1 /* $OpenBSD: libcrux_mlkem768_sha3.h,v 1.4 2025/11/13 05:13:06 djm Exp $ */
2
3 /* Extracted from libcrux revision 026a87ab6d88ad3626b9fbbf3710d1e0483c1849 */
4
5 /*
6 * MIT License
7 *
8 * Copyright (c) 2024 Cryspen
9 *
10 * Permission is hereby granted, free of charge, to any person obtaining a copy
11 * of this software and associated documentation files (the "Software"), to deal
12 * in the Software without restriction, including without limitation the rights
13 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
14 * copies of the Software, and to permit persons to whom the Software is
15 * furnished to do so, subject to the following conditions:
16 *
17 * The above copyright notice and this permission notice shall be included in all
18 * copies or substantial portions of the Software.
19 *
20 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
21 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
23 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
24 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
25 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
26 * SOFTWARE.
27 */
28
29 #if !defined(__GNUC__) || (__GNUC__ < 2)
30 # define __attribute__(x)
31 #endif
32 #define KRML_MUSTINLINE inline
33 #define KRML_NOINLINE __attribute__((noinline, unused))
34 #define KRML_HOST_EPRINTF(...)
35 #define KRML_HOST_EXIT(x) fatal_f("internal error")
36
37 static inline void
store64_le(uint8_t dst[8],uint64_t src)38 store64_le(uint8_t dst[8], uint64_t src)
39 {
40 dst[0] = src & 0xff;
41 dst[1] = (src >> 8) & 0xff;
42 dst[2] = (src >> 16) & 0xff;
43 dst[3] = (src >> 24) & 0xff;
44 dst[4] = (src >> 32) & 0xff;
45 dst[5] = (src >> 40) & 0xff;
46 dst[6] = (src >> 48) & 0xff;
47 dst[7] = (src >> 56) & 0xff;
48 }
49
50 static inline void
store32_le(uint8_t dst[4],uint32_t src)51 store32_le(uint8_t dst[4], uint32_t src)
52 {
53 dst[0] = src & 0xff;
54 dst[1] = (src >> 8) & 0xff;
55 dst[2] = (src >> 16) & 0xff;
56 dst[3] = (src >> 24) & 0xff;
57 }
58
59 static inline void
store32_be(uint8_t dst[4],uint32_t src)60 store32_be(uint8_t dst[4], uint32_t src)
61 {
62 dst[0] = (src >> 24) & 0xff;
63 dst[1] = (src >> 16) & 0xff;
64 dst[2] = (src >> 8) & 0xff;
65 dst[3] = src & 0xff;
66 }
67
68 static inline uint64_t
load64_le(uint8_t src[8])69 load64_le(uint8_t src[8])
70 {
71 return (uint64_t)(src[0]) |
72 ((uint64_t)(src[1]) << 8) |
73 ((uint64_t)(src[2]) << 16) |
74 ((uint64_t)(src[3]) << 24) |
75 ((uint64_t)(src[4]) << 32) |
76 ((uint64_t)(src[5]) << 40) |
77 ((uint64_t)(src[6]) << 48) |
78 ((uint64_t)(src[7]) << 56);
79 }
80
81 static inline uint32_t
load32_le(uint8_t src[4])82 load32_le(uint8_t src[4])
83 {
84 return (uint32_t)(src[0]) |
85 ((uint32_t)(src[1]) << 8) |
86 ((uint32_t)(src[2]) << 16) |
87 ((uint32_t)(src[3]) << 24);
88 }
89
90 #ifdef MISSING_BUILTIN_POPCOUNT
91 static inline unsigned int
__builtin_popcount(unsigned int num)92 __builtin_popcount(unsigned int num)
93 {
94 const int v[16] = { 0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4 };
95 return v[num & 0xf] + v[(num >> 4) & 0xf];
96 }
97 #endif
98
99 /* from libcrux/libcrux-ml-kem/extracts/c_header_only/generated/eurydice_glue.h */
100 #pragma once
101
102
103 #ifdef _MSC_VER
104 // For __popcnt
105 #endif
106
107
108 // C++ HELPERS
109
110 #if defined(__cplusplus)
111
112 #ifndef KRML_HOST_EPRINTF
113 #define KRML_HOST_EPRINTF(...) fprintf(stderr, __VA_ARGS__)
114 #endif
115
116
117 #ifndef __cpp_lib_type_identity
118 template <class T>
119 struct type_identity {
120 using type = T;
121 };
122
123 template <class T>
124 using type_identity_t = typename type_identity<T>::type;
125 #else
126 using std::type_identity_t;
127 #endif
128
129 #define KRML_UNION_CONSTRUCTOR(T) \
130 template <typename V> \
131 constexpr T(int t, V U::*m, type_identity_t<V> v) : tag(t) { \
132 val.*m = std::move(v); \
133 } \
134 T() = default;
135
136 #endif
137
138 // GENERAL-PURPOSE STUFF
139
140 #define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e)
141
142 #define EURYDICE_ASSERT(test, msg) \
143 do { \
144 if (!(test)) { \
145 fprintf(stderr, "assertion \"%s\" failed: file \"%s\", line %d\n", msg, \
146 __FILE__, __LINE__); \
147 exit(255); \
148 } \
149 } while (0)
150
151 // SLICES, ARRAYS, ETC.
152
153 // We represent a slice as a pair of an (untyped) pointer, along with the length
154 // of the slice, i.e. the number of elements in the slice (this is NOT the
155 // number of bytes). This design choice has two important consequences.
156 // - if you need to use `ptr`, you MUST cast it to a proper type *before*
157 // performing pointer arithmetic on it (remember that C desugars pointer
158 // arithmetic based on the type of the address)
159 // - if you need to use `len` for a C style function (e.g. memcpy, memcmp), you
160 // need to multiply it by sizeof t, where t is the type of the elements.
161 //
162 // Empty slices have `len == 0` and `ptr` always needs to be a valid pointer
163 // that is not NULL (otherwise the construction in EURYDICE_SLICE computes `NULL
164 // + start`).
165 typedef struct {
166 void *ptr;
167 size_t len;
168 } Eurydice_slice;
169
170 #if defined(__cplusplus)
171 #define KRML_CLITERAL(type) type
172 #else
173 #define KRML_CLITERAL(type) (type)
174 #endif
175
176 #if defined(__cplusplus) && defined(__cpp_designated_initializers) || \
177 !(defined(__cplusplus))
178 #define EURYDICE_CFIELD(X) X
179 #else
180 #define EURYDICE_CFIELD(X)
181 #endif
182
183 // Helper macro to create a slice out of a pointer x, a start index in x
184 // (included), and an end index in x (excluded). The argument x must be suitably
185 // cast to something that can decay (see remark above about how pointer
186 // arithmetic works in C), meaning either pointer or array type.
187 #define EURYDICE_SLICE(x, start, end) \
188 (KRML_CLITERAL(Eurydice_slice){(void *)(x + start), end - start})
189
190 // Slice length
191 #define EURYDICE_SLICE_LEN(s, _) (s).len
192 #define Eurydice_slice_len(s, _) (s).len
193
194 // This macro is a pain because in case the dereferenced element type is an
195 // array, you cannot simply write `t x` as it would yield `int[4] x` instead,
196 // which is NOT correct C syntax, so we add a dedicated phase in Eurydice that
197 // adds an extra argument to this macro at the last minute so that we have the
198 // correct type of *pointers* to elements.
199 #define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i])
200
201 // The following functions get sub slices from a slice.
202
203 #define Eurydice_slice_subslice(s, r, t, _0, _1) \
204 EURYDICE_SLICE((t *)s.ptr, r.start, r.end)
205
206 // Variant for when the start and end indices are statically known (i.e., the
207 // range argument `r` is a literal).
208 #define Eurydice_slice_subslice2(s, start, end, t) \
209 EURYDICE_SLICE((t *)s.ptr, (start), (end))
210
211 // Previous version above does not work when t is an array type (as usual). Will
212 // be deprecated soon.
213 #define Eurydice_slice_subslice3(s, start, end, t_ptr) \
214 EURYDICE_SLICE((t_ptr)s.ptr, (start), (end))
215
216 #define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _0, _1) \
217 EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos)
218
219 #define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _0, _1) \
220 EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len)
221
222 #define Eurydice_array_to_slice(end, x, t) \
223 EURYDICE_SLICE(x, 0, \
224 end) /* x is already at an array type, no need for cast */
225 #define Eurydice_array_to_subslice(_arraylen, x, r, t, _0, _1) \
226 EURYDICE_SLICE((t *)x, r.start, r.end)
227
228 // Same as above, variant for when start and end are statically known
229 #define Eurydice_array_to_subslice2(x, start, end, t) \
230 EURYDICE_SLICE((t *)x, (start), (end))
231
232 // Same as above, variant for when start and end are statically known
233 #define Eurydice_array_to_subslice3(x, start, end, t_ptr) \
234 EURYDICE_SLICE((t_ptr)x, (start), (end))
235
236 #define Eurydice_array_repeat(dst, len, init, t) \
237 ERROR "should've been desugared"
238
239 // The following functions convert an array into a slice.
240
241 #define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _0) \
242 EURYDICE_SLICE((t *)x, 0, r)
243 #define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _0) \
244 EURYDICE_SLICE((t *)x, r, size)
245
246 // Copy a slice with memcopy
247 #define Eurydice_slice_copy(dst, src, t) \
248 memcpy(dst.ptr, src.ptr, dst.len * sizeof(t))
249
250 #define core_array___Array_T__N___as_slice(len_, ptr_, t, _ret_t) \
251 KRML_CLITERAL(Eurydice_slice) { ptr_, len_ }
252
253 #define core_array__core__clone__Clone_for__Array_T__N___clone( \
254 len, src, dst, elem_type, _ret_t) \
255 (memcpy(dst, src, len * sizeof(elem_type)))
256 #define TryFromSliceError uint8_t
257 #define core_array_TryFromSliceError uint8_t
258
259 #define Eurydice_array_eq(sz, a1, a2, t) (memcmp(a1, a2, sz * sizeof(t)) == 0)
260
261 // core::cmp::PartialEq<&0 (@Slice<U>)> for @Array<T, N>
262 #define Eurydice_array_eq_slice(sz, a1, s2, t, _) \
263 (memcmp(a1, (s2)->ptr, sz * sizeof(t)) == 0)
264
265 #define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \
266 sz, a1, a2, t, _, _ret_t) \
267 Eurydice_array_eq(sz, a1, a2, t, _)
268 #define core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( \
269 sz, a1, a2, t, _, _ret_t) \
270 Eurydice_array_eq(sz, a1, ((a2)->ptr), t, _)
271
272 #define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \
273 KRML_CLITERAL(ret_t) { \
274 EURYDICE_CFIELD(.fst =) \
275 EURYDICE_SLICE((element_type *)(slice).ptr, 0, mid), \
276 EURYDICE_CFIELD(.snd =) \
277 EURYDICE_SLICE((element_type *)(slice).ptr, mid, (slice).len) \
278 }
279
280 #define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \
281 KRML_CLITERAL(ret_t) { \
282 EURYDICE_CFIELD(.fst =) \
283 KRML_CLITERAL(Eurydice_slice){EURYDICE_CFIELD(.ptr =)(slice.ptr), \
284 EURYDICE_CFIELD(.len =) mid}, \
285 EURYDICE_CFIELD(.snd =) KRML_CLITERAL(Eurydice_slice) { \
286 EURYDICE_CFIELD(.ptr =) \
287 ((char *)slice.ptr + mid * sizeof(element_type)), \
288 EURYDICE_CFIELD(.len =)(slice.len - mid) \
289 } \
290 }
291
292 // Conversion of slice to an array, rewritten (by Eurydice) to name the
293 // destination array, since arrays are not values in C.
294 // N.B.: see note in karamel/lib/Inlining.ml if you change this.
295 #define Eurydice_slice_to_array2(dst, src, _0, t_arr, _1) \
296 Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \
297 sizeof(t_arr))
298
Eurydice_slice_to_array3(uint8_t * dst_tag,char * dst_ok,Eurydice_slice src,size_t sz)299 static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, char *dst_ok,
300 Eurydice_slice src, size_t sz) {
301 *dst_tag = 0;
302 memcpy(dst_ok, src.ptr, sz);
303 }
304
305 // SUPPORT FOR DSTs (Dynamically-Sized Types)
306
307 // A DST is a fat pointer that keeps tracks of the size of it flexible array
308 // member. Slices are a specific case of DSTs, where [T; N] implements
309 // Unsize<[T]>, meaning an array of statically known size can be converted to a
310 // fat pointer, i.e. a slice.
311 //
312 // Unlike slices, DSTs have a built-in definition that gets monomorphized, of
313 // the form:
314 //
315 // typedef struct {
316 // T *ptr;
317 // size_t len; // number of elements
318 // } Eurydice_dst;
319 //
320 // Furthermore, T = T0<[U0]> where `struct T0<U: ?Sized>`, where the `U` is the
321 // last field. This means that there are two monomorphizations of T0 in the
322 // program. One is `T0<[V; N]>`
323 // -- this is directly converted to a Eurydice_dst via suitable codegen (no
324 // macro). The other is `T = T0<[U]>`, where `[U]` gets emitted to
325 // `Eurydice_derefed_slice`, a type that only appears in that precise situation
326 // and is thus defined to give rise to a flexible array member.
327
328 typedef char Eurydice_derefed_slice[];
329
330 #define Eurydice_slice_of_dst(fam_ptr, len_, t, _) \
331 ((Eurydice_slice){.ptr = (void *)(fam_ptr), .len = len_})
332
333 #define Eurydice_slice_of_boxed_array(ptr_, len_, t, _) \
334 ((Eurydice_slice){.ptr = (void *)(ptr_), .len = len_})
335
336 // CORE STUFF (conversions, endianness, ...)
337
338 // We slap extern "C" on declarations that intend to implement a prototype
339 // generated by Eurydice, because Eurydice prototypes are always emitted within
340 // an extern "C" block, UNLESS you use -fcxx17-compat, in which case, you must
341 // pass -DKRML_CXX17_COMPAT="" to your C++ compiler.
342 #if defined(__cplusplus) && !defined(KRML_CXX17_COMPAT)
343 extern "C" {
344 #endif
345
core_num__u32__to_be_bytes(uint32_t src,uint8_t dst[4])346 static inline void core_num__u32__to_be_bytes(uint32_t src, uint8_t dst[4]) {
347 store32_be(dst, src);
348 }
349
core_num__u32__to_le_bytes(uint32_t src,uint8_t dst[4])350 static inline void core_num__u32__to_le_bytes(uint32_t src, uint8_t dst[4]) {
351 store32_le(dst, src);
352 }
353
core_num__u32__from_le_bytes(uint8_t buf[4])354 static inline uint32_t core_num__u32__from_le_bytes(uint8_t buf[4]) {
355 return load32_le(buf);
356 }
357
core_num__u64__to_le_bytes(uint64_t v,uint8_t buf[8])358 static inline void core_num__u64__to_le_bytes(uint64_t v, uint8_t buf[8]) {
359 store64_le(buf, v);
360 }
361
core_num__u64__from_le_bytes(uint8_t buf[8])362 static inline uint64_t core_num__u64__from_le_bytes(uint8_t buf[8]) {
363 return load64_le(buf);
364 }
365
core_convert_num___core__convert__From_i32__for_i64__from(int32_t x)366 static inline int64_t core_convert_num___core__convert__From_i32__for_i64__from(
367 int32_t x) {
368 return x;
369 }
370
core_convert_num___core__convert__From_u8__for_u64__from(uint8_t x)371 static inline uint64_t core_convert_num___core__convert__From_u8__for_u64__from(
372 uint8_t x) {
373 return x;
374 }
375
376 static inline uint64_t
core_convert_num___core__convert__From_u16__for_u64__from(uint16_t x)377 core_convert_num___core__convert__From_u16__for_u64__from(uint16_t x) {
378 return x;
379 }
380
381 static inline size_t
core_convert_num___core__convert__From_u16__for_usize__from(uint16_t x)382 core_convert_num___core__convert__From_u16__for_usize__from(uint16_t x) {
383 return x;
384 }
385
core_num__u8__count_ones(uint8_t x0)386 static inline uint32_t core_num__u8__count_ones(uint8_t x0) {
387 #ifdef _MSC_VER
388 return __popcnt(x0);
389 #else
390 return __builtin_popcount(x0);
391 #endif
392 }
393
core_num__i32__count_ones(int32_t x0)394 static inline uint32_t core_num__i32__count_ones(int32_t x0) {
395 #ifdef _MSC_VER
396 return __popcnt(x0);
397 #else
398 return __builtin_popcount(x0);
399 #endif
400 }
401
core_cmp_impls___core__cmp__Ord_for_usize__min(size_t a,size_t b)402 static inline size_t core_cmp_impls___core__cmp__Ord_for_usize__min(size_t a,
403 size_t b) {
404 if (a <= b)
405 return a;
406 else
407 return b;
408 }
409
410 // unsigned overflow wraparound semantics in C
core_num__u16__wrapping_add(uint16_t x,uint16_t y)411 static inline uint16_t core_num__u16__wrapping_add(uint16_t x, uint16_t y) {
412 return x + y;
413 }
core_num__u8__wrapping_sub(uint8_t x,uint8_t y)414 static inline uint8_t core_num__u8__wrapping_sub(uint8_t x, uint8_t y) {
415 return x - y;
416 }
core_num__u64__rotate_left(uint64_t x0,uint32_t x1)417 static inline uint64_t core_num__u64__rotate_left(uint64_t x0, uint32_t x1) {
418 return (x0 << x1 | x0 >> (64 - x1));
419 }
420
core_ops_arith__i32__add_assign(int32_t * x0,int32_t * x1)421 static inline void core_ops_arith__i32__add_assign(int32_t *x0, int32_t *x1) {
422 *x0 = *x0 + *x1;
423 }
424
Eurydice_bitand_pv_u8(uint8_t * p,uint8_t v)425 static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) {
426 return (*p) & v;
427 }
Eurydice_shr_pv_u8(uint8_t * p,int32_t v)428 static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) {
429 return (*p) >> v;
430 }
Eurydice_min_u32(uint32_t x,uint32_t y)431 static inline uint32_t Eurydice_min_u32(uint32_t x, uint32_t y) {
432 return x < y ? x : y;
433 }
434
435 static inline uint8_t
core_ops_bit___core__ops__bit__BitAnd_u8__u8__for___a__u8___46__bitand(uint8_t * x0,uint8_t x1)436 core_ops_bit___core__ops__bit__BitAnd_u8__u8__for___a__u8___46__bitand(
437 uint8_t *x0, uint8_t x1) {
438 return Eurydice_bitand_pv_u8(x0, x1);
439 }
440
441 static inline uint8_t
core_ops_bit___core__ops__bit__Shr_i32__u8__for___a__u8___792__shr(uint8_t * x0,int32_t x1)442 core_ops_bit___core__ops__bit__Shr_i32__u8__for___a__u8___792__shr(uint8_t *x0,
443 int32_t x1) {
444 return Eurydice_shr_pv_u8(x0, x1);
445 }
446
447 #define core_num_nonzero_private_NonZeroUsizeInner size_t
448 static inline core_num_nonzero_private_NonZeroUsizeInner
core_num_nonzero_private___core__clone__Clone_for_core__num__nonzero__private__NonZeroUsizeInner__26__clone(core_num_nonzero_private_NonZeroUsizeInner * x0)449 core_num_nonzero_private___core__clone__Clone_for_core__num__nonzero__private__NonZeroUsizeInner__26__clone(
450 core_num_nonzero_private_NonZeroUsizeInner *x0) {
451 return *x0;
452 }
453
454 #if defined(__cplusplus) && !defined(KRML_CXX17_COMPAT)
455 }
456 #endif
457
458 // ITERATORS
459
460 #define Eurydice_range_iter_next(iter_ptr, t, ret_t) \
461 (((iter_ptr)->start >= (iter_ptr)->end) \
462 ? (KRML_CLITERAL(ret_t){EURYDICE_CFIELD(.tag =) 0, \
463 EURYDICE_CFIELD(.f0 =) 0}) \
464 : (KRML_CLITERAL(ret_t){EURYDICE_CFIELD(.tag =) 1, \
465 EURYDICE_CFIELD(.f0 =)(iter_ptr)->start++}))
466
467 #define core_iter_range___core__iter__traits__iterator__Iterator_A__for_core__ops__range__Range_A__TraitClause_0___6__next \
468 Eurydice_range_iter_next
469
470 // See note in karamel/lib/Inlining.ml if you change this
471 #define Eurydice_into_iter(x, t, _ret_t, _) (x)
472 #define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_Clause1_Item__I__for_I__1__into_iter \
473 Eurydice_into_iter
474
475 typedef struct {
476 Eurydice_slice slice;
477 size_t chunk_size;
478 } Eurydice_chunks;
479
480 // Can't use macros Eurydice_slice_subslice_{to,from} because they require a
481 // type, and this static inline function cannot receive a type as an argument.
