa_encrypt_60(Eurydice_slice public_key,
10806 uint8_t message[32U],
10807 Eurydice_slice randomness,
10808 uint8_t ret[1088U]) {
10809 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U];
10810 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_33(
10811 Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t),
10812 t_as_ntt);
10813 Eurydice_slice seed =
10814 Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t);
10815 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U];
10816 uint8_t ret0[34U];
10817 libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0);
10818 libcrux_ml_kem_matrix_sample_matrix_A_38(ret0, false, A);
10819 uint8_t prf_input[33U];
10820 libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input);
10821 /* Passing arrays by value in Rust generates a copy in C */
10822 uint8_t copy_of_prf_input0[33U];
10823 memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
10824 tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc(
10825 copy_of_prf_input0, 0U);
10826 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U];
10827 memcpy(
10828 r_as_ntt, uu____1.fst,
10829 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
10830 uint8_t domain_separator0 = uu____1.snd;
10831 /* Passing arrays by value in Rust generates a copy in C */
10832 uint8_t copy_of_prf_input[33U];
10833 memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
10834 tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_ac(
10835 copy_of_prf_input, domain_separator0);
10836 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U];
10837 memcpy(
10838 error_1, uu____3.fst,
10839 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
10840 uint8_t domain_separator = uu____3.snd;
10841 prf_input[32U] = domain_separator;
10842 uint8_t prf_output[128U];
10843 libcrux_ml_kem_hash_functions_portable_PRF_f1_ee0(
10844 Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output);
10845 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 =
10846 libcrux_ml_kem_sampling_sample_from_binomial_distribution_c6(
10847 Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
10848 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U];
10849 libcrux_ml_kem_matrix_compute_vector_u_59(A, r_as_ntt, error_1, u);
10850 /* Passing arrays by value in Rust generates a copy in C */
10851 uint8_t copy_of_message[32U];
10852 memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
10853 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element =
10854 libcrux_ml_kem_serialize_deserialize_then_decompress_message_0d(
10855 copy_of_message);
10856 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
10857 libcrux_ml_kem_matrix_compute_ring_element_v_54(
10858 t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element);
10859 uint8_t ciphertext[1088U] = {0U};
10860 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U];
10861 memcpy(
10862 uu____5, u,
10863 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
10864 libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a7(
10865 uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
10866 uint8_t));
10867 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v;
10868 libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_4e(
10869 uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
10870 (size_t)960U, uint8_t, size_t));
10871 memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t));
10872 }
10873
10874 /**
10875 This function found in impl {(libcrux_ml_kem::variant::Variant for
10876 libcrux_ml_kem::variant::MlKem)#1}
10877 */
10878 /**
10879 A monomorphic instance of libcrux_ml_kem.variant.kdf_d8
10880 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
10881 with const generics
10882 - K= 3
10883 - CIPHERTEXT_SIZE= 1088
10884 */
libcrux_ml_kem_variant_kdf_d8_41(Eurydice_slice shared_secret,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * _,uint8_t ret[32U])10885 static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_41(
10886 Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_,
10887 uint8_t ret[32U]) {
10888 uint8_t out[32U] = {0U};
10889 Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
10890 shared_secret, uint8_t);
10891 memcpy(ret, out, (size_t)32U * sizeof(uint8_t));
10892 }
10893
10894 /**
10895 A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate
10896 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
10897 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
10898 libcrux_ml_kem_variant_MlKem with const generics
10899 - K= 3
10900 - SECRET_KEY_SIZE= 2400
10901 - CPA_SECRET_KEY_SIZE= 1152
10902 - PUBLIC_KEY_SIZE= 1184
10903 - CIPHERTEXT_SIZE= 1088
10904 - T_AS_NTT_ENCODED_SIZE= 1152
10905 - C1_SIZE= 960
10906 - C2_SIZE= 128
10907 - VECTOR_U_COMPRESSION_FACTOR= 10
10908 - VECTOR_V_COMPRESSION_FACTOR= 4
10909 - C1_BLOCK_SIZE= 320
10910 - ETA1= 2
10911 - ETA1_RANDOMNESS_SIZE= 128
10912 - ETA2= 2
10913 - ETA2_RANDOMNESS_SIZE= 128
10914 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
10915 */
libcrux_ml_kem_ind_cca_decapsulate_70(libcrux_ml_kem_types_MlKemPrivateKey_55 * private_key,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * ciphertext,uint8_t ret[32U])10916 static inline void libcrux_ml_kem_ind_cca_decapsulate_70(
10917 libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
10918 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
10919 Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
10920 Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t),
10921 (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2);
10922 Eurydice_slice ind_cpa_secret_key = uu____0.fst;
10923 Eurydice_slice secret_key0 = uu____0.snd;
10924 Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
10925 secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2);
10926 Eurydice_slice ind_cpa_public_key = uu____1.fst;
10927 Eurydice_slice secret_key = uu____1.snd;
10928 Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at(
10929 secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
10930 Eurydice_slice_uint8_t_x2);
10931 Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
10932 Eurydice_slice implicit_rejection_value = uu____2.snd;
10933 uint8_t decrypted[32U];
10934 libcrux_ml_kem_ind_cpa_decrypt_43(ind_cpa_secret_key, ciphertext->value,
10935 decrypted);
10936 uint8_t to_hash0[64U];
10937 libcrux_ml_kem_utils_into_padded_array_ea(
10938 Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
10939 Eurydice_slice_copy(
10940 Eurydice_array_to_subslice_from(
10941 (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
10942 uint8_t, size_t),
10943 ind_cpa_public_key_hash, uint8_t);
10944 uint8_t hashed[64U];
10945 libcrux_ml_kem_hash_functions_portable_G_f1_e4(
10946 Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
10947 Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at(
10948 Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
10949 LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
10950 Eurydice_slice_uint8_t_x2);
10951 Eurydice_slice shared_secret0 = uu____3.fst;
10952 Eurydice_slice pseudorandomness = uu____3.snd;
10953 uint8_t to_hash[1120U];
10954 libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash);
10955 Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
10956 (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
10957 uint8_t, size_t);
10958 Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_24(ciphertext),
10959 uint8_t);
10960 uint8_t implicit_rejection_shared_secret0[32U];
10961 libcrux_ml_kem_hash_functions_portable_PRF_f1_ee(
10962 Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t),
10963 implicit_rejection_shared_secret0);
10964 Eurydice_slice uu____5 = ind_cpa_public_key;
10965 /* Passing arrays by value in Rust generates a copy in C */
10966 uint8_t copy_of_decrypted[32U];
10967 memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
10968 uint8_t expected_ciphertext[1088U];
10969 libcrux_ml_kem_ind_cpa_encrypt_60(uu____5, copy_of_decrypted,
10970 pseudorandomness, expected_ciphertext);
10971 uint8_t implicit_rejection_shared_secret[32U];
10972 libcrux_ml_kem_variant_kdf_d8_41(
10973 Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0,
10974 uint8_t),
10975 ciphertext, implicit_rejection_shared_secret);
10976 uint8_t shared_secret[32U];
10977 libcrux_ml_kem_variant_kdf_d8_41(shared_secret0, ciphertext, shared_secret);
10978 uint8_t ret0[32U];
10979 libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
10980 libcrux_ml_kem_types_as_ref_00_24(ciphertext),
10981 Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
10982 Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t),
10983 Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
10984 uint8_t),
10985 ret0);
10986 memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
10987 }
10988
10989 /**
10990 Portable decapsulate
10991 */
10992 /**
10993 A monomorphic instance of
10994 libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics
10995 - K= 3
10996 - SECRET_KEY_SIZE= 2400
10997 - CPA_SECRET_KEY_SIZE= 1152
10998 - PUBLIC_KEY_SIZE= 1184
10999 - CIPHERTEXT_SIZE= 1088
11000 - T_AS_NTT_ENCODED_SIZE= 1152
11001 - C1_SIZE= 960
11002 - C2_SIZE= 128
11003 - VECTOR_U_COMPRESSION_FACTOR= 10
11004 - VECTOR_V_COMPRESSION_FACTOR= 4
11005 - C1_BLOCK_SIZE= 320
11006 - ETA1= 2
11007 - ETA1_RANDOMNESS_SIZE= 128
11008 - ETA2= 2
11009 - ETA2_RANDOMNESS_SIZE= 128
11010 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
11011 */
11012 static inline void
libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_2e(libcrux_ml_kem_types_MlKemPrivateKey_55 * private_key,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * ciphertext,uint8_t ret[32U])11013 libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_2e(
11014 libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
11015 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
11016 libcrux_ml_kem_ind_cca_decapsulate_70(private_key, ciphertext, ret);
11017 }
11018
11019 /**
11020 Decapsulate ML-KEM 768
11021
11022 Generates an [`MlKemSharedSecret`].
11023 The input is a reference to an [`MlKem768PrivateKey`] and an
11024 [`MlKem768Ciphertext`].
11025 */
libcrux_ml_kem_mlkem768_portable_decapsulate(libcrux_ml_kem_types_MlKemPrivateKey_55 * private_key,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * ciphertext,uint8_t ret[32U])11026 static inline void libcrux_ml_kem_mlkem768_portable_decapsulate(
11027 libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
11028 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
11029 libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_2e(
11030 private_key, ciphertext, ret);
11031 }
11032
11033 /**
11034 This function found in impl {(libcrux_ml_kem::variant::Variant for
11035 libcrux_ml_kem::variant::MlKem)#1}
11036 */
11037 /**
11038 A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_d8
11039 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
11040 with const generics
11041 - K= 3
11042 */
libcrux_ml_kem_variant_entropy_preprocess_d8_63(Eurydice_slice randomness,uint8_t ret[32U])11043 static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_63(
11044 Eurydice_slice randomness, uint8_t ret[32U]) {
11045 uint8_t out[32U] = {0U};
11046 Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
11047 randomness, uint8_t);
11048 memcpy(ret, out, (size_t)32U * sizeof(uint8_t));
11049 }
11050
11051 /**
11052 This function found in impl {(libcrux_ml_kem::hash_functions::Hash<K> for
11053 libcrux_ml_kem::hash_functions::portable::PortableHash<K>)}
11054 */
11055 /**
11056 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1
11057 with const generics
11058 - K= 3
11059 */
libcrux_ml_kem_hash_functions_portable_H_f1_1a(Eurydice_slice input,uint8_t ret[32U])11060 static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_1a(
11061 Eurydice_slice input, uint8_t ret[32U]) {
11062 libcrux_ml_kem_hash_functions_portable_H(input, ret);
11063 }
11064
11065 /**
11066 A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate
11067 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
11068 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
11069 libcrux_ml_kem_variant_MlKem with const generics
11070 - K= 3
11071 - CIPHERTEXT_SIZE= 1088
11072 - PUBLIC_KEY_SIZE= 1184
11073 - T_AS_NTT_ENCODED_SIZE= 1152
11074 - C1_SIZE= 960
11075 - C2_SIZE= 128
11076 - VECTOR_U_COMPRESSION_FACTOR= 10
11077 - VECTOR_V_COMPRESSION_FACTOR= 4
11078 - VECTOR_U_BLOCK_LEN= 320
11079 - ETA1= 2
11080 - ETA1_RANDOMNESS_SIZE= 128
11081 - ETA2= 2
11082 - ETA2_RANDOMNESS_SIZE= 128
11083 */
libcrux_ml_kem_ind_cca_encapsulate_cd(libcrux_ml_kem_types_MlKemPublicKey_15 * public_key,uint8_t randomness[32U])11084 static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_cd(
11085 libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
11086 uint8_t randomness[32U]) {
11087 uint8_t randomness0[32U];
11088 libcrux_ml_kem_variant_entropy_preprocess_d8_63(
11089 Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
11090 uint8_t to_hash[64U];
11091 libcrux_ml_kem_utils_into_padded_array_ea(
11092 Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash);
11093 Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
11094 (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
11095 size_t);
11096 uint8_t ret[32U];
11097 libcrux_ml_kem_hash_functions_portable_H_f1_1a(
11098 Eurydice_array_to_slice((size_t)1184U,
11099 libcrux_ml_kem_types_as_slice_cb_50(public_key),
11100 uint8_t),
11101 ret);
11102 Eurydice_slice_copy(
11103 uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t);
11104 uint8_t hashed[64U];
11105 libcrux_ml_kem_hash_functions_portable_G_f1_e4(
11106 Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed);
11107 Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
11108 Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
11109 LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
11110 Eurydice_slice_uint8_t_x2);
11111 Eurydice_slice shared_secret = uu____1.fst;
11112 Eurydice_slice pseudorandomness = uu____1.snd;
11113 Eurydice_slice uu____2 = Eurydice_array_to_slice(
11114 (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_50(public_key), uint8_t);
11115 /* Passing arrays by value in Rust generates a copy in C */
11116 uint8_t copy_of_randomness[32U];
11117 memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
11118 uint8_t ciphertext[1088U];
11119 libcrux_ml_kem_ind_cpa_encrypt_60(uu____2, copy_of_randomness,
11120 pseudorandomness, ciphertext);
11121 /* Passing arrays by value in Rust generates a copy in C */
11122 uint8_t copy_of_ciphertext[1088U];
11123 memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
11124 libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
11125 libcrux_ml_kem_types_from_01_9f(copy_of_ciphertext);
11126 uint8_t shared_secret_array[32U];
11127 libcrux_ml_kem_variant_kdf_d8_41(shared_secret, &ciphertext0,
11128 shared_secret_array);
11129 libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
11130 /* Passing arrays by value in Rust generates a copy in C */
11131 uint8_t copy_of_shared_secret_array[32U];
11132 memcpy(copy_of_shared_secret_array, shared_secret_array,
11133 (size_t)32U * sizeof(uint8_t));
11134 tuple_3c lit;
11135 lit.fst = uu____5;
11136 memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t));
11137 return lit;
11138 }
11139
11140 /**
11141 A monomorphic instance of
11142 libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics
11143 - K= 3
11144 - CIPHERTEXT_SIZE= 1088
11145 - PUBLIC_KEY_SIZE= 1184
11146 - T_AS_NTT_ENCODED_SIZE= 1152
11147 - C1_SIZE= 960
11148 - C2_SIZE= 128
11149 - VECTOR_U_COMPRESSION_FACTOR= 10
11150 - VECTOR_V_COMPRESSION_FACTOR= 4
11151 - VECTOR_U_BLOCK_LEN= 320
11152 - ETA1= 2
11153 - ETA1_RANDOMNESS_SIZE= 128
11154 - ETA2= 2
11155 - ETA2_RANDOMNESS_SIZE= 128
11156 */
11157 static inline tuple_3c
libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_c6(libcrux_ml_kem_types_MlKemPublicKey_15 * public_key,uint8_t randomness[32U])11158 libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_c6(
11159 libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
11160 uint8_t randomness[32U]) {
11161 libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
11162 /* Passing arrays by value in Rust generates a copy in C */
11163 uint8_t copy_of_randomness[32U];
11164 memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
11165 return libcrux_ml_kem_ind_cca_encapsulate_cd(uu____0, copy_of_randomness);
11166 }
11167
11168 /**
11169 Encapsulate ML-KEM 768
11170
11171 Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple.
11172 The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`]
11173 bytes of `randomness`.