482 // Instead, we receive the element size and use it to peform manual offset
483 // computations rather than going through the macros.
chunk_next(Eurydice_chunks * chunks,size_t element_size)484 static inline Eurydice_slice chunk_next(Eurydice_chunks *chunks,
485 size_t element_size) {
486 size_t chunk_size = chunks->slice.len >= chunks->chunk_size
487 ? chunks->chunk_size
488 : chunks->slice.len;
489 Eurydice_slice curr_chunk;
490 curr_chunk.ptr = chunks->slice.ptr;
491 curr_chunk.len = chunk_size;
492 chunks->slice.ptr = (char *)(chunks->slice.ptr) + chunk_size * element_size;
493 chunks->slice.len = chunks->slice.len - chunk_size;
494 return curr_chunk;
495 }
496
497 #define core_slice___Slice_T___chunks(slice_, sz_, t, _ret_t) \
498 ((Eurydice_chunks){.slice = slice_, .chunk_size = sz_})
499 #define core_slice___Slice_T___chunks_exact(slice_, sz_, t, _ret_t) \
500 ((Eurydice_chunks){ \
501 .slice = {.ptr = slice_.ptr, .len = slice_.len - (slice_.len % sz_)}, \
502 .chunk_size = sz_})
503 #define core_slice_iter_Chunks Eurydice_chunks
504 #define core_slice_iter_ChunksExact Eurydice_chunks
505 #define Eurydice_chunks_next(iter, t, ret_t) \
506 (((iter)->slice.len == 0) ? ((ret_t){.tag = core_option_None}) \
507 : ((ret_t){.tag = core_option_Some, \
508 .f0 = chunk_next(iter, sizeof(t))}))
509 #define core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next \
510 Eurydice_chunks_next
511 // This name changed on 20240627
512 #define core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___71__next \
513 Eurydice_chunks_next
514 #define core_slice_iter__core__slice__iter__ChunksExact__a__T__89__next( \
515 iter, t, _ret_t) \
516 core_slice_iter__core__slice__iter__Chunks__a__T__70__next(iter, t)
517
518 typedef struct {
519 Eurydice_slice s;
520 size_t index;
521 } Eurydice_slice_iterator;
522
523 #define core_slice___Slice_T___iter(x, t, _ret_t) \
524 ((Eurydice_slice_iterator){.s = x, .index = 0})
525 #define core_slice_iter_Iter Eurydice_slice_iterator
526 #define core_slice_iter__core__slice__iter__Iter__a__T__181__next(iter, t, \
527 ret_t) \
528 (((iter)->index == (iter)->s.len) \
529 ? (KRML_CLITERAL(ret_t){.tag = core_option_None}) \
530 : (KRML_CLITERAL(ret_t){ \
531 .tag = core_option_Some, \
532 .f0 = ((iter)->index++, \
533 &((t *)((iter)->s.ptr))[(iter)->index - 1])}))
534 #define core_option__core__option__Option_T__TraitClause_0___is_some(X, _0, \
535 _1) \
536 ((X)->tag == 1)
537 // STRINGS
538
539 typedef const char *Prims_string;
540
541 // MISC (UNTESTED)
542
543 typedef void *core_fmt_Formatter;
544 typedef void *core_fmt_Arguments;
545 typedef void *core_fmt_rt_Argument;
546 #define core_fmt_rt__core__fmt__rt__Argument__a__1__new_display(x1, x2, x3, \
547 x4) \
548 NULL
549
550 // BOXES
551
552 // Crimes.
malloc_and_init(size_t sz,char * init)553 static inline char *malloc_and_init(size_t sz, char *init) {
554 char *ptr = (char *)malloc(sz);
555 memcpy(ptr, init, sz);
556 return ptr;
557 }
558
559 #define Eurydice_box_new(init, t, t_dst) \
560 ((t_dst)(malloc_and_init(sizeof(t), (char *)(&init))))
561
562 #define Eurydice_box_new_array(len, ptr, t, t_dst) \
563 ((t_dst)(malloc_and_init(len * sizeof(t), (char *)(ptr))))
564
565 /* from libcrux/libcrux-ml-kem/extracts/c_header_only/generated/libcrux_mlkem_core.h */
566 /*
567 * SPDX-FileCopyrightText: 2025 Cryspen Sarl <info@cryspen.com>
568 *
569 * SPDX-License-Identifier: MIT or Apache-2.0
570 *
571 * This code was generated with the following revisions:
572 * Charon: 667d2fc98984ff7f3df989c2367e6c1fa4a000e7
573 * Eurydice: 2381cbc416ef2ad0b561c362c500bc84f36b6785
574 * Karamel: 80f5435f2fc505973c469a4afcc8d875cddd0d8b
575 * F*: 71d8221589d4d438af3706d89cb653cf53e18aab
576 * Libcrux: 68dfed5a4a9e40277f62828471c029afed1ecdcc
577 */
578
579 #ifndef libcrux_mlkem_core_H
580 #define libcrux_mlkem_core_H
581
582
583 #if defined(__cplusplus)
584 extern "C" {
585 #endif
586
587 /**
588 A monomorphic instance of core.ops.range.Range
589 with types size_t
590
591 */
592 typedef struct core_ops_range_Range_08_s {
593 size_t start;
594 size_t end;
595 } core_ops_range_Range_08;
596
597 static inline uint16_t core_num__u16__wrapping_add(uint16_t x0, uint16_t x1);
598
599 static inline uint64_t core_num__u64__from_le_bytes(uint8_t x0[8U]);
600
601 static inline uint64_t core_num__u64__rotate_left(uint64_t x0, uint32_t x1);
602
603 static inline void core_num__u64__to_le_bytes(uint64_t x0, uint8_t x1[8U]);
604
605 static inline uint32_t core_num__u8__count_ones(uint8_t x0);
606
607 static inline uint8_t core_num__u8__wrapping_sub(uint8_t x0, uint8_t x1);
608
609 #define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U)
610
611 #define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT ((size_t)12U)
612
613 #define LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT ((size_t)256U)
614
615 #define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT \
616 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)12U)
617
618 #define LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT \
619 (LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U)
620
621 #define LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE ((size_t)32U)
622
623 #define LIBCRUX_ML_KEM_CONSTANTS_G_DIGEST_SIZE ((size_t)64U)
624
625 #define LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE ((size_t)32U)
626
627 /**
628 K * BITS_PER_RING_ELEMENT / 8
629
630 [eurydice] Note that we can't use const generics here because that breaks
631 C extraction with eurydice.
632 */
libcrux_ml_kem_constants_ranked_bytes_per_ring_element(size_t rank)633 static inline size_t libcrux_ml_kem_constants_ranked_bytes_per_ring_element(
634 size_t rank) {
635 return rank * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U;
636 }
637
638 /**
639 This function found in impl {libcrux_secrets::traits::Classify<T> for T}
640 */
641 /**
642 A monomorphic instance of libcrux_secrets.int.public_integers.classify_27
643 with types uint8_t
644
645 */
646 static KRML_MUSTINLINE uint8_t
libcrux_secrets_int_public_integers_classify_27_90(uint8_t self)647 libcrux_secrets_int_public_integers_classify_27_90(uint8_t self) {
648 return self;
649 }
650
651 /**
652 This function found in impl {libcrux_secrets::traits::Declassify<T> for T}
653 */
654 /**
655 A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8
656 with types int16_t
657
658 */
659 static KRML_MUSTINLINE int16_t
libcrux_secrets_int_public_integers_declassify_d8_39(int16_t self)660 libcrux_secrets_int_public_integers_declassify_d8_39(int16_t self) {
661 return self;
662 }
663
664 /**
665 This function found in impl {libcrux_secrets::int::CastOps for i16}
666 */
libcrux_secrets_int_as_u8_f5(int16_t self)667 static KRML_MUSTINLINE uint8_t libcrux_secrets_int_as_u8_f5(int16_t self) {
668 return libcrux_secrets_int_public_integers_classify_27_90(
669 (uint8_t)libcrux_secrets_int_public_integers_declassify_d8_39(self));
670 }
671
672 /**
673 This function found in impl {libcrux_secrets::traits::Classify<T> for T}
674 */
675 /**
676 A monomorphic instance of libcrux_secrets.int.public_integers.classify_27
677 with types int16_t
678
679 */
680 static KRML_MUSTINLINE int16_t
libcrux_secrets_int_public_integers_classify_27_39(int16_t self)681 libcrux_secrets_int_public_integers_classify_27_39(int16_t self) {
682 return self;
683 }
684
685 /**
686 This function found in impl {libcrux_secrets::traits::Declassify<T> for T}
687 */
688 /**
689 A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8
690 with types uint8_t
691
692 */
693 static KRML_MUSTINLINE uint8_t
libcrux_secrets_int_public_integers_declassify_d8_90(uint8_t self)694 libcrux_secrets_int_public_integers_declassify_d8_90(uint8_t self) {
695 return self;
696 }
697
698 /**
699 This function found in impl {libcrux_secrets::int::CastOps for u8}
700 */
libcrux_secrets_int_as_i16_59(uint8_t self)701 static KRML_MUSTINLINE int16_t libcrux_secrets_int_as_i16_59(uint8_t self) {
702 return libcrux_secrets_int_public_integers_classify_27_39(
703 (int16_t)libcrux_secrets_int_public_integers_declassify_d8_90(self));
704 }
705
706 /**
707 This function found in impl {libcrux_secrets::traits::Classify<T> for T}
708 */
709 /**
710 A monomorphic instance of libcrux_secrets.int.public_integers.classify_27
711 with types int32_t
712
713 */
714 static KRML_MUSTINLINE int32_t
libcrux_secrets_int_public_integers_classify_27_a8(int32_t self)715 libcrux_secrets_int_public_integers_classify_27_a8(int32_t self) {
716 return self;
717 }
718
719 /**
720 This function found in impl {libcrux_secrets::int::CastOps for i16}
721 */
libcrux_secrets_int_as_i32_f5(int16_t self)722 static KRML_MUSTINLINE int32_t libcrux_secrets_int_as_i32_f5(int16_t self) {
723 return libcrux_secrets_int_public_integers_classify_27_a8(
724 (int32_t)libcrux_secrets_int_public_integers_declassify_d8_39(self));
725 }
726
727 /**
728 This function found in impl {libcrux_secrets::traits::Declassify<T> for T}
729 */
730 /**
731 A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8
732 with types int32_t
733
734 */
735 static KRML_MUSTINLINE int32_t
libcrux_secrets_int_public_integers_declassify_d8_a8(int32_t self)736 libcrux_secrets_int_public_integers_declassify_d8_a8(int32_t self) {
737 return self;
738 }
739
740 /**
741 This function found in impl {libcrux_secrets::int::CastOps for i32}
742 */
libcrux_secrets_int_as_i16_36(int32_t self)743 static KRML_MUSTINLINE int16_t libcrux_secrets_int_as_i16_36(int32_t self) {
744 return libcrux_secrets_int_public_integers_classify_27_39(
745 (int16_t)libcrux_secrets_int_public_integers_declassify_d8_a8(self));
746 }
747
748 /**
749 This function found in impl {libcrux_secrets::traits::Declassify<T> for T}
750 */
751 /**
752 A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8
753 with types uint32_t
754
755 */
756 static KRML_MUSTINLINE uint32_t
libcrux_secrets_int_public_integers_declassify_d8_df(uint32_t self)757 libcrux_secrets_int_public_integers_declassify_d8_df(uint32_t self) {
758 return self;
759 }
760
761 /**
762 This function found in impl {libcrux_secrets::int::CastOps for u32}
763 */
libcrux_secrets_int_as_i32_b8(uint32_t self)764 static KRML_MUSTINLINE int32_t libcrux_secrets_int_as_i32_b8(uint32_t self) {
765 return libcrux_secrets_int_public_integers_classify_27_a8(
766 (int32_t)libcrux_secrets_int_public_integers_declassify_d8_df(self));
767 }
768
769 /**
770 This function found in impl {libcrux_secrets::traits::Classify<T> for T}
771 */
772 /**
773 A monomorphic instance of libcrux_secrets.int.public_integers.classify_27
774 with types uint16_t
775
776 */
777 static KRML_MUSTINLINE uint16_t
libcrux_secrets_int_public_integers_classify_27_de(uint16_t self)778 libcrux_secrets_int_public_integers_classify_27_de(uint16_t self) {
779 return self;
780 }
781
782 /**
783 This function found in impl {libcrux_secrets::int::CastOps for i16}
784 */
libcrux_secrets_int_as_u16_f5(int16_t self)785 static KRML_MUSTINLINE uint16_t libcrux_secrets_int_as_u16_f5(int16_t self) {
786 return libcrux_secrets_int_public_integers_classify_27_de(
787 (uint16_t)libcrux_secrets_int_public_integers_declassify_d8_39(self));
788 }
789
790 /**
791 This function found in impl {libcrux_secrets::traits::Declassify<T> for T}
792 */
793 /**
794 A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8
795 with types uint16_t
796
797 */
798 static KRML_MUSTINLINE uint16_t
libcrux_secrets_int_public_integers_declassify_d8_de(uint16_t self)799 libcrux_secrets_int_public_integers_declassify_d8_de(uint16_t self) {
800 return self;
801 }
802
803 /**
804 This function found in impl {libcrux_secrets::int::CastOps for u16}
805 */
libcrux_secrets_int_as_i16_ca(uint16_t self)806 static KRML_MUSTINLINE int16_t libcrux_secrets_int_as_i16_ca(uint16_t self) {
807 return libcrux_secrets_int_public_integers_classify_27_39(
808 (int16_t)libcrux_secrets_int_public_integers_declassify_d8_de(self));
809 }
810
811 /**
812 This function found in impl {libcrux_secrets::traits::Classify<T> for T}
813 */
814 /**
815 A monomorphic instance of libcrux_secrets.int.public_integers.classify_27
816 with types uint64_t
817
818 */
819 static KRML_MUSTINLINE uint64_t
libcrux_secrets_int_public_integers_classify_27_49(uint64_t self)820 libcrux_secrets_int_public_integers_classify_27_49(uint64_t self) {
821 return self;
822 }
823
824 /**
825 This function found in impl {libcrux_secrets::int::CastOps for u16}
826 */
libcrux_secrets_int_as_u64_ca(uint16_t self)827 static KRML_MUSTINLINE uint64_t libcrux_secrets_int_as_u64_ca(uint16_t self) {
828 return libcrux_secrets_int_public_integers_classify_27_49(
829 (uint64_t)libcrux_secrets_int_public_integers_declassify_d8_de(self));
830 }
831
832 /**
833 This function found in impl {libcrux_secrets::traits::Classify<T> for T}
834 */
835 /**
836 A monomorphic instance of libcrux_secrets.int.public_integers.classify_27
837 with types uint32_t
838
839 */
840 static KRML_MUSTINLINE uint32_t
libcrux_secrets_int_public_integers_classify_27_df(uint32_t self)841 libcrux_secrets_int_public_integers_classify_27_df(uint32_t self) {
842 return self;
843 }
844
845 /**
846 This function found in impl {libcrux_secrets::traits::Declassify<T> for T}
847 */
848 /**
849 A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8
850 with types uint64_t
851
852 */
853 static KRML_MUSTINLINE uint64_t
libcrux_secrets_int_public_integers_declassify_d8_49(uint64_t self)854 libcrux_secrets_int_public_integers_declassify_d8_49(uint64_t self) {
855 return self;
856 }
857
858 /**
859 This function found in impl {libcrux_secrets::int::CastOps for u64}
860 */
libcrux_secrets_int_as_u32_a3(uint64_t self)861 static KRML_MUSTINLINE uint32_t libcrux_secrets_int_as_u32_a3(uint64_t self) {
862 return libcrux_secrets_int_public_integers_classify_27_df(
863 (uint32_t)libcrux_secrets_int_public_integers_declassify_d8_49(self));
864 }
865
866 /**
867 This function found in impl {libcrux_secrets::int::CastOps for u32}
868 */
libcrux_secrets_int_as_i16_b8(uint32_t self)869 static KRML_MUSTINLINE int16_t libcrux_secrets_int_as_i16_b8(uint32_t self) {
870 return libcrux_secrets_int_public_integers_classify_27_39(
871 (int16_t)libcrux_secrets_int_public_integers_declassify_d8_df(self));
872 }
873
874 /**
875 This function found in impl {libcrux_secrets::int::CastOps for i16}
876 */
libcrux_secrets_int_as_i16_f5(int16_t self)877 static KRML_MUSTINLINE int16_t libcrux_secrets_int_as_i16_f5(int16_t self) {
878 return libcrux_secrets_int_public_integers_classify_27_39(
879 libcrux_secrets_int_public_integers_declassify_d8_39(self));
880 }
881
882 typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s {
883 uint8_t fst[1152U];
884 uint8_t snd[1184U];
885 } libcrux_ml_kem_utils_extraction_helper_Keypair768;
886
887 #define Ok 0
888 #define Err 1
889
890 typedef uint8_t Result_b2_tags;
891
892 /**
893 A monomorphic instance of core.result.Result
894 with types uint8_t[24size_t], core_array_TryFromSliceError
895
896 */
897 typedef struct Result_b2_s {
898 Result_b2_tags tag;
899 union {
900 uint8_t case_Ok[24U];
901 TryFromSliceError case_Err;
902 } val;
903 } Result_b2;
904
905 /**
906 This function found in impl {core::result::Result<T, E>[TraitClause@0,
907 TraitClause@1]}
908 */
909 /**
910 A monomorphic instance of core.result.unwrap_26
911 with types uint8_t[24size_t], core_array_TryFromSliceError
912
913 */
unwrap_26_70(Result_b2 self,uint8_t ret[24U])914 static inline void unwrap_26_70(Result_b2 self, uint8_t ret[24U]) {
915 if (self.tag == Ok) {
916 uint8_t f0[24U];
917 memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t));
918 memcpy(ret, f0, (size_t)24U * sizeof(uint8_t));
919 } else {
920 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
921 "unwrap not Ok");
922 KRML_HOST_EXIT(255U);
923 }
924 }
925
926 /**
927 A monomorphic instance of core.result.Result
928 with types uint8_t[20size_t], core_array_TryFromSliceError
929
930 */
931 typedef struct Result_e1_s {
932 Result_b2_tags tag;
933 union {
934 uint8_t case_Ok[20U];
935 TryFromSliceError case_Err;
936 } val;
937 } Result_e1;
938
939 /**
940 This function found in impl {core::result::Result<T, E>[TraitClause@0,
941 TraitClause@1]}
942 */
943 /**
944 A monomorphic instance of core.result.unwrap_26
945 with types uint8_t[20size_t], core_array_TryFromSliceError
946
947 */
unwrap_26_20(Result_e1 self,uint8_t ret[20U])948 static inline void unwrap_26_20(Result_e1 self, uint8_t ret[20U]) {
949 if (self.tag == Ok) {
950 uint8_t f0[20U];
951 memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t));
952 memcpy(ret, f0, (size_t)20U * sizeof(uint8_t));
953 } else {
954 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
955 "unwrap not Ok");