11174 */
libcrux_ml_kem_mlkem768_portable_encapsulate(libcrux_ml_kem_types_MlKemPublicKey_15 * public_key,uint8_t randomness[32U])11175 static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate(
11176 libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
11177 uint8_t randomness[32U]) {
11178 libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
11179 /* Passing arrays by value in Rust generates a copy in C */
11180 uint8_t copy_of_randomness[32U];
11181 memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
11182 return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_c6(
11183 uu____0, copy_of_randomness);
11184 }
11185
11186 /**
11187 This function found in impl {(libcrux_ml_kem::variant::Variant for
11188 libcrux_ml_kem::variant::MlKem)#1}
11189 */
11190 /**
11191 A monomorphic instance of libcrux_ml_kem.variant.cpa_keygen_seed_d8
11192 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
11193 with const generics
11194 - K= 3
11195 */
libcrux_ml_kem_variant_cpa_keygen_seed_d8_0e(Eurydice_slice key_generation_seed,uint8_t ret[64U])11196 static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_0e(
11197 Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
11198 uint8_t seed[33U] = {0U};
11199 Eurydice_slice_copy(
11200 Eurydice_array_to_subslice2(
11201 seed, (size_t)0U,
11202 LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t),
11203 key_generation_seed, uint8_t);
11204 seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] =
11205 (uint8_t)(size_t)3U;
11206 uint8_t ret0[64U];
11207 libcrux_ml_kem_hash_functions_portable_G_f1_e4(
11208 Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0);
11209 memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t));
11210 }
11211
11212 /**
11213 A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure
11214 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
11215 with const generics
11216 - K= 3
11217 */
11218 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_matrix_compute_As_plus_e_closure_87(size_t _i)11219 libcrux_ml_kem_matrix_compute_As_plus_e_closure_87(size_t _i) {
11220 return libcrux_ml_kem_polynomial_ZERO_89_ea();
11221 }
11222
11223 /**
11224 A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain
11225 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
11226 with const generics
11227
11228 */
11229 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_traits_to_standard_domain_59(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)11230 libcrux_ml_kem_vector_traits_to_standard_domain_59(
11231 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
11232 return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
11233 v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS);
11234 }
11235
11236 /**
11237 This function found in impl
11238 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0]}
11239 */
11240 /**
11241 A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89
11242 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
11243 with const generics
11244
11245 */
11246 static KRML_MUSTINLINE void
libcrux_ml_kem_polynomial_add_standard_error_reduce_89_03(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * self,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * error)11247 libcrux_ml_kem_polynomial_add_standard_error_reduce_89_03(
11248 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
11249 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) {
11250 for (size_t i = (size_t)0U;
11251 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
11252 size_t j = i;
11253 libcrux_ml_kem_vector_portable_vector_type_PortableVector
11254 coefficient_normal_form =
11255 libcrux_ml_kem_vector_traits_to_standard_domain_59(
11256 self->coefficients[j]);
11257 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
11258 libcrux_ml_kem_vector_portable_barrett_reduce_0d(
11259 libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form,
11260 &error->coefficients[j]));
11261 self->coefficients[j] = uu____0;
11262 }
11263 }
11264
11265 /**
11266 Compute  ◦ ŝ + ê
11267 */
11268 /**
11269 A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e
11270 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
11271 with const generics
11272 - K= 3
11273 */
libcrux_ml_kem_matrix_compute_As_plus_e_60(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (* matrix_A)[3U],libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * s_as_ntt,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * error_as_ntt,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U])11274 static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_60(
11275 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U],
11276 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt,
11277 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt,
11278 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
11279 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
11280 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
11281 result[i] = libcrux_ml_kem_polynomial_ZERO_89_ea();
11282 }
11283 for (size_t i0 = (size_t)0U;
11284 i0 < Eurydice_slice_len(
11285 Eurydice_array_to_slice(
11286 (size_t)3U, matrix_A,
11287 libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]),
11288 libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]);
11289 i0++) {
11290 size_t i1 = i0;
11291 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1];
11292 for (size_t i = (size_t)0U;
11293 i < Eurydice_slice_len(
11294 Eurydice_array_to_slice(
11295 (size_t)3U, row,
11296 libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
11297 libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
11298 i++) {
11299 size_t j = i;
11300 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element =
11301 &row[j];
11302 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
11303 libcrux_ml_kem_polynomial_ntt_multiply_89_2a(matrix_element,
11304 &s_as_ntt[j]);
11305 libcrux_ml_kem_polynomial_add_to_ring_element_89_84(&result[i1],
11306 &product);
11307 }
11308 libcrux_ml_kem_polynomial_add_standard_error_reduce_89_03(
11309 &result[i1], &error_as_ntt[i1]);
11310 }
11311 memcpy(
11312 ret, result,
11313 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
11314 }
11315
11316 /**
11317 A monomorphic instance of
11318 libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types
11319 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
11320
11321 */
11322 static KRML_MUSTINLINE void
libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_5b(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * re,uint8_t ret[384U])11323 libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_5b(
11324 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) {
11325 uint8_t serialized[384U] = {0U};
11326 for (size_t i = (size_t)0U;
11327 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
11328 size_t i0 = i;
11329 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
11330 libcrux_ml_kem_vector_traits_to_unsigned_representative_db(
11331 re->coefficients[i0]);
11332 uint8_t bytes[24U];
11333 libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes);
11334 Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
11335 serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t);
11336 Eurydice_slice_copy(
11337 uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t);
11338 }
11339 memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t));
11340 }
11341
11342 /**
11343 Call [`serialize_uncompressed_ring_element`] for each ring element.
11344 */
11345 /**
11346 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key
11347 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
11348 with const generics
11349 - K= 3
11350 - OUT_LEN= 1152
11351 */
libcrux_ml_kem_ind_cpa_serialize_secret_key_b5(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * key,uint8_t ret[1152U])11352 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_b5(
11353 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key,
11354 uint8_t ret[1152U]) {
11355 uint8_t out[1152U] = {0U};
11356 for (size_t i = (size_t)0U;
11357 i < Eurydice_slice_len(
11358 Eurydice_array_to_slice(
11359 (size_t)3U, key,
11360 libcrux_ml_kem_polynomial_PolynomialRingElement_f0),
11361 libcrux_ml_kem_polynomial_PolynomialRingElement_f0);
11362 i++) {
11363 size_t i0 = i;
11364 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0];
11365 Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
11366 out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
11367 (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
11368 uint8_t);
11369 uint8_t ret0[384U];
11370 libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_5b(&re, ret0);
11371 Eurydice_slice_copy(
11372 uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
11373 }
11374 memcpy(ret, out, (size_t)1152U * sizeof(uint8_t));
11375 }
11376
11377 /**
11378 Concatenate `t` and `ρ` into the public key.
11379 */
11380 /**
11381 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key
11382 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
11383 with const generics
11384 - K= 3
11385 - RANKED_BYTES_PER_RING_ELEMENT= 1152
11386 - PUBLIC_KEY_SIZE= 1184
11387 */
libcrux_ml_kem_ind_cpa_serialize_public_key_79(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 * t_as_ntt,Eurydice_slice seed_for_a,uint8_t ret[1184U])11388 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_79(
11389 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
11390 Eurydice_slice seed_for_a, uint8_t ret[1184U]) {
11391 uint8_t public_key_serialized[1184U] = {0U};
11392 Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
11393 public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t);
11394 uint8_t ret0[1152U];
11395 libcrux_ml_kem_ind_cpa_serialize_secret_key_b5(t_as_ntt, ret0);
11396 Eurydice_slice_copy(
11397 uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t);
11398 Eurydice_slice_copy(
11399 Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized,
11400 (size_t)1152U, uint8_t, size_t),
11401 seed_for_a, uint8_t);
11402 memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
11403 }
11404
11405 /**
11406 A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair
11407 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
11408 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
11409 libcrux_ml_kem_variant_MlKem with const generics
11410 - K= 3
11411 - PRIVATE_KEY_SIZE= 1152
11412 - PUBLIC_KEY_SIZE= 1184
11413 - RANKED_BYTES_PER_RING_ELEMENT= 1152
11414 - ETA1= 2
11415 - ETA1_RANDOMNESS_SIZE= 128
11416 */
11417 static inline libcrux_ml_kem_utils_extraction_helper_Keypair768
libcrux_ml_kem_ind_cpa_generate_keypair_fc(Eurydice_slice key_generation_seed)11418 libcrux_ml_kem_ind_cpa_generate_keypair_fc(Eurydice_slice key_generation_seed) {
11419 uint8_t hashed[64U];
11420 libcrux_ml_kem_variant_cpa_keygen_seed_d8_0e(key_generation_seed, hashed);
11421 Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
11422 Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
11423 uint8_t, Eurydice_slice_uint8_t_x2);
11424 Eurydice_slice seed_for_A0 = uu____0.fst;
11425 Eurydice_slice seed_for_secret_and_error = uu____0.snd;
11426 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U];
11427 uint8_t ret[34U];
11428 libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret);
11429 libcrux_ml_kem_matrix_sample_matrix_A_38(ret, true, A_transpose);
11430 uint8_t prf_input[33U];
11431 libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error,
11432 prf_input);
11433 /* Passing arrays by value in Rust generates a copy in C */
11434 uint8_t copy_of_prf_input0[33U];
11435 memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
11436 tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc(
11437 copy_of_prf_input0, 0U);
11438 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U];
11439 memcpy(
11440 secret_as_ntt, uu____2.fst,
11441 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
11442 uint8_t domain_separator = uu____2.snd;
11443 /* Passing arrays by value in Rust generates a copy in C */
11444 uint8_t copy_of_prf_input[33U];
11445 memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
11446 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U];
11447 memcpy(
11448 error_as_ntt,
11449 libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc(copy_of_prf_input,
11450 domain_separator)
11451 .fst,
11452 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
11453 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U];
11454 libcrux_ml_kem_matrix_compute_As_plus_e_60(A_transpose, secret_as_ntt,
11455 error_as_ntt, t_as_ntt);
11456 uint8_t seed_for_A[32U];
11457 Result_00 dst;
11458 Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]);
11459 unwrap_41_83(dst, seed_for_A);
11460 uint8_t public_key_serialized[1184U];
11461 libcrux_ml_kem_ind_cpa_serialize_public_key_79(
11462 t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t),
11463 public_key_serialized);
11464 uint8_t secret_key_serialized[1152U];
11465 libcrux_ml_kem_ind_cpa_serialize_secret_key_b5(secret_as_ntt,
11466 secret_key_serialized);
11467 /* Passing arrays by value in Rust generates a copy in C */
11468 uint8_t copy_of_secret_key_serialized[1152U];
11469 memcpy(copy_of_secret_key_serialized, secret_key_serialized,
11470 (size_t)1152U * sizeof(uint8_t));
11471 /* Passing arrays by value in Rust generates a copy in C */
11472 uint8_t copy_of_public_key_serialized[1184U];
11473 memcpy(copy_of_public_key_serialized, public_key_serialized,
11474 (size_t)1184U * sizeof(uint8_t));
11475 libcrux_ml_kem_utils_extraction_helper_Keypair768 lit;
11476 memcpy(lit.fst, copy_of_secret_key_serialized,
11477 (size_t)1152U * sizeof(uint8_t));
11478 memcpy(lit.snd, copy_of_public_key_serialized,
11479 (size_t)1184U * sizeof(uint8_t));
11480 return lit;
11481 }
11482
11483 /**
11484 Serialize the secret key.
11485 */
11486 /**
11487 A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key
11488 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
11489 with const generics
11490 - K= 3
11491 - SERIALIZED_KEY_LEN= 2400
11492 */
libcrux_ml_kem_ind_cca_serialize_kem_secret_key_48(Eurydice_slice private_key,Eurydice_slice public_key,Eurydice_slice implicit_rejection_value,uint8_t ret[2400U])11493 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_48(
11494 Eurydice_slice private_key, Eurydice_slice public_key,
11495 Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) {
11496 uint8_t out[2400U] = {0U};
11497 size_t pointer = (size_t)0U;
11498 uint8_t *uu____0 = out;
11499 size_t uu____1 = pointer;
11500 size_t uu____2 = pointer;
11501 Eurydice_slice_copy(
11502 Eurydice_array_to_subslice2(
11503 uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t),
11504 uint8_t),
11505 private_key, uint8_t);
11506 pointer = pointer + Eurydice_slice_len(private_key, uint8_t);
11507 uint8_t *uu____3 = out;
11508 size_t uu____4 = pointer;
11509 size_t uu____5 = pointer;
11510 Eurydice_slice_copy(
11511 Eurydice_array_to_subslice2(
11512 uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t),
11513 uint8_t),
11514 public_key, uint8_t);
11515 pointer = pointer + Eurydice_slice_len(public_key, uint8_t);
11516 Eurydice_slice uu____6 = Eurydice_array_to_subslice2(
11517 out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t);
11518 uint8_t ret0[32U];
11519 libcrux_ml_kem_hash_functions_portable_H_f1_1a(public_key, ret0);
11520 Eurydice_slice_copy(
11521 uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t);
11522 pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE;
11523 uint8_t *uu____7 = out;
11524 size_t uu____8 = pointer;
11525 size_t uu____9 = pointer;
11526 Eurydice_slice_copy(
11527 Eurydice_array_to_subslice2(
11528 uu____7, uu____8,
11529 uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t),
11530 uint8_t),
11531 implicit_rejection_value, uint8_t);
11532 memcpy(ret, out, (size_t)2400U * sizeof(uint8_t));
11533 }
11534
11535 /**
11536 Packed API
11537
11538 Generate a key pair.
11539
11540 Depending on the `Vector` and `Hasher` used, this requires different hardware
11541 features
11542 */
11543 /**
11544 A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair
11545 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
11546 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
11547 libcrux_ml_kem_variant_MlKem with const generics
11548 - K= 3
11549 - CPA_PRIVATE_KEY_SIZE= 1152
11550 - PRIVATE_KEY_SIZE= 2400
11551 - PUBLIC_KEY_SIZE= 1184
11552 - BYTES_PER_RING_ELEMENT= 1152
11553 - ETA1= 2
11554 - ETA1_RANDOMNESS_SIZE= 128
11555 */
11556 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
libcrux_ml_kem_ind_cca_generate_keypair_8c(uint8_t randomness[64U])11557 libcrux_ml_kem_ind_cca_generate_keypair_8c(uint8_t randomness[64U]) {
11558 Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
11559 randomness, (size_t)0U,
11560 LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
11561 Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from(
11562 (size_t)64U, randomness,
11563 LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
11564 size_t);
11565 libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 =
11566 libcrux_ml_kem_ind_cpa_generate_keypair_fc(ind_cpa_keypair_randomness);
11567 uint8_t ind_cpa_private_key[1152U];
11568 memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t));
11569 uint8_t public_key[1184U];
11570 memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
11571 uint8_t secret_key_serialized[2400U];
11572 libcrux_ml_kem_ind_cca_serialize_kem_secret_key_48(
11573 Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
11574 Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
11575 implicit_rejection_value, secret_key_serialized);
11576 /* Passing arrays by value in Rust generates a copy in C */
11577 uint8_t copy_of_secret_key_serialized[2400U];
11578 memcpy(copy_of_secret_key_serialized, secret_key_serialized,
11579 (size_t)2400U * sizeof(uint8_t));
11580 libcrux_ml_kem_types_MlKemPrivateKey_55 private_key =
11581 libcrux_ml_kem_types_from_05_f2(copy_of_secret_key_serialized);
11582 libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key;
11583 /* Passing arrays by value in Rust generates a copy in C */
11584 uint8_t copy_of_public_key[1184U];
11585 memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
11586 return libcrux_ml_kem_types_from_17_35(
11587 uu____2, libcrux_ml_kem_types_from_b6_da(copy_of_public_key));