956 KRML_HOST_EXIT(255U);
957 }
958 }
959
960 /**
961 Pad the `slice` with `0`s at the end.
962 */
963 /**
964 A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
965 with const generics
966 - LEN= 32
967 */
libcrux_ml_kem_utils_into_padded_array_9e(Eurydice_slice slice,uint8_t ret[32U])968 static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_9e(
969 Eurydice_slice slice, uint8_t ret[32U]) {
970 uint8_t out[32U] = {0U};
971 uint8_t *uu____0 = out;
972 Eurydice_slice_copy(
973 Eurydice_array_to_subslice3(
974 uu____0, (size_t)0U, Eurydice_slice_len(slice, uint8_t), uint8_t *),
975 slice, uint8_t);
976 memcpy(ret, out, (size_t)32U * sizeof(uint8_t));
977 }
978
979 /**
980 A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey
981 with const generics
982 - $2400size_t
983 */
984 typedef struct libcrux_ml_kem_types_MlKemPrivateKey_d9_s {
985 uint8_t value[2400U];
986 } libcrux_ml_kem_types_MlKemPrivateKey_d9;
987
988 /**
989 This function found in impl {core::default::Default for
990 libcrux_ml_kem::types::MlKemPrivateKey<SIZE>}
991 */
992 /**
993 A monomorphic instance of libcrux_ml_kem.types.default_d3
994 with const generics
995 - SIZE= 2400
996 */
997 static inline libcrux_ml_kem_types_MlKemPrivateKey_d9
libcrux_ml_kem_types_default_d3_28(void)998 libcrux_ml_kem_types_default_d3_28(void) {
999 return (
1000 KRML_CLITERAL(libcrux_ml_kem_types_MlKemPrivateKey_d9){.value = {0U}});
1001 }
1002
1003 /**
1004 A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey
1005 with const generics
1006 - $1184size_t
1007 */
1008 typedef struct libcrux_ml_kem_types_MlKemPublicKey_30_s {
1009 uint8_t value[1184U];
1010 } libcrux_ml_kem_types_MlKemPublicKey_30;
1011
1012 /**
1013 This function found in impl {core::convert::From<@Array<u8, SIZE>> for
1014 libcrux_ml_kem::types::MlKemPublicKey<SIZE>}
1015 */
1016 /**
1017 A monomorphic instance of libcrux_ml_kem.types.from_fd
1018 with const generics
1019 - SIZE= 1184
1020 */
1021 static inline libcrux_ml_kem_types_MlKemPublicKey_30
libcrux_ml_kem_types_from_fd_d0(uint8_t value[1184U])1022 libcrux_ml_kem_types_from_fd_d0(uint8_t value[1184U]) {
1023 /* Passing arrays by value in Rust generates a copy in C */
1024 uint8_t copy_of_value[1184U];
1025 memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t));
1026 libcrux_ml_kem_types_MlKemPublicKey_30 lit;
1027 memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t));
1028 return lit;
1029 }
1030
1031 typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s {
1032 libcrux_ml_kem_types_MlKemPrivateKey_d9 sk;
1033 libcrux_ml_kem_types_MlKemPublicKey_30 pk;
1034 } libcrux_ml_kem_mlkem768_MlKem768KeyPair;
1035
1036 /**
1037 This function found in impl
1038 {libcrux_ml_kem::types::MlKemKeyPair<PRIVATE_KEY_SIZE, PUBLIC_KEY_SIZE>}
1039 */
1040 /**
1041 A monomorphic instance of libcrux_ml_kem.types.from_17
1042 with const generics
1043 - PRIVATE_KEY_SIZE= 2400
1044 - PUBLIC_KEY_SIZE= 1184
1045 */
1046 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
libcrux_ml_kem_types_from_17_74(libcrux_ml_kem_types_MlKemPrivateKey_d9 sk,libcrux_ml_kem_types_MlKemPublicKey_30 pk)1047 libcrux_ml_kem_types_from_17_74(libcrux_ml_kem_types_MlKemPrivateKey_d9 sk,
1048 libcrux_ml_kem_types_MlKemPublicKey_30 pk) {
1049 return (KRML_CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk,
1050 .pk = pk});
1051 }
1052
1053 /**
1054 This function found in impl {core::convert::From<@Array<u8, SIZE>> for
1055 libcrux_ml_kem::types::MlKemPrivateKey<SIZE>}
1056 */
1057 /**
1058 A monomorphic instance of libcrux_ml_kem.types.from_77
1059 with const generics
1060 - SIZE= 2400
1061 */
1062 static inline libcrux_ml_kem_types_MlKemPrivateKey_d9
libcrux_ml_kem_types_from_77_28(uint8_t value[2400U])1063 libcrux_ml_kem_types_from_77_28(uint8_t value[2400U]) {
1064 /* Passing arrays by value in Rust generates a copy in C */
1065 uint8_t copy_of_value[2400U];
1066 memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t));
1067 libcrux_ml_kem_types_MlKemPrivateKey_d9 lit;
1068 memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t));
1069 return lit;
1070 }
1071
1072 /**
1073 A monomorphic instance of core.result.Result
1074 with types uint8_t[32size_t], core_array_TryFromSliceError
1075
1076 */
1077 typedef struct Result_fb_s {
1078 Result_b2_tags tag;
1079 union {
1080 uint8_t case_Ok[32U];
1081 TryFromSliceError case_Err;
1082 } val;
1083 } Result_fb;
1084
1085 /**
1086 This function found in impl {core::result::Result<T, E>[TraitClause@0,
1087 TraitClause@1]}
1088 */
1089 /**
1090 A monomorphic instance of core.result.unwrap_26
1091 with types uint8_t[32size_t], core_array_TryFromSliceError
1092
1093 */
unwrap_26_b3(Result_fb self,uint8_t ret[32U])1094 static inline void unwrap_26_b3(Result_fb self, uint8_t ret[32U]) {
1095 if (self.tag == Ok) {
1096 uint8_t f0[32U];
1097 memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t));
1098 memcpy(ret, f0, (size_t)32U * sizeof(uint8_t));
1099 } else {
1100 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
1101 "unwrap not Ok");
1102 KRML_HOST_EXIT(255U);
1103 }
1104 }
1105
1106 typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s {
1107 uint8_t value[1088U];
1108 } libcrux_ml_kem_mlkem768_MlKem768Ciphertext;
1109
1110 /**
1111 A monomorphic instance of K.
1112 with types libcrux_ml_kem_types_MlKemCiphertext[[$1088size_t]],
1113 uint8_t[32size_t]
1114
1115 */
1116 typedef struct tuple_c2_s {
1117 libcrux_ml_kem_mlkem768_MlKem768Ciphertext fst;
1118 uint8_t snd[32U];
1119 } tuple_c2;
1120
1121 /**
1122 This function found in impl {core::convert::From<@Array<u8, SIZE>> for
1123 libcrux_ml_kem::types::MlKemCiphertext<SIZE>}
1124 */
1125 /**
1126 A monomorphic instance of libcrux_ml_kem.types.from_e0
1127 with const generics
1128 - SIZE= 1088
1129 */
1130 static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext
libcrux_ml_kem_types_from_e0_80(uint8_t value[1088U])1131 libcrux_ml_kem_types_from_e0_80(uint8_t value[1088U]) {
1132 /* Passing arrays by value in Rust generates a copy in C */
1133 uint8_t copy_of_value[1088U];
1134 memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t));
1135 libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit;
1136 memcpy(lit.value, copy_of_value, (size_t)1088U * sizeof(uint8_t));
1137 return lit;
1138 }
1139
1140 /**
1141 This function found in impl {libcrux_ml_kem::types::MlKemPublicKey<SIZE>}
1142 */
1143 /**
1144 A monomorphic instance of libcrux_ml_kem.types.as_slice_e6
1145 with const generics
1146 - SIZE= 1184
1147 */
libcrux_ml_kem_types_as_slice_e6_d0(libcrux_ml_kem_types_MlKemPublicKey_30 * self)1148 static inline uint8_t *libcrux_ml_kem_types_as_slice_e6_d0(
1149 libcrux_ml_kem_types_MlKemPublicKey_30 *self) {
1150 return self->value;
1151 }
1152
1153 /**
1154 This function found in impl {libcrux_ml_kem::types::MlKemCiphertext<SIZE>}
1155 */
1156 /**
1157 A monomorphic instance of libcrux_ml_kem.types.as_slice_a9
1158 with const generics
1159 - SIZE= 1088
1160 */
libcrux_ml_kem_types_as_slice_a9_80(libcrux_ml_kem_mlkem768_MlKem768Ciphertext * self)1161 static inline uint8_t *libcrux_ml_kem_types_as_slice_a9_80(
1162 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) {
1163 return self->value;
1164 }
1165
1166 /**
1167 A monomorphic instance of libcrux_ml_kem.utils.prf_input_inc
1168 with const generics
1169 - K= 3
1170 */
libcrux_ml_kem_utils_prf_input_inc_e0(uint8_t (* prf_inputs)[33U],uint8_t domain_separator)1171 static KRML_MUSTINLINE uint8_t libcrux_ml_kem_utils_prf_input_inc_e0(
1172 uint8_t (*prf_inputs)[33U], uint8_t domain_separator) {
1173 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
1174 size_t i0 = i;
1175 prf_inputs[i0][32U] = domain_separator;
1176 domain_separator = (uint32_t)domain_separator + 1U;
1177 }
1178 return domain_separator;
1179 }
1180
1181 /**
1182 Pad the `slice` with `0`s at the end.
1183 */
1184 /**
1185 A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
1186 with const generics
1187 - LEN= 33
1188 */
libcrux_ml_kem_utils_into_padded_array_c8(Eurydice_slice slice,uint8_t ret[33U])1189 static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_c8(
1190 Eurydice_slice slice, uint8_t ret[33U]) {
1191 uint8_t out[33U] = {0U};
1192 uint8_t *uu____0 = out;
1193 Eurydice_slice_copy(
1194 Eurydice_array_to_subslice3(
1195 uu____0, (size_t)0U, Eurydice_slice_len(slice, uint8_t), uint8_t *),
1196 slice, uint8_t);
1197 memcpy(ret, out, (size_t)33U * sizeof(uint8_t));
1198 }
1199
1200 /**
1201 Pad the `slice` with `0`s at the end.
1202 */
1203 /**
1204 A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
1205 with const generics
1206 - LEN= 34
1207 */
libcrux_ml_kem_utils_into_padded_array_b6(Eurydice_slice slice,uint8_t ret[34U])1208 static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_b6(
1209 Eurydice_slice slice, uint8_t ret[34U]) {
1210 uint8_t out[34U] = {0U};
1211 uint8_t *uu____0 = out;
1212 Eurydice_slice_copy(
1213 Eurydice_array_to_subslice3(
1214 uu____0, (size_t)0U, Eurydice_slice_len(slice, uint8_t), uint8_t *),
1215 slice, uint8_t);
1216 memcpy(ret, out, (size_t)34U * sizeof(uint8_t));
1217 }
1218
1219 /**
1220 This function found in impl {core::convert::AsRef<@Slice<u8>> for
1221 libcrux_ml_kem::types::MlKemCiphertext<SIZE>}
1222 */
1223 /**
1224 A monomorphic instance of libcrux_ml_kem.types.as_ref_d3
1225 with const generics
1226 - SIZE= 1088
1227 */
libcrux_ml_kem_types_as_ref_d3_80(libcrux_ml_kem_mlkem768_MlKem768Ciphertext * self)1228 static inline Eurydice_slice libcrux_ml_kem_types_as_ref_d3_80(
1229 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) {
1230 return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t);
1231 }
1232
1233 /**
1234 Pad the `slice` with `0`s at the end.
1235 */
1236 /**
1237 A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
1238 with const generics
1239 - LEN= 1120
1240 */
libcrux_ml_kem_utils_into_padded_array_15(Eurydice_slice slice,uint8_t ret[1120U])1241 static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_15(
1242 Eurydice_slice slice, uint8_t ret[1120U]) {
1243 uint8_t out[1120U] = {0U};
1244 uint8_t *uu____0 = out;
1245 Eurydice_slice_copy(
1246 Eurydice_array_to_subslice3(
1247 uu____0, (size_t)0U, Eurydice_slice_len(slice, uint8_t), uint8_t *),
1248 slice, uint8_t);
1249 memcpy(ret, out, (size_t)1120U * sizeof(uint8_t));
1250 }
1251
1252 /**
1253 Pad the `slice` with `0`s at the end.
1254 */
1255 /**
1256 A monomorphic instance of libcrux_ml_kem.utils.into_padded_array
1257 with const generics
1258 - LEN= 64
1259 */
libcrux_ml_kem_utils_into_padded_array_24(Eurydice_slice slice,uint8_t ret[64U])1260 static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_24(
1261 Eurydice_slice slice, uint8_t ret[64U]) {
1262 uint8_t out[64U] = {0U};
1263 uint8_t *uu____0 = out;
1264 Eurydice_slice_copy(
1265 Eurydice_array_to_subslice3(
1266 uu____0, (size_t)0U, Eurydice_slice_len(slice, uint8_t), uint8_t *),
1267 slice, uint8_t);
1268 memcpy(ret, out, (size_t)64U * sizeof(uint8_t));
1269 }
1270
1271 typedef struct Eurydice_slice_uint8_t_x4_s {
1272 Eurydice_slice fst;
1273 Eurydice_slice snd;
1274 Eurydice_slice thd;
1275 Eurydice_slice f3;
1276 } Eurydice_slice_uint8_t_x4;
1277
1278 typedef struct Eurydice_slice_uint8_t_x2_s {
1279 Eurydice_slice fst;
1280 Eurydice_slice snd;
1281 } Eurydice_slice_uint8_t_x2;
1282
1283 /**
1284 Unpack an incoming private key into it's different parts.
1285
1286 We have this here in types to extract into a common core for C.
1287 */
1288 /**
1289 A monomorphic instance of libcrux_ml_kem.types.unpack_private_key
1290 with const generics
1291 - CPA_SECRET_KEY_SIZE= 1152
1292 - PUBLIC_KEY_SIZE= 1184
1293 */
1294 static inline Eurydice_slice_uint8_t_x4
libcrux_ml_kem_types_unpack_private_key_b4(Eurydice_slice private_key)1295 libcrux_ml_kem_types_unpack_private_key_b4(Eurydice_slice private_key) {
1296 Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
1297 private_key, (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2);
1298 Eurydice_slice ind_cpa_secret_key = uu____0.fst;
1299 Eurydice_slice secret_key0 = uu____0.snd;
1300 Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
1301 secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2);
1302 Eurydice_slice ind_cpa_public_key = uu____1.fst;
1303 Eurydice_slice secret_key = uu____1.snd;
1304 Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at(
1305 secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
1306 Eurydice_slice_uint8_t_x2);
1307 Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
1308 Eurydice_slice implicit_rejection_value = uu____2.snd;
1309 return (
1310 KRML_CLITERAL(Eurydice_slice_uint8_t_x4){.fst = ind_cpa_secret_key,
1311 .snd = ind_cpa_public_key,
1312 .thd = ind_cpa_public_key_hash,
1313 .f3 = implicit_rejection_value});
1314 }
1315
1316 /**
1317 This function found in impl {libcrux_secrets::traits::Declassify<T> for T}
1318 */
1319 /**
1320 A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8
1321 with types uint8_t[24size_t]
1322
1323 */
1324 static KRML_MUSTINLINE void
libcrux_secrets_int_public_integers_declassify_d8_d2(uint8_t self[24U],uint8_t ret[24U])1325 libcrux_secrets_int_public_integers_declassify_d8_d2(uint8_t self[24U],
1326 uint8_t ret[24U]) {
1327 memcpy(ret, self, (size_t)24U * sizeof(uint8_t));
1328 }
1329
1330 /**
1331 This function found in impl {libcrux_secrets::traits::Declassify<T> for T}
1332 */
1333 /**
1334 A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8
1335 with types uint8_t[20size_t]
1336
1337 */
1338 static KRML_MUSTINLINE void
libcrux_secrets_int_public_integers_declassify_d8_57(uint8_t self[20U],uint8_t ret[20U])1339 libcrux_secrets_int_public_integers_declassify_d8_57(uint8_t self[20U],
1340 uint8_t ret[20U]) {
1341 memcpy(ret, self, (size_t)20U * sizeof(uint8_t));
1342 }
1343
1344 /**
1345 This function found in impl {libcrux_secrets::traits::Declassify<T> for T}
1346 */
1347 /**
1348 A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8
1349 with types uint8_t[8size_t]
1350
1351 */
1352 static KRML_MUSTINLINE void
libcrux_secrets_int_public_integers_declassify_d8_76(uint8_t self[8U],uint8_t ret[8U])1353 libcrux_secrets_int_public_integers_declassify_d8_76(uint8_t self[8U],
1354 uint8_t ret[8U]) {
1355 memcpy(ret, self, (size_t)8U * sizeof(uint8_t));
1356 }
1357
1358 /**
1359 This function found in impl {libcrux_secrets::traits::Declassify<T> for T}
1360 */
1361 /**
1362 A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8
1363 with types uint8_t[2size_t]
1364
1365 */
1366 static KRML_MUSTINLINE void
libcrux_secrets_int_public_integers_declassify_d8_d4(uint8_t self[2U],uint8_t ret[2U])1367 libcrux_secrets_int_public_integers_declassify_d8_d4(uint8_t self[2U],
1368 uint8_t ret[2U]) {
1369 memcpy(ret, self, (size_t)2U * sizeof(uint8_t));
1370 }
1371
1372 /**
1373 This function found in impl {libcrux_secrets::traits::Classify<T> for T}
1374 */
1375 /**
1376 A monomorphic instance of libcrux_secrets.int.public_integers.classify_27
1377 with types int16_t[16size_t]
1378
1379 */
libcrux_secrets_int_public_integers_classify_27_46(int16_t self[16U],int16_t ret[16U])1380 static KRML_MUSTINLINE void libcrux_secrets_int_public_integers_classify_27_46(
1381 int16_t self[16U], int16_t ret[16U]) {
1382 memcpy(ret, self, (size_t)16U * sizeof(int16_t));
1383 }
1384
1385 /**
1386 This function found in impl {libcrux_secrets::traits::ClassifyRef<&'a
1387 (@Slice<T>)> for &'a (@Slice<T>)}
1388 */
1389 /**
1390 A monomorphic instance of libcrux_secrets.int.classify_public.classify_ref_9b
1391 with types uint8_t
1392
1393 */
1394 static KRML_MUSTINLINE Eurydice_slice
libcrux_secrets_int_classify_public_classify_ref_9b_90(Eurydice_slice self)1395 libcrux_secrets_int_classify_public_classify_ref_9b_90(Eurydice_slice self) {
1396 return self;
1397 }
1398
1399 /**
1400 This function found in impl {libcrux_secrets::traits::ClassifyRef<&'a
1401 (@Slice<T>)> for &'a (@Slice<T>)}
1402 */
1403 /**
1404 A monomorphic instance of libcrux_secrets.int.classify_public.classify_ref_9b
1405 with types int16_t
1406
1407 */
1408 static KRML_MUSTINLINE Eurydice_slice
libcrux_secrets_int_classify_public_classify_ref_9b_39(Eurydice_slice self)1409 libcrux_secrets_int_classify_public_classify_ref_9b_39(Eurydice_slice self) {
1410 return self;
1411 }
1412
1413 /**
1414 A monomorphic instance of core.result.Result
1415 with types int16_t[16size_t], core_array_TryFromSliceError
1416
1417 */
1418 typedef struct Result_0a_s {
1419 Result_b2_tags tag;
1420 union {
1421 int16_t case_Ok[16U];
1422 TryFromSliceError case_Err;
1423 } val;
1424 } Result_0a;
1425
1426 /**
1427 This function found in impl {core::result::Result<T, E>[TraitClause@0,
1428 TraitClause@1]}
1429 */
1430 /**
1431 A monomorphic instance of core.result.unwrap_26
1432 with types int16_t[16size_t], core_array_TryFromSliceError
1433
1434 */
unwrap_26_00(Result_0a self,int16_t ret[16U])1435 static inline void unwrap_26_00(Result_0a self, int16_t ret[16U]) {
1436 if (self.tag == Ok) {
1437 int16_t f0[16U];
1438 memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t));
1439 memcpy(ret, f0, (size_t)16U * sizeof(int16_t));
1440 } else {
1441 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
1442 "unwrap not Ok");
1443 KRML_HOST_EXIT(255U);
1444 }
1445 }
1446
1447 /**
1448 A monomorphic instance of core.result.Result
1449 with types uint8_t[8size_t], core_array_TryFromSliceError
1450
1451 */
1452 typedef struct Result_15_s {
1453 Result_b2_tags tag;
1454 union {
1455 uint8_t case_Ok[8U];
1456 TryFromSliceError case_Err;
1457 } val;
1458 } Result_15;
1459
1460 /**
1461 This function found in impl {core::result::Result<T, E>[TraitClause@0,
1462 TraitClause@1]}
1463 */
1464 /**
1465 A monomorphic instance of core.result.unwrap_26
1466 with types uint8_t[8size_t], core_array_TryFromSliceError
1467
1468 */
unwrap_26_68(Result_15 self,uint8_t ret[8U])1469 static inline void unwrap_26_68(Result_15 self, uint8_t ret[8U]) {
1470 if (self.tag == Ok) {
1471 uint8_t f0[8U];
1472 memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t));
1473 memcpy(ret, f0, (size_t)8U * sizeof(uint8_t));
1474 } else {
1475 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
1476 "unwrap not Ok");
1477 KRML_HOST_EXIT(255U);
1478 }
1479 }
1480
1481 #if defined(__cplusplus)
1482 }
1483 #endif
1484
1485 #define libcrux_mlkem_core_H_DEFINED
1486 #endif /* libcrux_mlkem_core_H */
1487
1488 /* from libcrux/libcrux-ml-kem/extracts/c_header_only/generated/libcrux_ct_ops.h */
1489 /*
1490 * SPDX-FileCopyrightText: 2025 Cryspen Sarl <info@cryspen.com>
1491 *
1492 * SPDX-License-Identifier: MIT or Apache-2.0
1493 *
1494 * This code was generated with the following revisions:
1495 * Charon: 667d2fc98984ff7f3df989c2367e6c1fa4a000e7
1496 * Eurydice: 2381cbc416ef2ad0b561c362c500bc84f36b6785
1497 * Karamel: 80f5435f2fc505973c469a4afcc8d875cddd0d8b
1498 * F*: 71d8221589d4d438af3706d89cb653cf53e18aab
1499 * Libcrux: 68dfed5a4a9e40277f62828471c029afed1ecdcc
1500 */
1501
1502 #ifndef libcrux_ct_ops_H
1503 #define libcrux_ct_ops_H
1504
1505
1506 #if defined(__cplusplus)
1507 extern "C" {
1508 #endif
1509
1510
1511 /**
1512 Return 1 if `value` is not zero and 0 otherwise.
1513 */
1514 static KRML_NOINLINE uint8_t
libcrux_ml_kem_constant_time_ops_inz(uint8_t value)1515 libcrux_ml_kem_constant_time_ops_inz(uint8_t value) {
1516 uint16_t value0 = (uint16_t)value;
1517 uint8_t result =
1518 (uint8_t)((uint32_t)core_num__u16__wrapping_add(~value0, 1U) >> 8U);
1519 return (uint32_t)result & 1U;
1520 }
1521
1522 static KRML_NOINLINE uint8_t
libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value)1523 libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value) {
1524 return libcrux_ml_kem_constant_time_ops_inz(value);
1525 }
1526
1527 /**
1528 Return 1 if the bytes of `lhs` and `rhs` do not exactly
1529 match and 0 otherwise.