11588 }
11589
11590 /**
11591 Portable generate key pair.
11592 */
11593 /**
11594 A monomorphic instance of
11595 libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const
11596 generics
11597 - K= 3
11598 - CPA_PRIVATE_KEY_SIZE= 1152
11599 - PRIVATE_KEY_SIZE= 2400
11600 - PUBLIC_KEY_SIZE= 1184
11601 - BYTES_PER_RING_ELEMENT= 1152
11602 - ETA1= 2
11603 - ETA1_RANDOMNESS_SIZE= 128
11604 */
11605 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_d5(uint8_t randomness[64U])11606 libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_d5(
11607 uint8_t randomness[64U]) {
11608 /* Passing arrays by value in Rust generates a copy in C */
11609 uint8_t copy_of_randomness[64U];
11610 memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
11611 return libcrux_ml_kem_ind_cca_generate_keypair_8c(copy_of_randomness);
11612 }
11613
11614 /**
11615 Generate ML-KEM 768 Key Pair
11616 */
11617 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U])11618 libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) {
11619 /* Passing arrays by value in Rust generates a copy in C */
11620 uint8_t copy_of_randomness[64U];
11621 memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
11622 return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_d5(
11623 copy_of_randomness);
11624 }
11625
11626 /**
11627 This function found in impl {(libcrux_ml_kem::variant::Variant for
11628 libcrux_ml_kem::variant::Kyber)}
11629 */
11630 /**
11631 A monomorphic instance of libcrux_ml_kem.variant.kdf_33
11632 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
11633 with const generics
11634 - K= 3
11635 - CIPHERTEXT_SIZE= 1088
11636 */
libcrux_ml_kem_variant_kdf_33_f0(Eurydice_slice shared_secret,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * ciphertext,uint8_t ret[32U])11637 static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_f0(
11638 Eurydice_slice shared_secret,
11639 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
11640 uint8_t kdf_input[64U];
11641 libcrux_ml_kem_utils_into_padded_array_ea(shared_secret, kdf_input);
11642 Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
11643 (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
11644 size_t);
11645 uint8_t ret0[32U];
11646 libcrux_ml_kem_hash_functions_portable_H_f1_1a(
11647 Eurydice_array_to_slice((size_t)1088U,
11648 libcrux_ml_kem_types_as_slice_d4_1d(ciphertext),
11649 uint8_t),
11650 ret0);
11651 Eurydice_slice_copy(
11652 uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t);
11653 uint8_t ret1[32U];
11654 libcrux_ml_kem_hash_functions_portable_PRF_f1_ee(
11655 Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1);
11656 memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t));
11657 }
11658
11659 /**
11660 A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate
11661 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
11662 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
11663 libcrux_ml_kem_variant_Kyber with const generics
11664 - K= 3
11665 - SECRET_KEY_SIZE= 2400
11666 - CPA_SECRET_KEY_SIZE= 1152
11667 - PUBLIC_KEY_SIZE= 1184
11668 - CIPHERTEXT_SIZE= 1088
11669 - T_AS_NTT_ENCODED_SIZE= 1152
11670 - C1_SIZE= 960
11671 - C2_SIZE= 128
11672 - VECTOR_U_COMPRESSION_FACTOR= 10
11673 - VECTOR_V_COMPRESSION_FACTOR= 4
11674 - C1_BLOCK_SIZE= 320
11675 - ETA1= 2
11676 - ETA1_RANDOMNESS_SIZE= 128
11677 - ETA2= 2
11678 - ETA2_RANDOMNESS_SIZE= 128
11679 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
11680 */
libcrux_ml_kem_ind_cca_decapsulate_700(libcrux_ml_kem_types_MlKemPrivateKey_55 * private_key,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * ciphertext,uint8_t ret[32U])11681 static inline void libcrux_ml_kem_ind_cca_decapsulate_700(
11682 libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
11683 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
11684 Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
11685 Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t),
11686 (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2);
11687 Eurydice_slice ind_cpa_secret_key = uu____0.fst;
11688 Eurydice_slice secret_key0 = uu____0.snd;
11689 Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
11690 secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2);
11691 Eurydice_slice ind_cpa_public_key = uu____1.fst;
11692 Eurydice_slice secret_key = uu____1.snd;
11693 Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at(
11694 secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
11695 Eurydice_slice_uint8_t_x2);
11696 Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
11697 Eurydice_slice implicit_rejection_value = uu____2.snd;
11698 uint8_t decrypted[32U];
11699 libcrux_ml_kem_ind_cpa_decrypt_43(ind_cpa_secret_key, ciphertext->value,
11700 decrypted);
11701 uint8_t to_hash0[64U];
11702 libcrux_ml_kem_utils_into_padded_array_ea(
11703 Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
11704 Eurydice_slice_copy(
11705 Eurydice_array_to_subslice_from(
11706 (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
11707 uint8_t, size_t),
11708 ind_cpa_public_key_hash, uint8_t);
11709 uint8_t hashed[64U];
11710 libcrux_ml_kem_hash_functions_portable_G_f1_e4(
11711 Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
11712 Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at(
11713 Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
11714 LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
11715 Eurydice_slice_uint8_t_x2);
11716 Eurydice_slice shared_secret0 = uu____3.fst;
11717 Eurydice_slice pseudorandomness = uu____3.snd;
11718 uint8_t to_hash[1120U];
11719 libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash);
11720 Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
11721 (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
11722 uint8_t, size_t);
11723 Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_24(ciphertext),
11724 uint8_t);
11725 uint8_t implicit_rejection_shared_secret0[32U];
11726 libcrux_ml_kem_hash_functions_portable_PRF_f1_ee(
11727 Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t),
11728 implicit_rejection_shared_secret0);
11729 Eurydice_slice uu____5 = ind_cpa_public_key;
11730 /* Passing arrays by value in Rust generates a copy in C */
11731 uint8_t copy_of_decrypted[32U];
11732 memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
11733 uint8_t expected_ciphertext[1088U];
11734 libcrux_ml_kem_ind_cpa_encrypt_60(uu____5, copy_of_decrypted,
11735 pseudorandomness, expected_ciphertext);
11736 uint8_t implicit_rejection_shared_secret[32U];
11737 libcrux_ml_kem_variant_kdf_33_f0(
11738 Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0,
11739 uint8_t),
11740 ciphertext, implicit_rejection_shared_secret);
11741 uint8_t shared_secret[32U];
11742 libcrux_ml_kem_variant_kdf_33_f0(shared_secret0, ciphertext, shared_secret);
11743 uint8_t ret0[32U];
11744 libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
11745 libcrux_ml_kem_types_as_ref_00_24(ciphertext),
11746 Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
11747 Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t),
11748 Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
11749 uint8_t),
11750 ret0);
11751 memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
11752 }
11753
11754 /**
11755 Portable decapsulate
11756 */
11757 /**
11758 A monomorphic instance of
11759 libcrux_ml_kem.ind_cca.instantiations.portable.kyber_decapsulate with const
11760 generics
11761 - K= 3
11762 - SECRET_KEY_SIZE= 2400
11763 - CPA_SECRET_KEY_SIZE= 1152
11764 - PUBLIC_KEY_SIZE= 1184
11765 - CIPHERTEXT_SIZE= 1088
11766 - T_AS_NTT_ENCODED_SIZE= 1152
11767 - C1_SIZE= 960
11768 - C2_SIZE= 128
11769 - VECTOR_U_COMPRESSION_FACTOR= 10
11770 - VECTOR_V_COMPRESSION_FACTOR= 4
11771 - C1_BLOCK_SIZE= 320
11772 - ETA1= 2
11773 - ETA1_RANDOMNESS_SIZE= 128
11774 - ETA2= 2
11775 - ETA2_RANDOMNESS_SIZE= 128
11776 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
11777 */
11778 static inline void
libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_fc(libcrux_ml_kem_types_MlKemPrivateKey_55 * private_key,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * ciphertext,uint8_t ret[32U])11779 libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_fc(
11780 libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
11781 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
11782 libcrux_ml_kem_ind_cca_decapsulate_700(private_key, ciphertext, ret);
11783 }
11784
11785 /**
11786 Decapsulate Kyber 768
11787
11788 Generates an [`MlKemSharedSecret`].
11789 The input is a reference to an [`MlKem768PrivateKey`] and an
11790 [`MlKem768Ciphertext`].