1530 */
libcrux_ml_kem_constant_time_ops_compare(Eurydice_slice lhs,Eurydice_slice rhs)1531 static KRML_NOINLINE uint8_t libcrux_ml_kem_constant_time_ops_compare(
1532 Eurydice_slice lhs, Eurydice_slice rhs) {
1533 uint8_t r = 0U;
1534 for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t); i++) {
1535 size_t i0 = i;
1536 uint8_t nr = (uint32_t)r |
1537 ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) ^
1538 (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *));
1539 r = nr;
1540 }
1541 return libcrux_ml_kem_constant_time_ops_is_non_zero(r);
1542 }
1543
1544 static KRML_NOINLINE uint8_t
libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time(Eurydice_slice lhs,Eurydice_slice rhs)1545 libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time(
1546 Eurydice_slice lhs, Eurydice_slice rhs) {
1547 return libcrux_ml_kem_constant_time_ops_compare(lhs, rhs);
1548 }
1549
1550 /**
1551 If `selector` is not zero, return the bytes in `rhs`; return the bytes in
1552 `lhs` otherwise.
1553 */
libcrux_ml_kem_constant_time_ops_select_ct(Eurydice_slice lhs,Eurydice_slice rhs,uint8_t selector,uint8_t ret[32U])1554 static KRML_NOINLINE void libcrux_ml_kem_constant_time_ops_select_ct(
1555 Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector,
1556 uint8_t ret[32U]) {
1557 uint8_t mask = core_num__u8__wrapping_sub(
1558 libcrux_ml_kem_constant_time_ops_is_non_zero(selector), 1U);
1559 uint8_t out[32U] = {0U};
1560 for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE;
1561 i++) {
1562 size_t i0 = i;
1563 uint8_t outi =
1564 ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) &
1565 (uint32_t)mask) |
1566 ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *) &
1567 (uint32_t)~mask);
1568 out[i0] = outi;
1569 }
1570 memcpy(ret, out, (size_t)32U * sizeof(uint8_t));
1571 }
1572
1573 static KRML_NOINLINE void
libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(Eurydice_slice lhs,Eurydice_slice rhs,uint8_t selector,uint8_t ret[32U])1574 libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(
1575 Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector,
1576 uint8_t ret[32U]) {
1577 libcrux_ml_kem_constant_time_ops_select_ct(lhs, rhs, selector, ret);
1578 }
1579
1580 static KRML_NOINLINE void
libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(Eurydice_slice lhs_c,Eurydice_slice rhs_c,Eurydice_slice lhs_s,Eurydice_slice rhs_s,uint8_t ret[32U])1581 libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
1582 Eurydice_slice lhs_c, Eurydice_slice rhs_c, Eurydice_slice lhs_s,
1583 Eurydice_slice rhs_s, uint8_t ret[32U]) {
1584 uint8_t selector =
1585 libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time(
1586 lhs_c, rhs_c);
1587 uint8_t ret0[32U];
1588 libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(
1589 lhs_s, rhs_s, selector, ret0);
1590 memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
1591 }
1592
1593 #if defined(__cplusplus)
1594 }
1595 #endif
1596
1597 #define libcrux_ct_ops_H_DEFINED
1598 #endif /* libcrux_ct_ops_H */
1599
1600 /* from libcrux/libcrux-ml-kem/extracts/c_header_only/generated/libcrux_sha3_portable.h */
1601 /*
1602 * SPDX-FileCopyrightText: 2025 Cryspen Sarl <info@cryspen.com>
1603 *
1604 * SPDX-License-Identifier: MIT or Apache-2.0
1605 *
1606 * This code was generated with the following revisions:
1607 * Charon: 667d2fc98984ff7f3df989c2367e6c1fa4a000e7
1608 * Eurydice: 2381cbc416ef2ad0b561c362c500bc84f36b6785
1609 * Karamel: 80f5435f2fc505973c469a4afcc8d875cddd0d8b
1610 * F*: 71d8221589d4d438af3706d89cb653cf53e18aab
1611 * Libcrux: 68dfed5a4a9e40277f62828471c029afed1ecdcc
1612 */
1613
1614 #ifndef libcrux_sha3_portable_H
1615 #define libcrux_sha3_portable_H
1616
1617
1618 #if defined(__cplusplus)
1619 extern "C" {
1620 #endif
1621
1622
1623 /**
1624 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
1625 */
libcrux_sha3_simd_portable_zero_d2(void)1626 static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_zero_d2(void) {
1627 return 0ULL;
1628 }
1629
libcrux_sha3_simd_portable__veor5q_u64(uint64_t a,uint64_t b,uint64_t c,uint64_t d,uint64_t e)1630 static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__veor5q_u64(
1631 uint64_t a, uint64_t b, uint64_t c, uint64_t d, uint64_t e) {
1632 return (((a ^ b) ^ c) ^ d) ^ e;
1633 }
1634
1635 /**
1636 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
1637 */
libcrux_sha3_simd_portable_xor5_d2(uint64_t a,uint64_t b,uint64_t c,uint64_t d,uint64_t e)1638 static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor5_d2(
1639 uint64_t a, uint64_t b, uint64_t c, uint64_t d, uint64_t e) {
1640 return libcrux_sha3_simd_portable__veor5q_u64(a, b, c, d, e);
1641 }
1642
1643 /**
1644 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left
1645 with const generics
1646 - LEFT= 1
1647 - RIGHT= 63
1648 */
1649 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_rotate_left_76(uint64_t x)1650 libcrux_sha3_simd_portable_rotate_left_76(uint64_t x) {
1651 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)1);
1652 }
1653
1654 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable__vrax1q_u64(uint64_t a,uint64_t b)1655 libcrux_sha3_simd_portable__vrax1q_u64(uint64_t a, uint64_t b) {
1656 uint64_t uu____0 = a;
1657 return uu____0 ^ libcrux_sha3_simd_portable_rotate_left_76(b);
1658 }
1659
1660 /**
1661 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
1662 */
1663 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_rotate_left1_and_xor_d2(uint64_t a,uint64_t b)1664 libcrux_sha3_simd_portable_rotate_left1_and_xor_d2(uint64_t a, uint64_t b) {
1665 return libcrux_sha3_simd_portable__vrax1q_u64(a, b);
1666 }
1667
1668 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable__vbcaxq_u64(uint64_t a,uint64_t b,uint64_t c)1669 libcrux_sha3_simd_portable__vbcaxq_u64(uint64_t a, uint64_t b, uint64_t c) {
1670 return a ^ (b & ~c);
1671 }
1672
1673 /**
1674 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
1675 */
1676 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_and_not_xor_d2(uint64_t a,uint64_t b,uint64_t c)1677 libcrux_sha3_simd_portable_and_not_xor_d2(uint64_t a, uint64_t b, uint64_t c) {
1678 return libcrux_sha3_simd_portable__vbcaxq_u64(a, b, c);
1679 }
1680
1681 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable__veorq_n_u64(uint64_t a,uint64_t c)1682 libcrux_sha3_simd_portable__veorq_n_u64(uint64_t a, uint64_t c) {
1683 return a ^ c;
1684 }
1685
1686 /**
1687 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
1688 */
1689 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_xor_constant_d2(uint64_t a,uint64_t c)1690 libcrux_sha3_simd_portable_xor_constant_d2(uint64_t a, uint64_t c) {
1691 return libcrux_sha3_simd_portable__veorq_n_u64(a, c);
1692 }
1693
1694 /**
1695 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
1696 */
libcrux_sha3_simd_portable_xor_d2(uint64_t a,uint64_t b)1697 static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_d2(uint64_t a,
1698 uint64_t b) {
1699 return a ^ b;
1700 }
1701
1702 static const uint64_t
1703 libcrux_sha3_generic_keccak_constants_ROUNDCONSTANTS[24U] = {
1704 1ULL,
1705 32898ULL,
1706 9223372036854808714ULL,
1707 9223372039002292224ULL,
1708 32907ULL,
1709 2147483649ULL,
1710 9223372039002292353ULL,
1711 9223372036854808585ULL,
1712 138ULL,
1713 136ULL,
1714 2147516425ULL,
1715 2147483658ULL,
1716 2147516555ULL,
1717 9223372036854775947ULL,
1718 9223372036854808713ULL,
1719 9223372036854808579ULL,
1720 9223372036854808578ULL,
1721 9223372036854775936ULL,
1722 32778ULL,
1723 9223372039002259466ULL,
1724 9223372039002292353ULL,
1725 9223372036854808704ULL,
1726 2147483649ULL,
1727 9223372039002292232ULL};
1728
1729 typedef struct size_t_x2_s {
1730 size_t fst;
1731 size_t snd;
1732 } size_t_x2;
1733
1734 /**
1735 A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState
1736 with types uint64_t
1737 with const generics
1738 - $1size_t
1739 */
1740 typedef struct libcrux_sha3_generic_keccak_KeccakState_17_s {
1741 uint64_t st[25U];
1742 } libcrux_sha3_generic_keccak_KeccakState_17;
1743
1744 /**
1745 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T,
1746 N>[TraitClause@0, TraitClause@1]}
1747 */
1748 /**
1749 A monomorphic instance of libcrux_sha3.generic_keccak.new_80
1750 with types uint64_t
1751 with const generics
1752 - N= 1
1753 */
1754 static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_17
libcrux_sha3_generic_keccak_new_80_04(void)1755 libcrux_sha3_generic_keccak_new_80_04(void) {
1756 libcrux_sha3_generic_keccak_KeccakState_17 lit;
1757 uint64_t repeat_expression[25U];
1758 for (size_t i = (size_t)0U; i < (size_t)25U; i++) {
1759 repeat_expression[i] = libcrux_sha3_simd_portable_zero_d2();
1760 }
1761 memcpy(lit.st, repeat_expression, (size_t)25U * sizeof(uint64_t));
1762 return lit;
1763 }
1764
1765 /**
1766 A monomorphic instance of libcrux_sha3.traits.get_ij
1767 with types uint64_t
1768 with const generics
1769 - N= 1
1770 */
libcrux_sha3_traits_get_ij_04(uint64_t * arr,size_t i,size_t j)1771 static KRML_MUSTINLINE uint64_t *libcrux_sha3_traits_get_ij_04(uint64_t *arr,
1772 size_t i,
1773 size_t j) {
1774 return &arr[(size_t)5U * j + i];
1775 }
1776
1777 /**
1778 A monomorphic instance of libcrux_sha3.traits.set_ij
1779 with types uint64_t
1780 with const generics
1781 - N= 1
1782 */
libcrux_sha3_traits_set_ij_04(uint64_t * arr,size_t i,size_t j,uint64_t value)1783 static KRML_MUSTINLINE void libcrux_sha3_traits_set_ij_04(uint64_t *arr,
1784 size_t i, size_t j,
1785 uint64_t value) {
1786 arr[(size_t)5U * j + i] = value;
1787 }
1788
1789 /**
1790 A monomorphic instance of libcrux_sha3.simd.portable.load_block
1791 with const generics
1792 - RATE= 72
1793 */
libcrux_sha3_simd_portable_load_block_f8(uint64_t * state,Eurydice_slice blocks,size_t start)1794 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_block_f8(
1795 uint64_t *state, Eurydice_slice blocks, size_t start) {
1796 uint64_t state_flat[25U] = {0U};
1797 for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) {
1798 size_t i0 = i;
1799 size_t offset = start + (size_t)8U * i0;
1800 uint8_t uu____0[8U];
1801 Result_15 dst;
1802 Eurydice_slice_to_array2(
1803 &dst,
1804 Eurydice_slice_subslice3(blocks, offset, offset + (size_t)8U,
1805 uint8_t *),
1806 Eurydice_slice, uint8_t[8U], TryFromSliceError);
1807 unwrap_26_68(dst, uu____0);
1808 state_flat[i0] = core_num__u64__from_le_bytes(uu____0);
1809 }
1810 for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) {
1811 size_t i0 = i;
1812 libcrux_sha3_traits_set_ij_04(
1813 state, i0 / (size_t)5U, i0 % (size_t)5U,
1814 libcrux_sha3_traits_get_ij_04(state, i0 / (size_t)5U,
1815 i0 % (size_t)5U)[0U] ^
1816 state_flat[i0]);
1817 }
1818 }
1819
1820 /**
1821 This function found in impl {libcrux_sha3::traits::Absorb<1usize> for
1822 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>,
1823 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for
1824 u64}]}
1825 */
1826 /**
1827 A monomorphic instance of libcrux_sha3.simd.portable.load_block_a1
1828 with const generics
1829 - RATE= 72
1830 */
libcrux_sha3_simd_portable_load_block_a1_f8(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice * input,size_t start)1831 static inline void libcrux_sha3_simd_portable_load_block_a1_f8(
1832 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input,
1833 size_t start) {
1834 libcrux_sha3_simd_portable_load_block_f8(self->st, input[0U], start);
1835 }
1836
1837 /**
1838 This function found in impl {core::ops::index::Index<(usize, usize), T> for
1839 libcrux_sha3::generic_keccak::KeccakState<T, N>[TraitClause@0, TraitClause@1]}
1840 */
1841 /**
1842 A monomorphic instance of libcrux_sha3.generic_keccak.index_c2
1843 with types uint64_t
1844 with const generics
1845 - N= 1
1846 */
libcrux_sha3_generic_keccak_index_c2_04(libcrux_sha3_generic_keccak_KeccakState_17 * self,size_t_x2 index)1847 static inline uint64_t *libcrux_sha3_generic_keccak_index_c2_04(
1848 libcrux_sha3_generic_keccak_KeccakState_17 *self, size_t_x2 index) {
1849 return libcrux_sha3_traits_get_ij_04(self->st, index.fst, index.snd);
1850 }
1851
1852 /**
1853 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T,
1854 N>[TraitClause@0, TraitClause@1]}
1855 */
1856 /**
1857 A monomorphic instance of libcrux_sha3.generic_keccak.theta_80
1858 with types uint64_t
1859 with const generics
1860 - N= 1
1861 */
libcrux_sha3_generic_keccak_theta_80_04(libcrux_sha3_generic_keccak_KeccakState_17 * self,uint64_t ret[5U])1862 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_80_04(
1863 libcrux_sha3_generic_keccak_KeccakState_17 *self, uint64_t ret[5U]) {
1864 uint64_t c[5U] = {
1865 libcrux_sha3_simd_portable_xor5_d2(
1866 libcrux_sha3_generic_keccak_index_c2_04(
1867 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U,
1868 .snd = (size_t)0U}))[0U],
1869 libcrux_sha3_generic_keccak_index_c2_04(
1870 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U,
1871 .snd = (size_t)0U}))[0U],
1872 libcrux_sha3_generic_keccak_index_c2_04(
1873 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U,
1874 .snd = (size_t)0U}))[0U],
1875 libcrux_sha3_generic_keccak_index_c2_04(
1876 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U,
1877 .snd = (size_t)0U}))[0U],
1878 libcrux_sha3_generic_keccak_index_c2_04(
1879 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U,
1880 .snd = (size_t)0U}))[0U]),
1881 libcrux_sha3_simd_portable_xor5_d2(
1882 libcrux_sha3_generic_keccak_index_c2_04(
1883 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U,
1884 .snd = (size_t)1U}))[0U],
1885 libcrux_sha3_generic_keccak_index_c2_04(
1886 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U,
1887 .snd = (size_t)1U}))[0U],
1888 libcrux_sha3_generic_keccak_index_c2_04(
1889 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U,
1890 .snd = (size_t)1U}))[0U],
1891 libcrux_sha3_generic_keccak_index_c2_04(
1892 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U,
1893 .snd = (size_t)1U}))[0U],
1894 libcrux_sha3_generic_keccak_index_c2_04(
1895 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U,
1896 .snd = (size_t)1U}))[0U]),
1897 libcrux_sha3_simd_portable_xor5_d2(
1898 libcrux_sha3_generic_keccak_index_c2_04(
1899 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U,
1900 .snd = (size_t)2U}))[0U],
1901 libcrux_sha3_generic_keccak_index_c2_04(
1902 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U,
1903 .snd = (size_t)2U}))[0U],
1904 libcrux_sha3_generic_keccak_index_c2_04(
1905 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U,
1906 .snd = (size_t)2U}))[0U],
1907 libcrux_sha3_generic_keccak_index_c2_04(
1908 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U,
1909 .snd = (size_t)2U}))[0U],
1910 libcrux_sha3_generic_keccak_index_c2_04(
1911 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U,
1912 .snd = (size_t)2U}))[0U]),
1913 libcrux_sha3_simd_portable_xor5_d2(
1914 libcrux_sha3_generic_keccak_index_c2_04(
1915 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U,
1916 .snd = (size_t)3U}))[0U],
1917 libcrux_sha3_generic_keccak_index_c2_04(
1918 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U,
1919 .snd = (size_t)3U}))[0U],
1920 libcrux_sha3_generic_keccak_index_c2_04(
1921 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U,
1922 .snd = (size_t)3U}))[0U],
1923 libcrux_sha3_generic_keccak_index_c2_04(
1924 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U,
1925 .snd = (size_t)3U}))[0U],
1926 libcrux_sha3_generic_keccak_index_c2_04(
1927 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U,
1928 .snd = (size_t)3U}))[0U]),
1929 libcrux_sha3_simd_portable_xor5_d2(
1930 libcrux_sha3_generic_keccak_index_c2_04(
1931 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U,
1932 .snd = (size_t)4U}))[0U],
1933 libcrux_sha3_generic_keccak_index_c2_04(
1934 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U,
1935 .snd = (size_t)4U}))[0U],
1936 libcrux_sha3_generic_keccak_index_c2_04(
1937 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U,
1938 .snd = (size_t)4U}))[0U],
1939 libcrux_sha3_generic_keccak_index_c2_04(
1940 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U,
1941 .snd = (size_t)4U}))[0U],
1942 libcrux_sha3_generic_keccak_index_c2_04(
1943 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U,
1944 .snd = (size_t)4U}))[0U])};
1945 uint64_t uu____0 = libcrux_sha3_simd_portable_rotate_left1_and_xor_d2(
1946 c[((size_t)0U + (size_t)4U) % (size_t)5U],
1947 c[((size_t)0U + (size_t)1U) % (size_t)5U]);
1948 uint64_t uu____1 = libcrux_sha3_simd_portable_rotate_left1_and_xor_d2(
1949 c[((size_t)1U + (size_t)4U) % (size_t)5U],
1950 c[((size_t)1U + (size_t)1U) % (size_t)5U]);
1951 uint64_t uu____2 = libcrux_sha3_simd_portable_rotate_left1_and_xor_d2(
1952 c[((size_t)2U + (size_t)4U) % (size_t)5U],
1953 c[((size_t)2U + (size_t)1U) % (size_t)5U]);
1954 uint64_t uu____3 = libcrux_sha3_simd_portable_rotate_left1_and_xor_d2(
1955 c[((size_t)3U + (size_t)4U) % (size_t)5U],
1956 c[((size_t)3U + (size_t)1U) % (size_t)5U]);
1957 ret[0U] = uu____0;
1958 ret[1U] = uu____1;
1959 ret[2U] = uu____2;
1960 ret[3U] = uu____3;
1961 ret[4U] = libcrux_sha3_simd_portable_rotate_left1_and_xor_d2(
1962 c[((size_t)4U + (size_t)4U) % (size_t)5U],
1963 c[((size_t)4U + (size_t)1U) % (size_t)5U]);
1964 }
1965
1966 /**
1967 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T,
1968 N>[TraitClause@0, TraitClause@1]}
1969 */
1970 /**
1971 A monomorphic instance of libcrux_sha3.generic_keccak.set_80
1972 with types uint64_t
1973 with const generics
1974 - N= 1
1975 */
libcrux_sha3_generic_keccak_set_80_04(libcrux_sha3_generic_keccak_KeccakState_17 * self,size_t i,size_t j,uint64_t v)1976 static inline void libcrux_sha3_generic_keccak_set_80_04(
1977 libcrux_sha3_generic_keccak_KeccakState_17 *self, size_t i, size_t j,
1978 uint64_t v) {
1979 libcrux_sha3_traits_set_ij_04(self->st, i, j, v);
1980 }
1981
1982 /**
1983 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left
1984 with const generics
1985 - LEFT= 36
1986 - RIGHT= 28
1987 */
1988 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_rotate_left_02(uint64_t x)1989 libcrux_sha3_simd_portable_rotate_left_02(uint64_t x) {
1990 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)36);
1991 }
1992
1993 /**
1994 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64
1995 with const generics
1996 - LEFT= 36
1997 - RIGHT= 28
1998 */
1999 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable__vxarq_u64_02(uint64_t a,uint64_t b)2000 libcrux_sha3_simd_portable__vxarq_u64_02(uint64_t a, uint64_t b) {
2001 return libcrux_sha3_simd_portable_rotate_left_02(a ^ b);
2002 }
2003
2004 /**
2005 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
2006 */
2007 /**
2008 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2
2009 with const generics
2010 - LEFT= 36
2011 - RIGHT= 28
2012 */
2013 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_xor_and_rotate_d2_02(uint64_t a,uint64_t b)2014 libcrux_sha3_simd_portable_xor_and_rotate_d2_02(uint64_t a, uint64_t b) {
2015 return libcrux_sha3_simd_portable__vxarq_u64_02(a, b);
2016 }
2017
2018 /**
2019 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left
2020 with const generics
2021 - LEFT= 3
2022 - RIGHT= 61
2023 */
2024 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_rotate_left_ac(uint64_t x)2025 libcrux_sha3_simd_portable_rotate_left_ac(uint64_t x) {
2026 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)3);
2027 }
2028
2029 /**
2030 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64
2031 with const generics
2032 - LEFT= 3
2033 - RIGHT= 61
2034 */
2035 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable__vxarq_u64_ac(uint64_t a,uint64_t b)2036 libcrux_sha3_simd_portable__vxarq_u64_ac(uint64_t a, uint64_t b) {
2037 return libcrux_sha3_simd_portable_rotate_left_ac(a ^ b);
2038 }
2039
2040 /**
2041 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
2042 */
2043 /**
2044 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2
2045 with const generics
2046 - LEFT= 3
2047 - RIGHT= 61
2048 */
2049 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_xor_and_rotate_d2_ac(uint64_t a,uint64_t b)2050 libcrux_sha3_simd_portable_xor_and_rotate_d2_ac(uint64_t a, uint64_t b) {
2051 return libcrux_sha3_simd_portable__vxarq_u64_ac(a, b);
2052 }
2053
2054 /**
2055 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left
2056 with const generics
2057 - LEFT= 41
2058 - RIGHT= 23
2059 */
2060 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_rotate_left_020(uint64_t x)2061 libcrux_sha3_simd_portable_rotate_left_020(uint64_t x) {
2062 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)41);
2063 }
2064
2065 /**
2066 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64
2067 with const generics
2068 - LEFT= 41
2069 - RIGHT= 23
2070 */
2071 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable__vxarq_u64_020(uint64_t a,uint64_t b)2072 libcrux_sha3_simd_portable__vxarq_u64_020(uint64_t a, uint64_t b) {
2073 return libcrux_sha3_simd_portable_rotate_left_020(a ^ b);
2074 }
2075
2076 /**
2077 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
2078 */
2079 /**
2080 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2
2081 with const generics
2082 - LEFT= 41
2083 - RIGHT= 23
2084 */
2085 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_xor_and_rotate_d2_020(uint64_t a,uint64_t b)2086 libcrux_sha3_simd_portable_xor_and_rotate_d2_020(uint64_t a, uint64_t b) {
2087 return libcrux_sha3_simd_portable__vxarq_u64_020(a, b);
2088 }
2089
2090 /**
2091 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left
2092 with const generics
2093 - LEFT= 18
2094 - RIGHT= 46
2095 */
2096 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_rotate_left_a9(uint64_t x)2097 libcrux_sha3_simd_portable_rotate_left_a9(uint64_t x) {
2098 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)18);
2099 }
2100
2101 /**
2102 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64
2103 with const generics
2104 - LEFT= 18
2105 - RIGHT= 46
2106 */
2107 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable__vxarq_u64_a9(uint64_t a,uint64_t b)2108 libcrux_sha3_simd_portable__vxarq_u64_a9(uint64_t a, uint64_t b) {
2109 return libcrux_sha3_simd_portable_rotate_left_a9(a ^ b);
2110 }
2111
2112 /**
2113 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
2114 */
2115 /**
2116 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2
2117 with const generics
2118 - LEFT= 18
2119 - RIGHT= 46
2120 */
2121 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_xor_and_rotate_d2_a9(uint64_t a,uint64_t b)2122 libcrux_sha3_simd_portable_xor_and_rotate_d2_a9(uint64_t a, uint64_t b) {
2123 return libcrux_sha3_simd_portable__vxarq_u64_a9(a, b);
2124 }
2125
2126 /**
2127 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64
2128 with const generics
2129 - LEFT= 1
2130 - RIGHT= 63
2131 */
2132 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable__vxarq_u64_76(uint64_t a,uint64_t b)2133 libcrux_sha3_simd_portable__vxarq_u64_76(uint64_t a, uint64_t b) {
2134 return libcrux_sha3_simd_portable_rotate_left_76(a ^ b);
2135 }
2136
2137 /**
2138 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
2139 */
2140 /**
2141 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2
2142 with const generics
2143 - LEFT= 1
2144 - RIGHT= 63
2145 */
2146 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_xor_and_rotate_d2_76(uint64_t a,uint64_t b)2147 libcrux_sha3_simd_portable_xor_and_rotate_d2_76(uint64_t a, uint64_t b) {
2148 return libcrux_sha3_simd_portable__vxarq_u64_76(a, b);
2149 }
2150
2151 /**
2152 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left
2153 with const generics
2154 - LEFT= 44
2155 - RIGHT= 20
2156 */
2157 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_rotate_left_58(uint64_t x)2158 libcrux_sha3_simd_portable_rotate_left_58(uint64_t x) {
2159 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)44);
2160 }
2161
2162 /**
2163 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64
2164 with const generics
2165 - LEFT= 44
2166 - RIGHT= 20
2167 */
2168 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable__vxarq_u64_58(uint64_t a,uint64_t b)2169 libcrux_sha3_simd_portable__vxarq_u64_58(uint64_t a, uint64_t b) {
2170 return libcrux_sha3_simd_portable_rotate_left_58(a ^ b);
2171 }
2172
2173 /**
2174 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
2175 */
2176 /**
2177 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2
2178 with const generics
2179 - LEFT= 44
2180 - RIGHT= 20
2181 */
2182 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_xor_and_rotate_d2_58(uint64_t a,uint64_t b)2183 libcrux_sha3_simd_portable_xor_and_rotate_d2_58(uint64_t a, uint64_t b) {
2184 return libcrux_sha3_simd_portable__vxarq_u64_58(a, b);
2185 }
2186
2187 /**
2188 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left
2189 with const generics
2190 - LEFT= 10
2191 - RIGHT= 54
2192 */
2193 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_rotate_left_e0(uint64_t x)2194 libcrux_sha3_simd_portable_rotate_left_e0(uint64_t x) {
2195 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)10);
2196 }
2197
2198 /**
2199 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64
2200 with const generics
2201 - LEFT= 10
2202 - RIGHT= 54
2203 */
2204 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable__vxarq_u64_e0(uint64_t a,uint64_t b)2205 libcrux_sha3_simd_portable__vxarq_u64_e0(uint64_t a, uint64_t b) {
2206 return libcrux_sha3_simd_portable_rotate_left_e0(a ^ b);
2207 }
2208
2209 /**
2210 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
2211 */
2212 /**
2213 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2
2214 with const generics
2215 - LEFT= 10
2216 - RIGHT= 54
2217 */
2218 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_xor_and_rotate_d2_e0(uint64_t a,uint64_t b)2219 libcrux_sha3_simd_portable_xor_and_rotate_d2_e0(uint64_t a, uint64_t b) {
2220 return libcrux_sha3_simd_portable__vxarq_u64_e0(a, b);
2221 }
2222
2223 /**
2224 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left
2225 with const generics
2226 - LEFT= 45
2227 - RIGHT= 19
2228 */
2229 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_rotate_left_63(uint64_t x)2230 libcrux_sha3_simd_portable_rotate_left_63(uint64_t x) {
2231 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)45);
2232 }
2233
2234 /**
2235 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64
2236 with const generics
2237 - LEFT= 45
2238 - RIGHT= 19
2239 */
2240 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable__vxarq_u64_63(uint64_t a,uint64_t b)2241 libcrux_sha3_simd_portable__vxarq_u64_63(uint64_t a, uint64_t b) {
2242 return libcrux_sha3_simd_portable_rotate_left_63(a ^ b);
2243 }
2244
2245 /**
2246 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
2247 */
2248 /**
2249 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2
2250 with const generics
2251 - LEFT= 45
2252 - RIGHT= 19
2253 */
2254 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_xor_and_rotate_d2_63(uint64_t a,uint64_t b)2255 libcrux_sha3_simd_portable_xor_and_rotate_d2_63(uint64_t a, uint64_t b) {
2256 return libcrux_sha3_simd_portable__vxarq_u64_63(a, b);
2257 }
2258
2259 /**
2260 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left
2261 with const generics
2262 - LEFT= 2
2263 - RIGHT= 62
2264 */
2265 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_rotate_left_6a(uint64_t x)2266 libcrux_sha3_simd_portable_rotate_left_6a(uint64_t x) {
2267 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)2);
2268 }
2269
2270 /**
2271 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64
2272 with const generics
2273 - LEFT= 2
2274 - RIGHT= 62
2275 */
2276 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable__vxarq_u64_6a(uint64_t a,uint64_t b)2277 libcrux_sha3_simd_portable__vxarq_u64_6a(uint64_t a, uint64_t b) {
2278 return libcrux_sha3_simd_portable_rotate_left_6a(a ^ b);
2279 }
2280
2281 /**
2282 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
2283 */
2284 /**
2285 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2
2286 with const generics
2287 - LEFT= 2
2288 - RIGHT= 62
2289 */
2290 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_xor_and_rotate_d2_6a(uint64_t a,uint64_t b)2291 libcrux_sha3_simd_portable_xor_and_rotate_d2_6a(uint64_t a, uint64_t b) {
2292 return libcrux_sha3_simd_portable__vxarq_u64_6a(a, b);
2293 }
2294
2295 /**
2296 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left
2297 with const generics
2298 - LEFT= 62
2299 - RIGHT= 2
2300 */
2301 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_rotate_left_ab(uint64_t x)2302 libcrux_sha3_simd_portable_rotate_left_ab(uint64_t x) {
2303 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)62);
2304 }
2305
2306 /**
2307 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64
2308 with const generics
2309 - LEFT= 62
2310 - RIGHT= 2
2311 */
2312 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable__vxarq_u64_ab(uint64_t a,uint64_t b)2313 libcrux_sha3_simd_portable__vxarq_u64_ab(uint64_t a, uint64_t b) {
2314 return libcrux_sha3_simd_portable_rotate_left_ab(a ^ b);
2315 }
2316
2317 /**
2318 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
2319 */
2320 /**
2321 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2
2322 with const generics
2323 - LEFT= 62
2324 - RIGHT= 2
2325 */
2326 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_xor_and_rotate_d2_ab(uint64_t a,uint64_t b)2327 libcrux_sha3_simd_portable_xor_and_rotate_d2_ab(uint64_t a, uint64_t b) {
2328 return libcrux_sha3_simd_portable__vxarq_u64_ab(a, b);
2329 }
2330
2331 /**
2332 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left
2333 with const generics
2334 - LEFT= 6
2335 - RIGHT= 58
2336 */
2337 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_rotate_left_5b(uint64_t x)2338 libcrux_sha3_simd_portable_rotate_left_5b(uint64_t x) {
2339 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)6);
2340 }
2341
2342 /**
2343 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64
2344 with const generics
2345 - LEFT= 6
2346 - RIGHT= 58
2347 */
2348 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable__vxarq_u64_5b(uint64_t a,uint64_t b)2349 libcrux_sha3_simd_portable__vxarq_u64_5b(uint64_t a, uint64_t b) {
2350 return libcrux_sha3_simd_portable_rotate_left_5b(a ^ b);
2351 }
2352
2353 /**
2354 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
2355 */
2356 /**
2357 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2
2358 with const generics
2359 - LEFT= 6
2360 - RIGHT= 58
2361 */
2362 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_xor_and_rotate_d2_5b(uint64_t a,uint64_t b)2363 libcrux_sha3_simd_portable_xor_and_rotate_d2_5b(uint64_t a, uint64_t b) {
2364 return libcrux_sha3_simd_portable__vxarq_u64_5b(a, b);
2365 }
2366
2367 /**
2368 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left
2369 with const generics
2370 - LEFT= 43
2371 - RIGHT= 21
2372 */
2373 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_rotate_left_6f(uint64_t x)2374 libcrux_sha3_simd_portable_rotate_left_6f(uint64_t x) {
2375 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)43);
2376 }
2377
2378 /**
2379 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64
2380 with const generics
2381 - LEFT= 43
2382 - RIGHT= 21
2383 */
2384 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable__vxarq_u64_6f(uint64_t a,uint64_t b)2385 libcrux_sha3_simd_portable__vxarq_u64_6f(uint64_t a, uint64_t b) {
2386 return libcrux_sha3_simd_portable_rotate_left_6f(a ^ b);
2387 }
2388
2389 /**
2390 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
2391 */
2392 /**
2393 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2
2394 with const generics
2395 - LEFT= 43
2396 - RIGHT= 21
2397 */
2398 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_xor_and_rotate_d2_6f(uint64_t a,uint64_t b)2399 libcrux_sha3_simd_portable_xor_and_rotate_d2_6f(uint64_t a, uint64_t b) {
2400 return libcrux_sha3_simd_portable__vxarq_u64_6f(a, b);
2401 }
2402
2403 /**
2404 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left
2405 with const generics
2406 - LEFT= 15
2407 - RIGHT= 49
2408 */
2409 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_rotate_left_62(uint64_t x)2410 libcrux_sha3_simd_portable_rotate_left_62(uint64_t x) {
2411 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)15);
2412 }
2413
2414 /**
2415 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64
2416 with const generics
2417 - LEFT= 15
2418 - RIGHT= 49
2419 */
2420 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable__vxarq_u64_62(uint64_t a,uint64_t b)2421 libcrux_sha3_simd_portable__vxarq_u64_62(uint64_t a, uint64_t b) {
2422 return libcrux_sha3_simd_portable_rotate_left_62(a ^ b);
2423 }
2424
2425 /**
2426 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
2427 */
2428 /**
2429 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2
2430 with const generics
2431 - LEFT= 15
2432 - RIGHT= 49
2433 */
2434 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_xor_and_rotate_d2_62(uint64_t a,uint64_t b)2435 libcrux_sha3_simd_portable_xor_and_rotate_d2_62(uint64_t a, uint64_t b) {
2436 return libcrux_sha3_simd_portable__vxarq_u64_62(a, b);
2437 }
2438
2439 /**
2440 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left
2441 with const generics
2442 - LEFT= 61
2443 - RIGHT= 3
2444 */
2445 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_rotate_left_23(uint64_t x)2446 libcrux_sha3_simd_portable_rotate_left_23(uint64_t x) {
2447 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)61);
2448 }
2449
2450 /**
2451 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64
2452 with const generics
2453 - LEFT= 61
2454 - RIGHT= 3
2455 */
2456 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable__vxarq_u64_23(uint64_t a,uint64_t b)2457 libcrux_sha3_simd_portable__vxarq_u64_23(uint64_t a, uint64_t b) {
2458 return libcrux_sha3_simd_portable_rotate_left_23(a ^ b);
2459 }
2460
2461 /**
2462 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
2463 */
2464 /**
2465 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2
2466 with const generics
2467 - LEFT= 61
2468 - RIGHT= 3
2469 */
2470 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_xor_and_rotate_d2_23(uint64_t a,uint64_t b)2471 libcrux_sha3_simd_portable_xor_and_rotate_d2_23(uint64_t a, uint64_t b) {
2472 return libcrux_sha3_simd_portable__vxarq_u64_23(a, b);
2473 }
2474
2475 /**
2476 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left
2477 with const generics
2478 - LEFT= 28
2479 - RIGHT= 36
2480 */
2481 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_rotate_left_37(uint64_t x)2482 libcrux_sha3_simd_portable_rotate_left_37(uint64_t x) {
2483 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)28);
2484 }
2485
2486 /**
2487 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64
2488 with const generics
2489 - LEFT= 28
2490 - RIGHT= 36
2491 */
2492 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable__vxarq_u64_37(uint64_t a,uint64_t b)2493 libcrux_sha3_simd_portable__vxarq_u64_37(uint64_t a, uint64_t b) {
2494 return libcrux_sha3_simd_portable_rotate_left_37(a ^ b);
2495 }
2496
2497 /**
2498 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
2499 */
2500 /**
2501 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2
2502 with const generics
2503 - LEFT= 28
2504 - RIGHT= 36
2505 */
2506 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_xor_and_rotate_d2_37(uint64_t a,uint64_t b)2507 libcrux_sha3_simd_portable_xor_and_rotate_d2_37(uint64_t a, uint64_t b) {
2508 return libcrux_sha3_simd_portable__vxarq_u64_37(a, b);
2509 }
2510
2511 /**
2512 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left
2513 with const generics
2514 - LEFT= 55
2515 - RIGHT= 9
2516 */