11791 */
libcrux_ml_kem_mlkem768_portable_kyber_decapsulate(libcrux_ml_kem_types_MlKemPrivateKey_55 * private_key,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * ciphertext,uint8_t ret[32U])11792 static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate(
11793 libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
11794 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
11795 libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_fc(
11796 private_key, ciphertext, ret);
11797 }
11798
11799 /**
11800 This function found in impl {(libcrux_ml_kem::variant::Variant for
11801 libcrux_ml_kem::variant::Kyber)}
11802 */
11803 /**
11804 A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_33
11805 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
11806 with const generics
11807 - K= 3
11808 */
libcrux_ml_kem_variant_entropy_preprocess_33_8a(Eurydice_slice randomness,uint8_t ret[32U])11809 static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_8a(
11810 Eurydice_slice randomness, uint8_t ret[32U]) {
11811 libcrux_ml_kem_hash_functions_portable_H_f1_1a(randomness, ret);
11812 }
11813
11814 /**
11815 A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate
11816 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
11817 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
11818 libcrux_ml_kem_variant_Kyber with const generics
11819 - K= 3
11820 - CIPHERTEXT_SIZE= 1088
11821 - PUBLIC_KEY_SIZE= 1184
11822 - T_AS_NTT_ENCODED_SIZE= 1152
11823 - C1_SIZE= 960
11824 - C2_SIZE= 128
11825 - VECTOR_U_COMPRESSION_FACTOR= 10
11826 - VECTOR_V_COMPRESSION_FACTOR= 4
11827 - VECTOR_U_BLOCK_LEN= 320
11828 - ETA1= 2
11829 - ETA1_RANDOMNESS_SIZE= 128
11830 - ETA2= 2
11831 - ETA2_RANDOMNESS_SIZE= 128
11832 */
libcrux_ml_kem_ind_cca_encapsulate_cd0(libcrux_ml_kem_types_MlKemPublicKey_15 * public_key,uint8_t randomness[32U])11833 static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_cd0(
11834 libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
11835 uint8_t randomness[32U]) {
11836 uint8_t randomness0[32U];
11837 libcrux_ml_kem_variant_entropy_preprocess_33_8a(
11838 Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
11839 uint8_t to_hash[64U];
11840 libcrux_ml_kem_utils_into_padded_array_ea(
11841 Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash);
11842 Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
11843 (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
11844 size_t);
11845 uint8_t ret[32U];
11846 libcrux_ml_kem_hash_functions_portable_H_f1_1a(
11847 Eurydice_array_to_slice((size_t)1184U,
11848 libcrux_ml_kem_types_as_slice_cb_50(public_key),
11849 uint8_t),
11850 ret);
11851 Eurydice_slice_copy(
11852 uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t);
11853 uint8_t hashed[64U];
11854 libcrux_ml_kem_hash_functions_portable_G_f1_e4(
11855 Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed);
11856 Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
11857 Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
11858 LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
11859 Eurydice_slice_uint8_t_x2);
11860 Eurydice_slice shared_secret = uu____1.fst;
11861 Eurydice_slice pseudorandomness = uu____1.snd;
11862 Eurydice_slice uu____2 = Eurydice_array_to_slice(
11863 (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_50(public_key), uint8_t);
11864 /* Passing arrays by value in Rust generates a copy in C */
11865 uint8_t copy_of_randomness[32U];
11866 memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
11867 uint8_t ciphertext[1088U];
11868 libcrux_ml_kem_ind_cpa_encrypt_60(uu____2, copy_of_randomness,
11869 pseudorandomness, ciphertext);
11870 /* Passing arrays by value in Rust generates a copy in C */
11871 uint8_t copy_of_ciphertext[1088U];
11872 memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
11873 libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
11874 libcrux_ml_kem_types_from_01_9f(copy_of_ciphertext);
11875 uint8_t shared_secret_array[32U];
11876 libcrux_ml_kem_variant_kdf_33_f0(shared_secret, &ciphertext0,
11877 shared_secret_array);
11878 libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
11879 /* Passing arrays by value in Rust generates a copy in C */
11880 uint8_t copy_of_shared_secret_array[32U];
11881 memcpy(copy_of_shared_secret_array, shared_secret_array,
11882 (size_t)32U * sizeof(uint8_t));
11883 tuple_3c lit;
11884 lit.fst = uu____5;
11885 memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t));
11886 return lit;
11887 }
11888
11889 /**
11890 Portable encapsulate
11891 */
11892 /**
11893 A monomorphic instance of
11894 libcrux_ml_kem.ind_cca.instantiations.portable.kyber_encapsulate with const
11895 generics
11896 - K= 3
11897 - CIPHERTEXT_SIZE= 1088
11898 - PUBLIC_KEY_SIZE= 1184
11899 - T_AS_NTT_ENCODED_SIZE= 1152
11900 - C1_SIZE= 960
11901 - C2_SIZE= 128
11902 - VECTOR_U_COMPRESSION_FACTOR= 10
11903 - VECTOR_V_COMPRESSION_FACTOR= 4
11904 - VECTOR_U_BLOCK_LEN= 320
11905 - ETA1= 2
11906 - ETA1_RANDOMNESS_SIZE= 128
11907 - ETA2= 2
11908 - ETA2_RANDOMNESS_SIZE= 128
11909 */
11910 static inline tuple_3c
libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_7a(libcrux_ml_kem_types_MlKemPublicKey_15 * public_key,uint8_t randomness[32U])11911 libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_7a(
11912 libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
11913 uint8_t randomness[32U]) {
11914 libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
11915 /* Passing arrays by value in Rust generates a copy in C */
11916 uint8_t copy_of_randomness[32U];
11917 memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
11918 return libcrux_ml_kem_ind_cca_encapsulate_cd0(uu____0, copy_of_randomness);
11919 }
11920
11921 /**
11922 Encapsulate Kyber 768
11923
11924 Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple.
11925 The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`]
11926 bytes of `randomness`.