2517 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_rotate_left_bb(uint64_t x)2518 libcrux_sha3_simd_portable_rotate_left_bb(uint64_t x) {
2519 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)55);
2520 }
2521
2522 /**
2523 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64
2524 with const generics
2525 - LEFT= 55
2526 - RIGHT= 9
2527 */
2528 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable__vxarq_u64_bb(uint64_t a,uint64_t b)2529 libcrux_sha3_simd_portable__vxarq_u64_bb(uint64_t a, uint64_t b) {
2530 return libcrux_sha3_simd_portable_rotate_left_bb(a ^ b);
2531 }
2532
2533 /**
2534 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
2535 */
2536 /**
2537 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2
2538 with const generics
2539 - LEFT= 55
2540 - RIGHT= 9
2541 */
2542 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_xor_and_rotate_d2_bb(uint64_t a,uint64_t b)2543 libcrux_sha3_simd_portable_xor_and_rotate_d2_bb(uint64_t a, uint64_t b) {
2544 return libcrux_sha3_simd_portable__vxarq_u64_bb(a, b);
2545 }
2546
2547 /**
2548 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left
2549 with const generics
2550 - LEFT= 25
2551 - RIGHT= 39
2552 */
2553 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_rotate_left_b9(uint64_t x)2554 libcrux_sha3_simd_portable_rotate_left_b9(uint64_t x) {
2555 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)25);
2556 }
2557
2558 /**
2559 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64
2560 with const generics
2561 - LEFT= 25
2562 - RIGHT= 39
2563 */
2564 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable__vxarq_u64_b9(uint64_t a,uint64_t b)2565 libcrux_sha3_simd_portable__vxarq_u64_b9(uint64_t a, uint64_t b) {
2566 return libcrux_sha3_simd_portable_rotate_left_b9(a ^ b);
2567 }
2568
2569 /**
2570 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
2571 */
2572 /**
2573 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2
2574 with const generics
2575 - LEFT= 25
2576 - RIGHT= 39
2577 */
2578 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_xor_and_rotate_d2_b9(uint64_t a,uint64_t b)2579 libcrux_sha3_simd_portable_xor_and_rotate_d2_b9(uint64_t a, uint64_t b) {
2580 return libcrux_sha3_simd_portable__vxarq_u64_b9(a, b);
2581 }
2582
2583 /**
2584 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left
2585 with const generics
2586 - LEFT= 21
2587 - RIGHT= 43
2588 */
2589 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_rotate_left_54(uint64_t x)2590 libcrux_sha3_simd_portable_rotate_left_54(uint64_t x) {
2591 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)21);
2592 }
2593
2594 /**
2595 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64
2596 with const generics
2597 - LEFT= 21
2598 - RIGHT= 43
2599 */
2600 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable__vxarq_u64_54(uint64_t a,uint64_t b)2601 libcrux_sha3_simd_portable__vxarq_u64_54(uint64_t a, uint64_t b) {
2602 return libcrux_sha3_simd_portable_rotate_left_54(a ^ b);
2603 }
2604
2605 /**
2606 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
2607 */
2608 /**
2609 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2
2610 with const generics
2611 - LEFT= 21
2612 - RIGHT= 43
2613 */
2614 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_xor_and_rotate_d2_54(uint64_t a,uint64_t b)2615 libcrux_sha3_simd_portable_xor_and_rotate_d2_54(uint64_t a, uint64_t b) {
2616 return libcrux_sha3_simd_portable__vxarq_u64_54(a, b);
2617 }
2618
2619 /**
2620 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left
2621 with const generics
2622 - LEFT= 56
2623 - RIGHT= 8
2624 */
2625 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_rotate_left_4c(uint64_t x)2626 libcrux_sha3_simd_portable_rotate_left_4c(uint64_t x) {
2627 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)56);
2628 }
2629
2630 /**
2631 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64
2632 with const generics
2633 - LEFT= 56
2634 - RIGHT= 8
2635 */
2636 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable__vxarq_u64_4c(uint64_t a,uint64_t b)2637 libcrux_sha3_simd_portable__vxarq_u64_4c(uint64_t a, uint64_t b) {
2638 return libcrux_sha3_simd_portable_rotate_left_4c(a ^ b);
2639 }
2640
2641 /**
2642 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
2643 */
2644 /**
2645 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2
2646 with const generics
2647 - LEFT= 56
2648 - RIGHT= 8
2649 */
2650 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_xor_and_rotate_d2_4c(uint64_t a,uint64_t b)2651 libcrux_sha3_simd_portable_xor_and_rotate_d2_4c(uint64_t a, uint64_t b) {
2652 return libcrux_sha3_simd_portable__vxarq_u64_4c(a, b);
2653 }
2654
2655 /**
2656 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left
2657 with const generics
2658 - LEFT= 27
2659 - RIGHT= 37
2660 */
2661 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_rotate_left_ce(uint64_t x)2662 libcrux_sha3_simd_portable_rotate_left_ce(uint64_t x) {
2663 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)27);
2664 }
2665
2666 /**
2667 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64
2668 with const generics
2669 - LEFT= 27
2670 - RIGHT= 37
2671 */
2672 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable__vxarq_u64_ce(uint64_t a,uint64_t b)2673 libcrux_sha3_simd_portable__vxarq_u64_ce(uint64_t a, uint64_t b) {
2674 return libcrux_sha3_simd_portable_rotate_left_ce(a ^ b);
2675 }
2676
2677 /**
2678 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
2679 */
2680 /**
2681 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2
2682 with const generics
2683 - LEFT= 27
2684 - RIGHT= 37
2685 */
2686 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_xor_and_rotate_d2_ce(uint64_t a,uint64_t b)2687 libcrux_sha3_simd_portable_xor_and_rotate_d2_ce(uint64_t a, uint64_t b) {
2688 return libcrux_sha3_simd_portable__vxarq_u64_ce(a, b);
2689 }
2690
2691 /**
2692 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left
2693 with const generics
2694 - LEFT= 20
2695 - RIGHT= 44
2696 */
2697 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_rotate_left_77(uint64_t x)2698 libcrux_sha3_simd_portable_rotate_left_77(uint64_t x) {
2699 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)20);
2700 }
2701
2702 /**
2703 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64
2704 with const generics
2705 - LEFT= 20
2706 - RIGHT= 44
2707 */
2708 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable__vxarq_u64_77(uint64_t a,uint64_t b)2709 libcrux_sha3_simd_portable__vxarq_u64_77(uint64_t a, uint64_t b) {
2710 return libcrux_sha3_simd_portable_rotate_left_77(a ^ b);
2711 }
2712
2713 /**
2714 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
2715 */
2716 /**
2717 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2
2718 with const generics
2719 - LEFT= 20
2720 - RIGHT= 44
2721 */
2722 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_xor_and_rotate_d2_77(uint64_t a,uint64_t b)2723 libcrux_sha3_simd_portable_xor_and_rotate_d2_77(uint64_t a, uint64_t b) {
2724 return libcrux_sha3_simd_portable__vxarq_u64_77(a, b);
2725 }
2726
2727 /**
2728 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left
2729 with const generics
2730 - LEFT= 39
2731 - RIGHT= 25
2732 */
2733 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_rotate_left_25(uint64_t x)2734 libcrux_sha3_simd_portable_rotate_left_25(uint64_t x) {
2735 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)39);
2736 }
2737
2738 /**
2739 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64
2740 with const generics
2741 - LEFT= 39
2742 - RIGHT= 25
2743 */
2744 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable__vxarq_u64_25(uint64_t a,uint64_t b)2745 libcrux_sha3_simd_portable__vxarq_u64_25(uint64_t a, uint64_t b) {
2746 return libcrux_sha3_simd_portable_rotate_left_25(a ^ b);
2747 }
2748
2749 /**
2750 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
2751 */
2752 /**
2753 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2
2754 with const generics
2755 - LEFT= 39
2756 - RIGHT= 25
2757 */
2758 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_xor_and_rotate_d2_25(uint64_t a,uint64_t b)2759 libcrux_sha3_simd_portable_xor_and_rotate_d2_25(uint64_t a, uint64_t b) {
2760 return libcrux_sha3_simd_portable__vxarq_u64_25(a, b);
2761 }
2762
2763 /**
2764 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left
2765 with const generics
2766 - LEFT= 8
2767 - RIGHT= 56
2768 */
2769 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_rotate_left_af(uint64_t x)2770 libcrux_sha3_simd_portable_rotate_left_af(uint64_t x) {
2771 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)8);
2772 }
2773
2774 /**
2775 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64
2776 with const generics
2777 - LEFT= 8
2778 - RIGHT= 56
2779 */
2780 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable__vxarq_u64_af(uint64_t a,uint64_t b)2781 libcrux_sha3_simd_portable__vxarq_u64_af(uint64_t a, uint64_t b) {
2782 return libcrux_sha3_simd_portable_rotate_left_af(a ^ b);
2783 }
2784
2785 /**
2786 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
2787 */
2788 /**
2789 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2
2790 with const generics
2791 - LEFT= 8
2792 - RIGHT= 56
2793 */
2794 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_xor_and_rotate_d2_af(uint64_t a,uint64_t b)2795 libcrux_sha3_simd_portable_xor_and_rotate_d2_af(uint64_t a, uint64_t b) {
2796 return libcrux_sha3_simd_portable__vxarq_u64_af(a, b);
2797 }
2798
2799 /**
2800 A monomorphic instance of libcrux_sha3.simd.portable.rotate_left
2801 with const generics
2802 - LEFT= 14
2803 - RIGHT= 50
2804 */
2805 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_rotate_left_fd(uint64_t x)2806 libcrux_sha3_simd_portable_rotate_left_fd(uint64_t x) {
2807 return core_num__u64__rotate_left(x, (uint32_t)(int32_t)14);
2808 }
2809
2810 /**
2811 A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64
2812 with const generics
2813 - LEFT= 14
2814 - RIGHT= 50
2815 */
2816 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable__vxarq_u64_fd(uint64_t a,uint64_t b)2817 libcrux_sha3_simd_portable__vxarq_u64_fd(uint64_t a, uint64_t b) {
2818 return libcrux_sha3_simd_portable_rotate_left_fd(a ^ b);
2819 }
2820
2821 /**
2822 This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64}
2823 */
2824 /**
2825 A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2
2826 with const generics
2827 - LEFT= 14
2828 - RIGHT= 50
2829 */
2830 static KRML_MUSTINLINE uint64_t
libcrux_sha3_simd_portable_xor_and_rotate_d2_fd(uint64_t a,uint64_t b)2831 libcrux_sha3_simd_portable_xor_and_rotate_d2_fd(uint64_t a, uint64_t b) {
2832 return libcrux_sha3_simd_portable__vxarq_u64_fd(a, b);
2833 }
2834
2835 /**
2836 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T,
2837 N>[TraitClause@0, TraitClause@1]}
2838 */
2839 /**
2840 A monomorphic instance of libcrux_sha3.generic_keccak.rho_80
2841 with types uint64_t
2842 with const generics
2843 - N= 1
2844 */
libcrux_sha3_generic_keccak_rho_80_04(libcrux_sha3_generic_keccak_KeccakState_17 * self,uint64_t t[5U])2845 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_rho_80_04(
2846 libcrux_sha3_generic_keccak_KeccakState_17 *self, uint64_t t[5U]) {
2847 libcrux_sha3_generic_keccak_set_80_04(
2848 self, (size_t)0U, (size_t)0U,
2849 libcrux_sha3_simd_portable_xor_d2(
2850 libcrux_sha3_generic_keccak_index_c2_04(
2851 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U,
2852 .snd = (size_t)0U}))[0U],
2853 t[0U]));
2854 libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = self;
2855 libcrux_sha3_generic_keccak_set_80_04(
2856 uu____0, (size_t)1U, (size_t)0U,
2857 libcrux_sha3_simd_portable_xor_and_rotate_d2_02(
2858 libcrux_sha3_generic_keccak_index_c2_04(
2859 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U,
2860 .snd = (size_t)0U}))[0U],
2861 t[0U]));
2862 libcrux_sha3_generic_keccak_KeccakState_17 *uu____1 = self;
2863 libcrux_sha3_generic_keccak_set_80_04(
2864 uu____1, (size_t)2U, (size_t)0U,
2865 libcrux_sha3_simd_portable_xor_and_rotate_d2_ac(
2866 libcrux_sha3_generic_keccak_index_c2_04(
2867 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U,
2868 .snd = (size_t)0U}))[0U],
2869 t[0U]));
2870 libcrux_sha3_generic_keccak_KeccakState_17 *uu____2 = self;
2871 libcrux_sha3_generic_keccak_set_80_04(
2872 uu____2, (size_t)3U, (size_t)0U,
2873 libcrux_sha3_simd_portable_xor_and_rotate_d2_020(
2874 libcrux_sha3_generic_keccak_index_c2_04(
2875 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U,
2876 .snd = (size_t)0U}))[0U],
2877 t[0U]));
2878 libcrux_sha3_generic_keccak_KeccakState_17 *uu____3 = self;
2879 libcrux_sha3_generic_keccak_set_80_04(
2880 uu____3, (size_t)4U, (size_t)0U,
2881 libcrux_sha3_simd_portable_xor_and_rotate_d2_a9(
2882 libcrux_sha3_generic_keccak_index_c2_04(
2883 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U,
2884 .snd = (size_t)0U}))[0U],
2885 t[0U]));
2886 libcrux_sha3_generic_keccak_KeccakState_17 *uu____4 = self;
2887 libcrux_sha3_generic_keccak_set_80_04(
2888 uu____4, (size_t)0U, (size_t)1U,
2889 libcrux_sha3_simd_portable_xor_and_rotate_d2_76(
2890 libcrux_sha3_generic_keccak_index_c2_04(
2891 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U,
2892 .snd = (size_t)1U}))[0U],
2893 t[1U]));
2894 libcrux_sha3_generic_keccak_KeccakState_17 *uu____5 = self;
2895 libcrux_sha3_generic_keccak_set_80_04(
2896 uu____5, (size_t)1U, (size_t)1U,
2897 libcrux_sha3_simd_portable_xor_and_rotate_d2_58(
2898 libcrux_sha3_generic_keccak_index_c2_04(
2899 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U,
2900 .snd = (size_t)1U}))[0U],
2901 t[1U]));
2902 libcrux_sha3_generic_keccak_KeccakState_17 *uu____6 = self;
2903 libcrux_sha3_generic_keccak_set_80_04(
2904 uu____6, (size_t)2U, (size_t)1U,
2905 libcrux_sha3_simd_portable_xor_and_rotate_d2_e0(
2906 libcrux_sha3_generic_keccak_index_c2_04(
2907 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U,
2908 .snd = (size_t)1U}))[0U],
2909 t[1U]));
2910 libcrux_sha3_generic_keccak_KeccakState_17 *uu____7 = self;
2911 libcrux_sha3_generic_keccak_set_80_04(
2912 uu____7, (size_t)3U, (size_t)1U,
2913 libcrux_sha3_simd_portable_xor_and_rotate_d2_63(
2914 libcrux_sha3_generic_keccak_index_c2_04(
2915 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U,
2916 .snd = (size_t)1U}))[0U],
2917 t[1U]));
2918 libcrux_sha3_generic_keccak_KeccakState_17 *uu____8 = self;
2919 libcrux_sha3_generic_keccak_set_80_04(
2920 uu____8, (size_t)4U, (size_t)1U,
2921 libcrux_sha3_simd_portable_xor_and_rotate_d2_6a(
2922 libcrux_sha3_generic_keccak_index_c2_04(
2923 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U,
2924 .snd = (size_t)1U}))[0U],
2925 t[1U]));
2926 libcrux_sha3_generic_keccak_KeccakState_17 *uu____9 = self;
2927 libcrux_sha3_generic_keccak_set_80_04(
2928 uu____9, (size_t)0U, (size_t)2U,
2929 libcrux_sha3_simd_portable_xor_and_rotate_d2_ab(
2930 libcrux_sha3_generic_keccak_index_c2_04(
2931 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U,
2932 .snd = (size_t)2U}))[0U],
2933 t[2U]));
2934 libcrux_sha3_generic_keccak_KeccakState_17 *uu____10 = self;
2935 libcrux_sha3_generic_keccak_set_80_04(
2936 uu____10, (size_t)1U, (size_t)2U,
2937 libcrux_sha3_simd_portable_xor_and_rotate_d2_5b(
2938 libcrux_sha3_generic_keccak_index_c2_04(
2939 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U,
2940 .snd = (size_t)2U}))[0U],
2941 t[2U]));
2942 libcrux_sha3_generic_keccak_KeccakState_17 *uu____11 = self;
2943 libcrux_sha3_generic_keccak_set_80_04(
2944 uu____11, (size_t)2U, (size_t)2U,
2945 libcrux_sha3_simd_portable_xor_and_rotate_d2_6f(
2946 libcrux_sha3_generic_keccak_index_c2_04(
2947 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U,
2948 .snd = (size_t)2U}))[0U],
2949 t[2U]));
2950 libcrux_sha3_generic_keccak_KeccakState_17 *uu____12 = self;
2951 libcrux_sha3_generic_keccak_set_80_04(
2952 uu____12, (size_t)3U, (size_t)2U,
2953 libcrux_sha3_simd_portable_xor_and_rotate_d2_62(
2954 libcrux_sha3_generic_keccak_index_c2_04(
2955 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U,
2956 .snd = (size_t)2U}))[0U],
2957 t[2U]));
2958 libcrux_sha3_generic_keccak_KeccakState_17 *uu____13 = self;
2959 libcrux_sha3_generic_keccak_set_80_04(
2960 uu____13, (size_t)4U, (size_t)2U,
2961 libcrux_sha3_simd_portable_xor_and_rotate_d2_23(
2962 libcrux_sha3_generic_keccak_index_c2_04(
2963 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U,
2964 .snd = (size_t)2U}))[0U],
2965 t[2U]));
2966 libcrux_sha3_generic_keccak_KeccakState_17 *uu____14 = self;
2967 libcrux_sha3_generic_keccak_set_80_04(
2968 uu____14, (size_t)0U, (size_t)3U,
2969 libcrux_sha3_simd_portable_xor_and_rotate_d2_37(
2970 libcrux_sha3_generic_keccak_index_c2_04(
2971 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U,
2972 .snd = (size_t)3U}))[0U],
2973 t[3U]));
2974 libcrux_sha3_generic_keccak_KeccakState_17 *uu____15 = self;
2975 libcrux_sha3_generic_keccak_set_80_04(
2976 uu____15, (size_t)1U, (size_t)3U,
2977 libcrux_sha3_simd_portable_xor_and_rotate_d2_bb(
2978 libcrux_sha3_generic_keccak_index_c2_04(
2979 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U,
2980 .snd = (size_t)3U}))[0U],
2981 t[3U]));
2982 libcrux_sha3_generic_keccak_KeccakState_17 *uu____16 = self;
2983 libcrux_sha3_generic_keccak_set_80_04(
2984 uu____16, (size_t)2U, (size_t)3U,
2985 libcrux_sha3_simd_portable_xor_and_rotate_d2_b9(
2986 libcrux_sha3_generic_keccak_index_c2_04(
2987 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U,
2988 .snd = (size_t)3U}))[0U],
2989 t[3U]));
2990 libcrux_sha3_generic_keccak_KeccakState_17 *uu____17 = self;
2991 libcrux_sha3_generic_keccak_set_80_04(
2992 uu____17, (size_t)3U, (size_t)3U,
2993 libcrux_sha3_simd_portable_xor_and_rotate_d2_54(
2994 libcrux_sha3_generic_keccak_index_c2_04(
2995 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U,