11927 */
libcrux_ml_kem_mlkem768_portable_kyber_encapsulate(libcrux_ml_kem_types_MlKemPublicKey_15 * public_key,uint8_t randomness[32U])11928 static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate(
11929 libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
11930 uint8_t randomness[32U]) {
11931 libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
11932 /* Passing arrays by value in Rust generates a copy in C */
11933 uint8_t copy_of_randomness[32U];
11934 memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
11935 return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_7a(
11936 uu____0, copy_of_randomness);
11937 }
11938
11939 /**
11940 This function found in impl {(libcrux_ml_kem::variant::Variant for
11941 libcrux_ml_kem::variant::Kyber)}
11942 */
11943 /**
11944 A monomorphic instance of libcrux_ml_kem.variant.cpa_keygen_seed_33
11945 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
11946 with const generics
11947 - K= 3
11948 */
libcrux_ml_kem_variant_cpa_keygen_seed_33_b6(Eurydice_slice key_generation_seed,uint8_t ret[64U])11949 static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_b6(
11950 Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
11951 libcrux_ml_kem_hash_functions_portable_G_f1_e4(key_generation_seed, ret);
11952 }
11953
11954 /**
11955 A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair
11956 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
11957 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
11958 libcrux_ml_kem_variant_Kyber with const generics
11959 - K= 3
11960 - PRIVATE_KEY_SIZE= 1152
11961 - PUBLIC_KEY_SIZE= 1184
11962 - RANKED_BYTES_PER_RING_ELEMENT= 1152
11963 - ETA1= 2
11964 - ETA1_RANDOMNESS_SIZE= 128
11965 */
11966 static inline libcrux_ml_kem_utils_extraction_helper_Keypair768
libcrux_ml_kem_ind_cpa_generate_keypair_fc0(Eurydice_slice key_generation_seed)11967 libcrux_ml_kem_ind_cpa_generate_keypair_fc0(
11968 Eurydice_slice key_generation_seed) {
11969 uint8_t hashed[64U];
11970 libcrux_ml_kem_variant_cpa_keygen_seed_33_b6(key_generation_seed, hashed);
11971 Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
11972 Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
11973 uint8_t, Eurydice_slice_uint8_t_x2);
11974 Eurydice_slice seed_for_A0 = uu____0.fst;
11975 Eurydice_slice seed_for_secret_and_error = uu____0.snd;
11976 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U];
11977 uint8_t ret[34U];
11978 libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret);
11979 libcrux_ml_kem_matrix_sample_matrix_A_38(ret, true, A_transpose);
11980 uint8_t prf_input[33U];
11981 libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error,
11982 prf_input);
11983 /* Passing arrays by value in Rust generates a copy in C */
11984 uint8_t copy_of_prf_input0[33U];
11985 memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
11986 tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc(
11987 copy_of_prf_input0, 0U);
11988 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U];
11989 memcpy(
11990 secret_as_ntt, uu____2.fst,
11991 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
11992 uint8_t domain_separator = uu____2.snd;
11993 /* Passing arrays by value in Rust generates a copy in C */
11994 uint8_t copy_of_prf_input[33U];
11995 memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
11996 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U];
11997 memcpy(
11998 error_as_ntt,
11999 libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_fc(copy_of_prf_input,
12000 domain_separator)
12001 .fst,
12002 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
12003 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U];
12004 libcrux_ml_kem_matrix_compute_As_plus_e_60(A_transpose, secret_as_ntt,
12005 error_as_ntt, t_as_ntt);
12006 uint8_t seed_for_A[32U];
12007 Result_00 dst;
12008 Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]);
12009 unwrap_41_83(dst, seed_for_A);
12010 uint8_t public_key_serialized[1184U];
12011 libcrux_ml_kem_ind_cpa_serialize_public_key_79(
12012 t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t),
12013 public_key_serialized);
12014 uint8_t secret_key_serialized[1152U];
12015 libcrux_ml_kem_ind_cpa_serialize_secret_key_b5(secret_as_ntt,
12016 secret_key_serialized);
12017 /* Passing arrays by value in Rust generates a copy in C */
12018 uint8_t copy_of_secret_key_serialized[1152U];
12019 memcpy(copy_of_secret_key_serialized, secret_key_serialized,
12020 (size_t)1152U * sizeof(uint8_t));
12021 /* Passing arrays by value in Rust generates a copy in C */
12022 uint8_t copy_of_public_key_serialized[1184U];
12023 memcpy(copy_of_public_key_serialized, public_key_serialized,
12024 (size_t)1184U * sizeof(uint8_t));
12025 libcrux_ml_kem_utils_extraction_helper_Keypair768 lit;
12026 memcpy(lit.fst, copy_of_secret_key_serialized,
12027 (size_t)1152U * sizeof(uint8_t));
12028 memcpy(lit.snd, copy_of_public_key_serialized,
12029 (size_t)1184U * sizeof(uint8_t));
12030 return lit;
12031 }
12032
12033 /**
12034 Packed API
12035
12036 Generate a key pair.
12037
12038 Depending on the `Vector` and `Hasher` used, this requires different hardware
12039 features
12040 */
12041 /**
12042 A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair
12043 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
12044 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
12045 libcrux_ml_kem_variant_Kyber with const generics
12046 - K= 3
12047 - CPA_PRIVATE_KEY_SIZE= 1152
12048 - PRIVATE_KEY_SIZE= 2400
12049 - PUBLIC_KEY_SIZE= 1184
12050 - BYTES_PER_RING_ELEMENT= 1152
12051 - ETA1= 2
12052 - ETA1_RANDOMNESS_SIZE= 128
12053 */
12054 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
libcrux_ml_kem_ind_cca_generate_keypair_8c0(uint8_t randomness[64U])12055 libcrux_ml_kem_ind_cca_generate_keypair_8c0(uint8_t randomness[64U]) {
12056 Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
12057 randomness, (size_t)0U,
12058 LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
12059 Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from(
12060 (size_t)64U, randomness,
12061 LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
12062 size_t);
12063 libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 =
12064 libcrux_ml_kem_ind_cpa_generate_keypair_fc0(ind_cpa_keypair_randomness);
12065 uint8_t ind_cpa_private_key[1152U];
12066 memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t));
12067 uint8_t public_key[1184U];
12068 memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
12069 uint8_t secret_key_serialized[2400U];
12070 libcrux_ml_kem_ind_cca_serialize_kem_secret_key_48(
12071 Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
12072 Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
12073 implicit_rejection_value, secret_key_serialized);
12074 /* Passing arrays by value in Rust generates a copy in C */
12075 uint8_t copy_of_secret_key_serialized[2400U];
12076 memcpy(copy_of_secret_key_serialized, secret_key_serialized,
12077 (size_t)2400U * sizeof(uint8_t));
12078 libcrux_ml_kem_types_MlKemPrivateKey_55 private_key =
12079 libcrux_ml_kem_types_from_05_f2(copy_of_secret_key_serialized);
12080 libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key;
12081 /* Passing arrays by value in Rust generates a copy in C */
12082 uint8_t copy_of_public_key[1184U];
12083 memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
12084 return libcrux_ml_kem_types_from_17_35(
12085 uu____2, libcrux_ml_kem_types_from_b6_da(copy_of_public_key));
12086 }
12087
12088 /**
12089 A monomorphic instance of
12090 libcrux_ml_kem.ind_cca.instantiations.portable.kyber_generate_keypair with const
12091 generics
12092 - K= 3
12093 - CPA_PRIVATE_KEY_SIZE= 1152
12094 - PRIVATE_KEY_SIZE= 2400
12095 - PUBLIC_KEY_SIZE= 1184
12096 - BYTES_PER_RING_ELEMENT= 1152
12097 - ETA1= 2
12098 - ETA1_RANDOMNESS_SIZE= 128
12099 */
12100 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_9b(uint8_t randomness[64U])12101 libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_9b(
12102 uint8_t randomness[64U]) {
12103 /* Passing arrays by value in Rust generates a copy in C */
12104 uint8_t copy_of_randomness[64U];
12105 memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
12106 return libcrux_ml_kem_ind_cca_generate_keypair_8c0(copy_of_randomness);
12107 }
12108
12109 /**
12110 Generate Kyber 768 Key Pair
12111 */
12112 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(uint8_t randomness[64U])12113 libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(
12114 uint8_t randomness[64U]) {
12115 /* Passing arrays by value in Rust generates a copy in C */
12116 uint8_t copy_of_randomness[64U];
12117 memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
12118 return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_9b(
12119 copy_of_randomness);
12120 }
12121
12122 /**
12123 Validate an ML-KEM private key.
12124
12125 This implements the Hash check in 7.3 3.
12126 Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE`
12127 and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types.