2996 .snd = (size_t)3U}))[0U],
2997 t[3U]));
2998 libcrux_sha3_generic_keccak_KeccakState_17 *uu____18 = self;
2999 libcrux_sha3_generic_keccak_set_80_04(
3000 uu____18, (size_t)4U, (size_t)3U,
3001 libcrux_sha3_simd_portable_xor_and_rotate_d2_4c(
3002 libcrux_sha3_generic_keccak_index_c2_04(
3003 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U,
3004 .snd = (size_t)3U}))[0U],
3005 t[3U]));
3006 libcrux_sha3_generic_keccak_KeccakState_17 *uu____19 = self;
3007 libcrux_sha3_generic_keccak_set_80_04(
3008 uu____19, (size_t)0U, (size_t)4U,
3009 libcrux_sha3_simd_portable_xor_and_rotate_d2_ce(
3010 libcrux_sha3_generic_keccak_index_c2_04(
3011 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U,
3012 .snd = (size_t)4U}))[0U],
3013 t[4U]));
3014 libcrux_sha3_generic_keccak_KeccakState_17 *uu____20 = self;
3015 libcrux_sha3_generic_keccak_set_80_04(
3016 uu____20, (size_t)1U, (size_t)4U,
3017 libcrux_sha3_simd_portable_xor_and_rotate_d2_77(
3018 libcrux_sha3_generic_keccak_index_c2_04(
3019 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U,
3020 .snd = (size_t)4U}))[0U],
3021 t[4U]));
3022 libcrux_sha3_generic_keccak_KeccakState_17 *uu____21 = self;
3023 libcrux_sha3_generic_keccak_set_80_04(
3024 uu____21, (size_t)2U, (size_t)4U,
3025 libcrux_sha3_simd_portable_xor_and_rotate_d2_25(
3026 libcrux_sha3_generic_keccak_index_c2_04(
3027 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U,
3028 .snd = (size_t)4U}))[0U],
3029 t[4U]));
3030 libcrux_sha3_generic_keccak_KeccakState_17 *uu____22 = self;
3031 libcrux_sha3_generic_keccak_set_80_04(
3032 uu____22, (size_t)3U, (size_t)4U,
3033 libcrux_sha3_simd_portable_xor_and_rotate_d2_af(
3034 libcrux_sha3_generic_keccak_index_c2_04(
3035 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U,
3036 .snd = (size_t)4U}))[0U],
3037 t[4U]));
3038 libcrux_sha3_generic_keccak_KeccakState_17 *uu____23 = self;
3039 libcrux_sha3_generic_keccak_set_80_04(
3040 uu____23, (size_t)4U, (size_t)4U,
3041 libcrux_sha3_simd_portable_xor_and_rotate_d2_fd(
3042 libcrux_sha3_generic_keccak_index_c2_04(
3043 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U,
3044 .snd = (size_t)4U}))[0U],
3045 t[4U]));
3046 }
3047
3048 /**
3049 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T,
3050 N>[TraitClause@0, TraitClause@1]}
3051 */
3052 /**
3053 A monomorphic instance of libcrux_sha3.generic_keccak.pi_80
3054 with types uint64_t
3055 with const generics
3056 - N= 1
3057 */
libcrux_sha3_generic_keccak_pi_80_04(libcrux_sha3_generic_keccak_KeccakState_17 * self)3058 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_80_04(
3059 libcrux_sha3_generic_keccak_KeccakState_17 *self) {
3060 libcrux_sha3_generic_keccak_KeccakState_17 old = self[0U];
3061 libcrux_sha3_generic_keccak_set_80_04(
3062 self, (size_t)1U, (size_t)0U,
3063 libcrux_sha3_generic_keccak_index_c2_04(
3064 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U,
3065 .snd = (size_t)3U}))[0U]);
3066 libcrux_sha3_generic_keccak_set_80_04(
3067 self, (size_t)2U, (size_t)0U,
3068 libcrux_sha3_generic_keccak_index_c2_04(
3069 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U,
3070 .snd = (size_t)1U}))[0U]);
3071 libcrux_sha3_generic_keccak_set_80_04(
3072 self, (size_t)3U, (size_t)0U,
3073 libcrux_sha3_generic_keccak_index_c2_04(
3074 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U,
3075 .snd = (size_t)4U}))[0U]);
3076 libcrux_sha3_generic_keccak_set_80_04(
3077 self, (size_t)4U, (size_t)0U,
3078 libcrux_sha3_generic_keccak_index_c2_04(
3079 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U,
3080 .snd = (size_t)2U}))[0U]);
3081 libcrux_sha3_generic_keccak_set_80_04(
3082 self, (size_t)0U, (size_t)1U,
3083 libcrux_sha3_generic_keccak_index_c2_04(
3084 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U,
3085 .snd = (size_t)1U}))[0U]);
3086 libcrux_sha3_generic_keccak_set_80_04(
3087 self, (size_t)1U, (size_t)1U,
3088 libcrux_sha3_generic_keccak_index_c2_04(
3089 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U,
3090 .snd = (size_t)4U}))[0U]);
3091 libcrux_sha3_generic_keccak_set_80_04(
3092 self, (size_t)2U, (size_t)1U,
3093 libcrux_sha3_generic_keccak_index_c2_04(
3094 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U,
3095 .snd = (size_t)2U}))[0U]);
3096 libcrux_sha3_generic_keccak_set_80_04(
3097 self, (size_t)3U, (size_t)1U,
3098 libcrux_sha3_generic_keccak_index_c2_04(
3099 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U,
3100 .snd = (size_t)0U}))[0U]);
3101 libcrux_sha3_generic_keccak_set_80_04(
3102 self, (size_t)4U, (size_t)1U,
3103 libcrux_sha3_generic_keccak_index_c2_04(
3104 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U,
3105 .snd = (size_t)3U}))[0U]);
3106 libcrux_sha3_generic_keccak_set_80_04(
3107 self, (size_t)0U, (size_t)2U,
3108 libcrux_sha3_generic_keccak_index_c2_04(
3109 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U,
3110 .snd = (size_t)2U}))[0U]);
3111 libcrux_sha3_generic_keccak_set_80_04(
3112 self, (size_t)1U, (size_t)2U,
3113 libcrux_sha3_generic_keccak_index_c2_04(
3114 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U,
3115 .snd = (size_t)0U}))[0U]);
3116 libcrux_sha3_generic_keccak_set_80_04(
3117 self, (size_t)2U, (size_t)2U,
3118 libcrux_sha3_generic_keccak_index_c2_04(
3119 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U,
3120 .snd = (size_t)3U}))[0U]);
3121 libcrux_sha3_generic_keccak_set_80_04(
3122 self, (size_t)3U, (size_t)2U,
3123 libcrux_sha3_generic_keccak_index_c2_04(
3124 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U,
3125 .snd = (size_t)1U}))[0U]);
3126 libcrux_sha3_generic_keccak_set_80_04(
3127 self, (size_t)4U, (size_t)2U,
3128 libcrux_sha3_generic_keccak_index_c2_04(
3129 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U,
3130 .snd = (size_t)4U}))[0U]);
3131 libcrux_sha3_generic_keccak_set_80_04(
3132 self, (size_t)0U, (size_t)3U,
3133 libcrux_sha3_generic_keccak_index_c2_04(
3134 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U,
3135 .snd = (size_t)3U}))[0U]);
3136 libcrux_sha3_generic_keccak_set_80_04(
3137 self, (size_t)1U, (size_t)3U,
3138 libcrux_sha3_generic_keccak_index_c2_04(
3139 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U,
3140 .snd = (size_t)1U}))[0U]);
3141 libcrux_sha3_generic_keccak_set_80_04(
3142 self, (size_t)2U, (size_t)3U,
3143 libcrux_sha3_generic_keccak_index_c2_04(
3144 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U,
3145 .snd = (size_t)4U}))[0U]);
3146 libcrux_sha3_generic_keccak_set_80_04(
3147 self, (size_t)3U, (size_t)3U,
3148 libcrux_sha3_generic_keccak_index_c2_04(
3149 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U,
3150 .snd = (size_t)2U}))[0U]);
3151 libcrux_sha3_generic_keccak_set_80_04(
3152 self, (size_t)4U, (size_t)3U,
3153 libcrux_sha3_generic_keccak_index_c2_04(
3154 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U,
3155 .snd = (size_t)0U}))[0U]);
3156 libcrux_sha3_generic_keccak_set_80_04(
3157 self, (size_t)0U, (size_t)4U,
3158 libcrux_sha3_generic_keccak_index_c2_04(
3159 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U,
3160 .snd = (size_t)4U}))[0U]);
3161 libcrux_sha3_generic_keccak_set_80_04(
3162 self, (size_t)1U, (size_t)4U,
3163 libcrux_sha3_generic_keccak_index_c2_04(
3164 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U,
3165 .snd = (size_t)2U}))[0U]);
3166 libcrux_sha3_generic_keccak_set_80_04(
3167 self, (size_t)2U, (size_t)4U,
3168 libcrux_sha3_generic_keccak_index_c2_04(
3169 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U,
3170 .snd = (size_t)0U}))[0U]);
3171 libcrux_sha3_generic_keccak_set_80_04(
3172 self, (size_t)3U, (size_t)4U,
3173 libcrux_sha3_generic_keccak_index_c2_04(
3174 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U,
3175 .snd = (size_t)3U}))[0U]);
3176 libcrux_sha3_generic_keccak_set_80_04(
3177 self, (size_t)4U, (size_t)4U,
3178 libcrux_sha3_generic_keccak_index_c2_04(
3179 &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U,
3180 .snd = (size_t)1U}))[0U]);
3181 }
3182
3183 /**
3184 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T,
3185 N>[TraitClause@0, TraitClause@1]}
3186 */
3187 /**
3188 A monomorphic instance of libcrux_sha3.generic_keccak.chi_80
3189 with types uint64_t
3190 with const generics
3191 - N= 1
3192 */
libcrux_sha3_generic_keccak_chi_80_04(libcrux_sha3_generic_keccak_KeccakState_17 * self)3193 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_80_04(
3194 libcrux_sha3_generic_keccak_KeccakState_17 *self) {
3195 libcrux_sha3_generic_keccak_KeccakState_17 old = self[0U];
3196 for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) {
3197 size_t i1 = i0;
3198 for (size_t i = (size_t)0U; i < (size_t)5U; i++) {
3199 size_t j = i;
3200 libcrux_sha3_generic_keccak_set_80_04(
3201 self, i1, j,
3202 libcrux_sha3_simd_portable_and_not_xor_d2(
3203 libcrux_sha3_generic_keccak_index_c2_04(
3204 self, (KRML_CLITERAL(size_t_x2){.fst = i1, .snd = j}))[0U],
3205 libcrux_sha3_generic_keccak_index_c2_04(
3206 &old,
3207 (KRML_CLITERAL(size_t_x2){
3208 .fst = i1, .snd = (j + (size_t)2U) % (size_t)5U}))[0U],
3209 libcrux_sha3_generic_keccak_index_c2_04(
3210 &old,
3211 (KRML_CLITERAL(size_t_x2){
3212 .fst = i1, .snd = (j + (size_t)1U) % (size_t)5U}))[0U]));
3213 }
3214 }
3215 }
3216
3217 /**
3218 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T,
3219 N>[TraitClause@0, TraitClause@1]}
3220 */
3221 /**
3222 A monomorphic instance of libcrux_sha3.generic_keccak.iota_80
3223 with types uint64_t
3224 with const generics
3225 - N= 1
3226 */
libcrux_sha3_generic_keccak_iota_80_04(libcrux_sha3_generic_keccak_KeccakState_17 * self,size_t i)3227 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_80_04(
3228 libcrux_sha3_generic_keccak_KeccakState_17 *self, size_t i) {
3229 libcrux_sha3_generic_keccak_set_80_04(
3230 self, (size_t)0U, (size_t)0U,
3231 libcrux_sha3_simd_portable_xor_constant_d2(
3232 libcrux_sha3_generic_keccak_index_c2_04(
3233 self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U,
3234 .snd = (size_t)0U}))[0U],
3235 libcrux_sha3_generic_keccak_constants_ROUNDCONSTANTS[i]));
3236 }
3237
3238 /**
3239 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T,
3240 N>[TraitClause@0, TraitClause@1]}
3241 */
3242 /**
3243 A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600_80
3244 with types uint64_t
3245 with const generics
3246 - N= 1
3247 */
libcrux_sha3_generic_keccak_keccakf1600_80_04(libcrux_sha3_generic_keccak_KeccakState_17 * self)3248 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_80_04(
3249 libcrux_sha3_generic_keccak_KeccakState_17 *self) {
3250 for (size_t i = (size_t)0U; i < (size_t)24U; i++) {
3251 size_t i0 = i;
3252 uint64_t t[5U];
3253 libcrux_sha3_generic_keccak_theta_80_04(self, t);
3254 libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = self;
3255 uint64_t uu____1[5U];
3256 memcpy(uu____1, t, (size_t)5U * sizeof(uint64_t));
3257 libcrux_sha3_generic_keccak_rho_80_04(uu____0, uu____1);
3258 libcrux_sha3_generic_keccak_pi_80_04(self);
3259 libcrux_sha3_generic_keccak_chi_80_04(self);
3260 libcrux_sha3_generic_keccak_iota_80_04(self, i0);
3261 }
3262 }
3263
3264 /**
3265 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T,
3266 N>[TraitClause@0, TraitClause@1]}
3267 */
3268 /**
3269 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block_80
3270 with types uint64_t
3271 with const generics
3272 - N= 1
3273 - RATE= 72
3274 */
libcrux_sha3_generic_keccak_absorb_block_80_c6(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice * blocks,size_t start)3275 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_80_c6(
3276 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *blocks,
3277 size_t start) {
3278 libcrux_sha3_simd_portable_load_block_a1_f8(self, blocks, start);
3279 libcrux_sha3_generic_keccak_keccakf1600_80_04(self);
3280 }
3281
3282 /**
3283 A monomorphic instance of libcrux_sha3.simd.portable.load_last
3284 with const generics
3285 - RATE= 72
3286 - DELIMITER= 6
3287 */
libcrux_sha3_simd_portable_load_last_96(uint64_t * state,Eurydice_slice blocks,size_t start,size_t len)3288 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_last_96(
3289 uint64_t *state, Eurydice_slice blocks, size_t start, size_t len) {
3290 uint8_t buffer[72U] = {0U};
3291 Eurydice_slice_copy(
3292 Eurydice_array_to_subslice3(buffer, (size_t)0U, len, uint8_t *),
3293 Eurydice_slice_subslice3(blocks, start, start + len, uint8_t *), uint8_t);
3294 buffer[len] = 6U;
3295 size_t uu____0 = (size_t)72U - (size_t)1U;
3296 buffer[uu____0] = (uint32_t)buffer[uu____0] | 128U;
3297 libcrux_sha3_simd_portable_load_block_f8(
3298 state, Eurydice_array_to_slice((size_t)72U, buffer, uint8_t), (size_t)0U);
3299 }
3300
3301 /**
3302 This function found in impl {libcrux_sha3::traits::Absorb<1usize> for
3303 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>,
3304 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for
3305 u64}]}
3306 */
3307 /**
3308 A monomorphic instance of libcrux_sha3.simd.portable.load_last_a1
3309 with const generics
3310 - RATE= 72
3311 - DELIMITER= 6
3312 */
libcrux_sha3_simd_portable_load_last_a1_96(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice * input,size_t start,size_t len)3313 static inline void libcrux_sha3_simd_portable_load_last_a1_96(
3314 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input,
3315 size_t start, size_t len) {
3316 libcrux_sha3_simd_portable_load_last_96(self->st, input[0U], start, len);
3317 }
3318
3319 /**
3320 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T,
3321 N>[TraitClause@0, TraitClause@1]}
3322 */
3323 /**
3324 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_80
3325 with types uint64_t
3326 with const generics
3327 - N= 1
3328 - RATE= 72
3329 - DELIM= 6
3330 */
libcrux_sha3_generic_keccak_absorb_final_80_9e(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice * last,size_t start,size_t len)3331 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80_9e(
3332 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *last,
3333 size_t start, size_t len) {
3334 libcrux_sha3_simd_portable_load_last_a1_96(self, last, start, len);
3335 libcrux_sha3_generic_keccak_keccakf1600_80_04(self);
3336 }
3337
3338 /**
3339 A monomorphic instance of libcrux_sha3.simd.portable.store_block
3340 with const generics
3341 - RATE= 72
3342 */
libcrux_sha3_simd_portable_store_block_f8(uint64_t * s,Eurydice_slice out,size_t start,size_t len)3343 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_store_block_f8(
3344 uint64_t *s, Eurydice_slice out, size_t start, size_t len) {
3345 size_t octets = len / (size_t)8U;
3346 for (size_t i = (size_t)0U; i < octets; i++) {
3347 size_t i0 = i;
3348 Eurydice_slice uu____0 = Eurydice_slice_subslice3(
3349 out, start + (size_t)8U * i0, start + (size_t)8U * i0 + (size_t)8U,
3350 uint8_t *);
3351 uint8_t ret[8U];
3352 core_num__u64__to_le_bytes(
3353 libcrux_sha3_traits_get_ij_04(s, i0 / (size_t)5U, i0 % (size_t)5U)[0U],
3354 ret);
3355 Eurydice_slice_copy(
3356 uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
3357 }
3358 size_t remaining = len % (size_t)8U;
3359 if (remaining > (size_t)0U) {
3360 Eurydice_slice uu____1 = Eurydice_slice_subslice3(
3361 out, start + len - remaining, start + len, uint8_t *);
3362 uint8_t ret[8U];
3363 core_num__u64__to_le_bytes(
3364 libcrux_sha3_traits_get_ij_04(s, octets / (size_t)5U,
3365 octets % (size_t)5U)[0U],
3366 ret);
3367 Eurydice_slice_copy(
3368 uu____1,
3369 Eurydice_array_to_subslice3(ret, (size_t)0U, remaining, uint8_t *),
3370 uint8_t);
3371 }
3372 }
3373
3374 /**
3375 This function found in impl {libcrux_sha3::traits::Squeeze1<u64> for
3376 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>,
3377 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for
3378 u64}]}
3379 */
3380 /**
3381 A monomorphic instance of libcrux_sha3.simd.portable.squeeze_13
3382 with const generics
3383 - RATE= 72
3384 */
libcrux_sha3_simd_portable_squeeze_13_f8(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice out,size_t start,size_t len)3385 static inline void libcrux_sha3_simd_portable_squeeze_13_f8(
3386 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out,
3387 size_t start, size_t len) {
3388 libcrux_sha3_simd_portable_store_block_f8(self->st, out, start, len);
3389 }
3390
3391 /**
3392 A monomorphic instance of libcrux_sha3.generic_keccak.portable.keccak1
3393 with const generics
3394 - RATE= 72
3395 - DELIM= 6
3396 */
libcrux_sha3_generic_keccak_portable_keccak1_96(Eurydice_slice data,Eurydice_slice out)3397 static inline void libcrux_sha3_generic_keccak_portable_keccak1_96(
3398 Eurydice_slice data, Eurydice_slice out) {
3399 libcrux_sha3_generic_keccak_KeccakState_17 s =
3400 libcrux_sha3_generic_keccak_new_80_04();
3401 size_t data_len = Eurydice_slice_len(data, uint8_t);
3402 for (size_t i = (size_t)0U; i < data_len / (size_t)72U; i++) {
3403 size_t i0 = i;
3404 Eurydice_slice buf[1U] = {data};
3405 libcrux_sha3_generic_keccak_absorb_block_80_c6(&s, buf, i0 * (size_t)72U);
3406 }
3407 size_t rem = data_len % (size_t)72U;
3408 Eurydice_slice buf[1U] = {data};
3409 libcrux_sha3_generic_keccak_absorb_final_80_9e(&s, buf, data_len - rem, rem);
3410 size_t outlen = Eurydice_slice_len(out, uint8_t);
3411 size_t blocks = outlen / (size_t)72U;
3412 size_t last = outlen - outlen % (size_t)72U;
3413 if (blocks == (size_t)0U) {
3414 libcrux_sha3_simd_portable_squeeze_13_f8(&s, out, (size_t)0U, outlen);
3415 } else {
3416 libcrux_sha3_simd_portable_squeeze_13_f8(&s, out, (size_t)0U, (size_t)72U);
3417 for (size_t i = (size_t)1U; i < blocks; i++) {
3418 size_t i0 = i;
3419 libcrux_sha3_generic_keccak_keccakf1600_80_04(&s);
3420 libcrux_sha3_simd_portable_squeeze_13_f8(&s, out, i0 * (size_t)72U,
3421 (size_t)72U);
3422 }
3423 if (last < outlen) {
3424 libcrux_sha3_generic_keccak_keccakf1600_80_04(&s);
3425 libcrux_sha3_simd_portable_squeeze_13_f8(&s, out, last, outlen - last);