12128 */
12129 /**
12130 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
12131 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
12132 with const generics
12133 - K= 3
12134 - SECRET_KEY_SIZE= 2400
12135 - CIPHERTEXT_SIZE= 1088
12136 */
libcrux_ml_kem_ind_cca_validate_private_key_e7(libcrux_ml_kem_types_MlKemPrivateKey_55 * private_key,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * _ciphertext)12137 static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_e7(
12138 libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
12139 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) {
12140 uint8_t t[32U];
12141 libcrux_ml_kem_hash_functions_portable_H_f1_1a(
12142 Eurydice_array_to_subslice2(private_key->value, (size_t)384U * (size_t)3U,
12143 (size_t)768U * (size_t)3U + (size_t)32U,
12144 uint8_t),
12145 t);
12146 Eurydice_slice expected = Eurydice_array_to_subslice2(
12147 private_key->value, (size_t)768U * (size_t)3U + (size_t)32U,
12148 (size_t)768U * (size_t)3U + (size_t)64U, uint8_t);
12149 return core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq(
12150 (size_t)32U, t, &expected, uint8_t, uint8_t, bool);
12151 }
12152
12153 /**
12154 Portable private key validation
12155 */
12156 /**
12157 A monomorphic instance of
12158 libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key with const
12159 generics
12160 - K= 3
12161 - SECRET_KEY_SIZE= 2400
12162 - CIPHERTEXT_SIZE= 1088
12163 */
12164 static KRML_MUSTINLINE bool
libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_9c(libcrux_ml_kem_types_MlKemPrivateKey_55 * private_key,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * ciphertext)12165 libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_9c(
12166 libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
12167 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
12168 return libcrux_ml_kem_ind_cca_validate_private_key_e7(private_key,
12169 ciphertext);
12170 }
12171
12172 /**
12173 Validate a private key.
12174
12175 Returns `true` if valid, and `false` otherwise.
12176 */
libcrux_ml_kem_mlkem768_portable_validate_private_key(libcrux_ml_kem_types_MlKemPrivateKey_55 * private_key,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * ciphertext)12177 static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key(
12178 libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
12179 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
12180 return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_9c(
12181 private_key, ciphertext);
12182 }
12183
12184 /**
12185 A monomorphic instance of
12186 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types
12187 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
12188 - PUBLIC_KEY_SIZE= 1184
12189 - K= 3
12190 */
12191 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_cd0(size_t _i)12192 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_cd0(
12193 size_t _i) {
12194 return libcrux_ml_kem_polynomial_ZERO_89_ea();
12195 }
12196
12197 /**
12198 This function deserializes ring elements and reduces the result by the field
12199 modulus.
12200
12201 This function MUST NOT be used on secret inputs.
12202 */
12203 /**
12204 A monomorphic instance of
12205 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
12206 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
12207 - PUBLIC_KEY_SIZE= 1184
12208 - K= 3
12209 */
12210 static KRML_MUSTINLINE void
libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_330(Eurydice_slice public_key,libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U])12211 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_330(
12212 Eurydice_slice public_key,
12213 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
12214 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U];
12215 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
12216 deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_ea();
12217 }
12218 for (size_t i = (size_t)0U;
12219 i < Eurydice_slice_len(public_key, uint8_t) /
12220 LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT;
12221 i++) {
12222 size_t i0 = i;
12223 Eurydice_slice ring_element = Eurydice_slice_subslice2(
12224 public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
12225 i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT +
12226 LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
12227 uint8_t);
12228 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
12229 libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_4c(
12230 ring_element);
12231 deserialized_pk[i0] = uu____0;
12232 }
12233 memcpy(
12234 ret, deserialized_pk,
12235 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
12236 }
12237
12238 /**
12239 Validate an ML-KEM public key.
12240
12241 This implements the Modulus check in 7.2 2.
12242 Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the
12243 `public_key` type.
12244 */
12245 /**
12246 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key
12247 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
12248 with const generics
12249 - K= 3
12250 - RANKED_BYTES_PER_RING_ELEMENT= 1152
12251 - PUBLIC_KEY_SIZE= 1184
12252 */
libcrux_ml_kem_ind_cca_validate_public_key_19(uint8_t * public_key)12253 static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_19(
12254 uint8_t *public_key) {
12255 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U];
12256 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_330(
12257 Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U,
12258 uint8_t, size_t),
12259 deserialized_pk);
12260 libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk;
12261 uint8_t public_key_serialized[1184U];
12262 libcrux_ml_kem_ind_cpa_serialize_public_key_79(
12263 uu____0,
12264 Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U,
12265 uint8_t, size_t),
12266 public_key_serialized);
12267 return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq(
12268 (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool);
12269 }
12270
12271 /**
12272 Portable public key validation
12273 */
12274 /**
12275 A monomorphic instance of
12276 libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const
12277 generics
12278 - K= 3
12279 - RANKED_BYTES_PER_RING_ELEMENT= 1152
12280 - PUBLIC_KEY_SIZE= 1184
12281 */
12282 static KRML_MUSTINLINE bool
libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4b(uint8_t * public_key)12283 libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4b(
12284 uint8_t *public_key) {
12285 return libcrux_ml_kem_ind_cca_validate_public_key_19(public_key);
12286 }
12287
12288 /**
12289 Validate a public key.
12290
12291 Returns `true` if valid, and `false` otherwise.
12292 */
libcrux_ml_kem_mlkem768_portable_validate_public_key(libcrux_ml_kem_types_MlKemPublicKey_15 * public_key)12293 static inline bool libcrux_ml_kem_mlkem768_portable_validate_public_key(
12294 libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) {
12295 return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4b(
12296 public_key->value);
12297 }
12298
12299 /**
12300 This function found in impl {(core::clone::Clone for
12301 libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
12302 */
12303 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_vector_type_clone_3b(libcrux_ml_kem_vector_portable_vector_type_PortableVector * self)12304 libcrux_ml_kem_vector_portable_vector_type_clone_3b(
12305 libcrux_ml_kem_vector_portable_vector_type_PortableVector *self) {
12306 return self[0U];
12307 }
12308
12309 typedef int16_t libcrux_ml_kem_vector_portable_vector_type_FieldElement;
12310
12311 typedef int16_t
12312 libcrux_ml_kem_vector_portable_arithmetic_MontgomeryFieldElement;
12313
12314 typedef int16_t
12315 libcrux_ml_kem_vector_portable_arithmetic_FieldElementTimesMontgomeryR;
12316
12317 #if defined(__cplusplus)
12318 }
12319 #endif
12320
12321 #define __libcrux_mlkem768_portable_H_DEFINED
12322 #endif
12323
12324
12325 /* rename some types to be a bit more ergonomic */
12326 #define libcrux_mlkem768_keypair libcrux_ml_kem_mlkem768_MlKem768KeyPair_s
12327 #define libcrux_mlkem768_pk_valid_result Option_92_s
12328 #define libcrux_mlkem768_pk libcrux_ml_kem_types_MlKemPublicKey_15_s
12329 #define libcrux_mlkem768_sk libcrux_ml_kem_types_MlKemPrivateKey_55_s
12330 #define libcrux_mlkem768_ciphertext libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s
12331 #define libcrux_mlkem768_enc_result tuple_3c_s
12332 /* defines for PRNG inputs */
12333 #define LIBCRUX_ML_KEM_KEY_PAIR_PRNG_LEN 64
12334 #define LIBCRUX_ML_KEM_ENC_PRNG_LEN 32
12335