3426 }
3427 }
3428 }
3429
3430 /**
3431 A portable SHA3 512 implementation.
3432 */
libcrux_sha3_portable_sha512(Eurydice_slice digest,Eurydice_slice data)3433 static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest,
3434 Eurydice_slice data) {
3435 libcrux_sha3_generic_keccak_portable_keccak1_96(data, digest);
3436 }
3437
3438 /**
3439 A monomorphic instance of libcrux_sha3.simd.portable.load_block
3440 with const generics
3441 - RATE= 136
3442 */
libcrux_sha3_simd_portable_load_block_5b(uint64_t * state,Eurydice_slice blocks,size_t start)3443 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_block_5b(
3444 uint64_t *state, Eurydice_slice blocks, size_t start) {
3445 uint64_t state_flat[25U] = {0U};
3446 for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) {
3447 size_t i0 = i;
3448 size_t offset = start + (size_t)8U * i0;
3449 uint8_t uu____0[8U];
3450 Result_15 dst;
3451 Eurydice_slice_to_array2(
3452 &dst,
3453 Eurydice_slice_subslice3(blocks, offset, offset + (size_t)8U,
3454 uint8_t *),
3455 Eurydice_slice, uint8_t[8U], TryFromSliceError);
3456 unwrap_26_68(dst, uu____0);
3457 state_flat[i0] = core_num__u64__from_le_bytes(uu____0);
3458 }
3459 for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) {
3460 size_t i0 = i;
3461 libcrux_sha3_traits_set_ij_04(
3462 state, i0 / (size_t)5U, i0 % (size_t)5U,
3463 libcrux_sha3_traits_get_ij_04(state, i0 / (size_t)5U,
3464 i0 % (size_t)5U)[0U] ^
3465 state_flat[i0]);
3466 }
3467 }
3468
3469 /**
3470 This function found in impl {libcrux_sha3::traits::Absorb<1usize> for
3471 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>,
3472 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for
3473 u64}]}
3474 */
3475 /**
3476 A monomorphic instance of libcrux_sha3.simd.portable.load_block_a1
3477 with const generics
3478 - RATE= 136
3479 */
libcrux_sha3_simd_portable_load_block_a1_5b(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice * input,size_t start)3480 static inline void libcrux_sha3_simd_portable_load_block_a1_5b(
3481 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input,
3482 size_t start) {
3483 libcrux_sha3_simd_portable_load_block_5b(self->st, input[0U], start);
3484 }
3485
3486 /**
3487 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T,
3488 N>[TraitClause@0, TraitClause@1]}
3489 */
3490 /**
3491 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block_80
3492 with types uint64_t
3493 with const generics
3494 - N= 1
3495 - RATE= 136
3496 */
libcrux_sha3_generic_keccak_absorb_block_80_c60(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice * blocks,size_t start)3497 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_80_c60(
3498 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *blocks,
3499 size_t start) {
3500 libcrux_sha3_simd_portable_load_block_a1_5b(self, blocks, start);
3501 libcrux_sha3_generic_keccak_keccakf1600_80_04(self);
3502 }
3503
3504 /**
3505 A monomorphic instance of libcrux_sha3.simd.portable.load_last
3506 with const generics
3507 - RATE= 136
3508 - DELIMITER= 6
3509 */
libcrux_sha3_simd_portable_load_last_ad(uint64_t * state,Eurydice_slice blocks,size_t start,size_t len)3510 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_last_ad(
3511 uint64_t *state, Eurydice_slice blocks, size_t start, size_t len) {
3512 uint8_t buffer[136U] = {0U};
3513 Eurydice_slice_copy(
3514 Eurydice_array_to_subslice3(buffer, (size_t)0U, len, uint8_t *),
3515 Eurydice_slice_subslice3(blocks, start, start + len, uint8_t *), uint8_t);
3516 buffer[len] = 6U;
3517 size_t uu____0 = (size_t)136U - (size_t)1U;
3518 buffer[uu____0] = (uint32_t)buffer[uu____0] | 128U;
3519 libcrux_sha3_simd_portable_load_block_5b(
3520 state, Eurydice_array_to_slice((size_t)136U, buffer, uint8_t),
3521 (size_t)0U);
3522 }
3523
3524 /**
3525 This function found in impl {libcrux_sha3::traits::Absorb<1usize> for
3526 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>,
3527 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for
3528 u64}]}
3529 */
3530 /**
3531 A monomorphic instance of libcrux_sha3.simd.portable.load_last_a1
3532 with const generics
3533 - RATE= 136
3534 - DELIMITER= 6
3535 */
libcrux_sha3_simd_portable_load_last_a1_ad(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice * input,size_t start,size_t len)3536 static inline void libcrux_sha3_simd_portable_load_last_a1_ad(
3537 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input,
3538 size_t start, size_t len) {
3539 libcrux_sha3_simd_portable_load_last_ad(self->st, input[0U], start, len);
3540 }
3541
3542 /**
3543 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T,
3544 N>[TraitClause@0, TraitClause@1]}
3545 */
3546 /**
3547 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_80
3548 with types uint64_t
3549 with const generics
3550 - N= 1
3551 - RATE= 136
3552 - DELIM= 6
3553 */
libcrux_sha3_generic_keccak_absorb_final_80_9e0(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice * last,size_t start,size_t len)3554 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80_9e0(
3555 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *last,
3556 size_t start, size_t len) {
3557 libcrux_sha3_simd_portable_load_last_a1_ad(self, last, start, len);
3558 libcrux_sha3_generic_keccak_keccakf1600_80_04(self);
3559 }
3560
3561 /**
3562 A monomorphic instance of libcrux_sha3.simd.portable.store_block
3563 with const generics
3564 - RATE= 136
3565 */
libcrux_sha3_simd_portable_store_block_5b(uint64_t * s,Eurydice_slice out,size_t start,size_t len)3566 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_store_block_5b(
3567 uint64_t *s, Eurydice_slice out, size_t start, size_t len) {
3568 size_t octets = len / (size_t)8U;
3569 for (size_t i = (size_t)0U; i < octets; i++) {
3570 size_t i0 = i;
3571 Eurydice_slice uu____0 = Eurydice_slice_subslice3(
3572 out, start + (size_t)8U * i0, start + (size_t)8U * i0 + (size_t)8U,
3573 uint8_t *);
3574 uint8_t ret[8U];
3575 core_num__u64__to_le_bytes(
3576 libcrux_sha3_traits_get_ij_04(s, i0 / (size_t)5U, i0 % (size_t)5U)[0U],
3577 ret);
3578 Eurydice_slice_copy(
3579 uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
3580 }
3581 size_t remaining = len % (size_t)8U;
3582 if (remaining > (size_t)0U) {
3583 Eurydice_slice uu____1 = Eurydice_slice_subslice3(
3584 out, start + len - remaining, start + len, uint8_t *);
3585 uint8_t ret[8U];
3586 core_num__u64__to_le_bytes(
3587 libcrux_sha3_traits_get_ij_04(s, octets / (size_t)5U,
3588 octets % (size_t)5U)[0U],
3589 ret);
3590 Eurydice_slice_copy(
3591 uu____1,
3592 Eurydice_array_to_subslice3(ret, (size_t)0U, remaining, uint8_t *),
3593 uint8_t);
3594 }
3595 }
3596
3597 /**
3598 This function found in impl {libcrux_sha3::traits::Squeeze1<u64> for
3599 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>,
3600 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for
3601 u64}]}
3602 */
3603 /**
3604 A monomorphic instance of libcrux_sha3.simd.portable.squeeze_13
3605 with const generics
3606 - RATE= 136
3607 */
libcrux_sha3_simd_portable_squeeze_13_5b(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice out,size_t start,size_t len)3608 static inline void libcrux_sha3_simd_portable_squeeze_13_5b(
3609 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out,
3610 size_t start, size_t len) {
3611 libcrux_sha3_simd_portable_store_block_5b(self->st, out, start, len);
3612 }
3613
3614 /**
3615 A monomorphic instance of libcrux_sha3.generic_keccak.portable.keccak1
3616 with const generics
3617 - RATE= 136
3618 - DELIM= 6
3619 */
libcrux_sha3_generic_keccak_portable_keccak1_ad(Eurydice_slice data,Eurydice_slice out)3620 static inline void libcrux_sha3_generic_keccak_portable_keccak1_ad(
3621 Eurydice_slice data, Eurydice_slice out) {
3622 libcrux_sha3_generic_keccak_KeccakState_17 s =
3623 libcrux_sha3_generic_keccak_new_80_04();
3624 size_t data_len = Eurydice_slice_len(data, uint8_t);
3625 for (size_t i = (size_t)0U; i < data_len / (size_t)136U; i++) {
3626 size_t i0 = i;
3627 Eurydice_slice buf[1U] = {data};
3628 libcrux_sha3_generic_keccak_absorb_block_80_c60(&s, buf, i0 * (size_t)136U);
3629 }
3630 size_t rem = data_len % (size_t)136U;
3631 Eurydice_slice buf[1U] = {data};
3632 libcrux_sha3_generic_keccak_absorb_final_80_9e0(&s, buf, data_len - rem, rem);
3633 size_t outlen = Eurydice_slice_len(out, uint8_t);
3634 size_t blocks = outlen / (size_t)136U;
3635 size_t last = outlen - outlen % (size_t)136U;
3636 if (blocks == (size_t)0U) {
3637 libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, (size_t)0U, outlen);
3638 } else {
3639 libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, (size_t)0U, (size_t)136U);
3640 for (size_t i = (size_t)1U; i < blocks; i++) {
3641 size_t i0 = i;
3642 libcrux_sha3_generic_keccak_keccakf1600_80_04(&s);
3643 libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, i0 * (size_t)136U,
3644 (size_t)136U);
3645 }
3646 if (last < outlen) {
3647 libcrux_sha3_generic_keccak_keccakf1600_80_04(&s);
3648 libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, last, outlen - last);
3649 }
3650 }
3651 }
3652
3653 /**
3654 A portable SHA3 256 implementation.
3655 */
libcrux_sha3_portable_sha256(Eurydice_slice digest,Eurydice_slice data)3656 static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest,
3657 Eurydice_slice data) {
3658 libcrux_sha3_generic_keccak_portable_keccak1_ad(data, digest);
3659 }
3660
3661 /**
3662 A monomorphic instance of libcrux_sha3.simd.portable.load_last
3663 with const generics
3664 - RATE= 136
3665 - DELIMITER= 31
3666 */
libcrux_sha3_simd_portable_load_last_ad0(uint64_t * state,Eurydice_slice blocks,size_t start,size_t len)3667 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_last_ad0(
3668 uint64_t *state, Eurydice_slice blocks, size_t start, size_t len) {
3669 uint8_t buffer[136U] = {0U};
3670 Eurydice_slice_copy(
3671 Eurydice_array_to_subslice3(buffer, (size_t)0U, len, uint8_t *),
3672 Eurydice_slice_subslice3(blocks, start, start + len, uint8_t *), uint8_t);
3673 buffer[len] = 31U;
3674 size_t uu____0 = (size_t)136U - (size_t)1U;
3675 buffer[uu____0] = (uint32_t)buffer[uu____0] | 128U;
3676 libcrux_sha3_simd_portable_load_block_5b(
3677 state, Eurydice_array_to_slice((size_t)136U, buffer, uint8_t),
3678 (size_t)0U);
3679 }
3680
3681 /**
3682 This function found in impl {libcrux_sha3::traits::Absorb<1usize> for
3683 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>,
3684 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for
3685 u64}]}
3686 */
3687 /**
3688 A monomorphic instance of libcrux_sha3.simd.portable.load_last_a1
3689 with const generics
3690 - RATE= 136
3691 - DELIMITER= 31
3692 */
libcrux_sha3_simd_portable_load_last_a1_ad0(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice * input,size_t start,size_t len)3693 static inline void libcrux_sha3_simd_portable_load_last_a1_ad0(
3694 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input,
3695 size_t start, size_t len) {
3696 libcrux_sha3_simd_portable_load_last_ad0(self->st, input[0U], start, len);
3697 }
3698
3699 /**
3700 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T,
3701 N>[TraitClause@0, TraitClause@1]}
3702 */
3703 /**
3704 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_80
3705 with types uint64_t
3706 with const generics
3707 - N= 1
3708 - RATE= 136
3709 - DELIM= 31
3710 */
libcrux_sha3_generic_keccak_absorb_final_80_9e1(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice * last,size_t start,size_t len)3711 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80_9e1(
3712 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *last,
3713 size_t start, size_t len) {
3714 libcrux_sha3_simd_portable_load_last_a1_ad0(self, last, start, len);
3715 libcrux_sha3_generic_keccak_keccakf1600_80_04(self);
3716 }
3717
3718 /**
3719 A monomorphic instance of libcrux_sha3.generic_keccak.portable.keccak1
3720 with const generics
3721 - RATE= 136
3722 - DELIM= 31
3723 */
libcrux_sha3_generic_keccak_portable_keccak1_ad0(Eurydice_slice data,Eurydice_slice out)3724 static inline void libcrux_sha3_generic_keccak_portable_keccak1_ad0(
3725 Eurydice_slice data, Eurydice_slice out) {
3726 libcrux_sha3_generic_keccak_KeccakState_17 s =
3727 libcrux_sha3_generic_keccak_new_80_04();
3728 size_t data_len = Eurydice_slice_len(data, uint8_t);
3729 for (size_t i = (size_t)0U; i < data_len / (size_t)136U; i++) {
3730 size_t i0 = i;
3731 Eurydice_slice buf[1U] = {data};
3732 libcrux_sha3_generic_keccak_absorb_block_80_c60(&s, buf, i0 * (size_t)136U);
3733 }
3734 size_t rem = data_len % (size_t)136U;
3735 Eurydice_slice buf[1U] = {data};
3736 libcrux_sha3_generic_keccak_absorb_final_80_9e1(&s, buf, data_len - rem, rem);
3737 size_t outlen = Eurydice_slice_len(out, uint8_t);
3738 size_t blocks = outlen / (size_t)136U;
3739 size_t last = outlen - outlen % (size_t)136U;
3740 if (blocks == (size_t)0U) {
3741 libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, (size_t)0U, outlen);
3742 } else {
3743 libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, (size_t)0U, (size_t)136U);
3744 for (size_t i = (size_t)1U; i < blocks; i++) {
3745 size_t i0 = i;
3746 libcrux_sha3_generic_keccak_keccakf1600_80_04(&s);
3747 libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, i0 * (size_t)136U,
3748 (size_t)136U);
3749 }
3750 if (last < outlen) {
3751 libcrux_sha3_generic_keccak_keccakf1600_80_04(&s);
3752 libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, last, outlen - last);
3753 }
3754 }
3755 }
3756
3757 /**
3758 A portable SHAKE256 implementation.
3759 */
libcrux_sha3_portable_shake256(Eurydice_slice digest,Eurydice_slice data)3760 static KRML_MUSTINLINE void libcrux_sha3_portable_shake256(
3761 Eurydice_slice digest, Eurydice_slice data) {
3762 libcrux_sha3_generic_keccak_portable_keccak1_ad0(data, digest);
3763 }
3764
3765 typedef libcrux_sha3_generic_keccak_KeccakState_17
3766 libcrux_sha3_portable_KeccakState;
3767
3768 /**
3769 Create a new SHAKE-128 state object.
3770 */
3771 static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_17
libcrux_sha3_portable_incremental_shake128_init(void)3772 libcrux_sha3_portable_incremental_shake128_init(void) {
3773 return libcrux_sha3_generic_keccak_new_80_04();
3774 }
3775
3776 /**
3777 A monomorphic instance of libcrux_sha3.simd.portable.load_block
3778 with const generics
3779 - RATE= 168
3780 */
libcrux_sha3_simd_portable_load_block_3a(uint64_t * state,Eurydice_slice blocks,size_t start)3781 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_block_3a(
3782 uint64_t *state, Eurydice_slice blocks, size_t start) {
3783 uint64_t state_flat[25U] = {0U};
3784 for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) {
3785 size_t i0 = i;
3786 size_t offset = start + (size_t)8U * i0;
3787 uint8_t uu____0[8U];
3788 Result_15 dst;
3789 Eurydice_slice_to_array2(
3790 &dst,
3791 Eurydice_slice_subslice3(blocks, offset, offset + (size_t)8U,
3792 uint8_t *),
3793 Eurydice_slice, uint8_t[8U], TryFromSliceError);
3794 unwrap_26_68(dst, uu____0);
3795 state_flat[i0] = core_num__u64__from_le_bytes(uu____0);
3796 }
3797 for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) {
3798 size_t i0 = i;
3799 libcrux_sha3_traits_set_ij_04(
3800 state, i0 / (size_t)5U, i0 % (size_t)5U,
3801 libcrux_sha3_traits_get_ij_04(state, i0 / (size_t)5U,
3802 i0 % (size_t)5U)[0U] ^
3803 state_flat[i0]);
3804 }
3805 }
3806
3807 /**
3808 A monomorphic instance of libcrux_sha3.simd.portable.load_last
3809 with const generics
3810 - RATE= 168
3811 - DELIMITER= 31
3812 */
libcrux_sha3_simd_portable_load_last_c6(uint64_t * state,Eurydice_slice blocks,size_t start,size_t len)3813 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_last_c6(
3814 uint64_t *state, Eurydice_slice blocks, size_t start, size_t len) {
3815 uint8_t buffer[168U] = {0U};
3816 Eurydice_slice_copy(
3817 Eurydice_array_to_subslice3(buffer, (size_t)0U, len, uint8_t *),
3818 Eurydice_slice_subslice3(blocks, start, start + len, uint8_t *), uint8_t);
3819 buffer[len] = 31U;
3820 size_t uu____0 = (size_t)168U - (size_t)1U;
3821 buffer[uu____0] = (uint32_t)buffer[uu____0] | 128U;
3822 libcrux_sha3_simd_portable_load_block_3a(
3823 state, Eurydice_array_to_slice((size_t)168U, buffer, uint8_t),
3824 (size_t)0U);
3825 }
3826
3827 /**
3828 This function found in impl {libcrux_sha3::traits::Absorb<1usize> for
3829 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>,
3830 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for
3831 u64}]}
3832 */
3833 /**
3834 A monomorphic instance of libcrux_sha3.simd.portable.load_last_a1
3835 with const generics
3836 - RATE= 168
3837 - DELIMITER= 31
3838 */
libcrux_sha3_simd_portable_load_last_a1_c6(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice * input,size_t start,size_t len)3839 static inline void libcrux_sha3_simd_portable_load_last_a1_c6(
3840 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input,
3841 size_t start, size_t len) {
3842 libcrux_sha3_simd_portable_load_last_c6(self->st, input[0U], start, len);
3843 }
3844
3845 /**
3846 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T,
3847 N>[TraitClause@0, TraitClause@1]}
3848 */
3849 /**
3850 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_80
3851 with types uint64_t
3852 with const generics
3853 - N= 1
3854 - RATE= 168
3855 - DELIM= 31
3856 */
libcrux_sha3_generic_keccak_absorb_final_80_9e2(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice * last,size_t start,size_t len)3857 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80_9e2(
3858 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *last,
3859 size_t start, size_t len) {
3860 libcrux_sha3_simd_portable_load_last_a1_c6(self, last, start, len);
3861 libcrux_sha3_generic_keccak_keccakf1600_80_04(self);
3862 }
3863
3864 /**
3865 Absorb
3866 */
3867 static KRML_MUSTINLINE void
libcrux_sha3_portable_incremental_shake128_absorb_final(libcrux_sha3_generic_keccak_KeccakState_17 * s,Eurydice_slice data0)3868 libcrux_sha3_portable_incremental_shake128_absorb_final(
3869 libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice data0) {
3870 libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = s;
3871 Eurydice_slice uu____1[1U] = {data0};
3872 libcrux_sha3_generic_keccak_absorb_final_80_9e2(
3873 uu____0, uu____1, (size_t)0U, Eurydice_slice_len(data0, uint8_t));
3874 }
3875
3876 /**
3877 A monomorphic instance of libcrux_sha3.simd.portable.store_block
3878 with const generics
3879 - RATE= 168
3880 */
libcrux_sha3_simd_portable_store_block_3a(uint64_t * s,Eurydice_slice out,size_t start,size_t len)3881 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_store_block_3a(
3882 uint64_t *s, Eurydice_slice out, size_t start, size_t len) {
3883 size_t octets = len / (size_t)8U;
3884 for (size_t i = (size_t)0U; i < octets; i++) {
3885 size_t i0 = i;
3886 Eurydice_slice uu____0 = Eurydice_slice_subslice3(
3887 out, start + (size_t)8U * i0, start + (size_t)8U * i0 + (size_t)8U,
3888 uint8_t *);
3889 uint8_t ret[8U];
3890 core_num__u64__to_le_bytes(
3891 libcrux_sha3_traits_get_ij_04(s, i0 / (size_t)5U, i0 % (size_t)5U)[0U],
3892 ret);
3893 Eurydice_slice_copy(
3894 uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
3895 }
3896 size_t remaining = len % (size_t)8U;
3897 if (remaining > (size_t)0U) {
3898 Eurydice_slice uu____1 = Eurydice_slice_subslice3(
3899 out, start + len - remaining, start + len, uint8_t *);
3900 uint8_t ret[8U];
3901 core_num__u64__to_le_bytes(
3902 libcrux_sha3_traits_get_ij_04(s, octets / (size_t)5U,
3903 octets % (size_t)5U)[0U],
3904 ret);
3905 Eurydice_slice_copy(
3906 uu____1,
3907 Eurydice_array_to_subslice3(ret, (size_t)0U, remaining, uint8_t *),
3908 uint8_t);
3909 }
3910 }
3911
3912 /**
3913 This function found in impl {libcrux_sha3::traits::Squeeze1<u64> for
3914 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>,
3915 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for
3916 u64}]}
3917 */
3918 /**
3919 A monomorphic instance of libcrux_sha3.simd.portable.squeeze_13
3920 with const generics
3921 - RATE= 168
3922 */
libcrux_sha3_simd_portable_squeeze_13_3a(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice out,size_t start,size_t len)3923 static inline void libcrux_sha3_simd_portable_squeeze_13_3a(
3924 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out,
3925 size_t start, size_t len) {
3926 libcrux_sha3_simd_portable_store_block_3a(self->st, out, start, len);
3927 }
3928
3929 /**
3930 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<u64,
3931 1usize>[core::marker::Sized<u64>,
3932 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for
3933 u64}]}
3934 */
3935 /**
3936 A monomorphic instance of
3937 libcrux_sha3.generic_keccak.portable.squeeze_first_three_blocks_b4 with const
3938 generics
3939 - RATE= 168
3940 */
3941 static KRML_MUSTINLINE void
libcrux_sha3_generic_keccak_portable_squeeze_first_three_blocks_b4_3a(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice out)3942 libcrux_sha3_generic_keccak_portable_squeeze_first_three_blocks_b4_3a(
3943 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out) {
3944 libcrux_sha3_simd_portable_squeeze_13_3a(self, out, (size_t)0U, (size_t)168U);
3945 libcrux_sha3_generic_keccak_keccakf1600_80_04(self);
3946 libcrux_sha3_simd_portable_squeeze_13_3a(self, out, (size_t)168U,
3947 (size_t)168U);
3948 libcrux_sha3_generic_keccak_keccakf1600_80_04(self);
3949 libcrux_sha3_simd_portable_squeeze_13_3a(self, out, (size_t)2U * (size_t)168U,
3950 (size_t)168U);
3951 }
3952
3953 /**
3954 Squeeze three blocks
3955 */
3956 static KRML_MUSTINLINE void
libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(libcrux_sha3_generic_keccak_KeccakState_17 * s,Eurydice_slice out0)3957 libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(
3958 libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out0) {
3959 libcrux_sha3_generic_keccak_portable_squeeze_first_three_blocks_b4_3a(s,
3960 out0);
3961 }
3962
3963 /**
3964 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<u64,
3965 1usize>[core::marker::Sized<u64>,
3966 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for
3967 u64}]}
3968 */
3969 /**
3970 A monomorphic instance of
3971 libcrux_sha3.generic_keccak.portable.squeeze_next_block_b4 with const generics
3972 - RATE= 168
3973 */
3974 static KRML_MUSTINLINE void
libcrux_sha3_generic_keccak_portable_squeeze_next_block_b4_3a(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice out,size_t start)3975 libcrux_sha3_generic_keccak_portable_squeeze_next_block_b4_3a(
3976 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out,
3977 size_t start) {
3978 libcrux_sha3_generic_keccak_keccakf1600_80_04(self);
3979 libcrux_sha3_simd_portable_squeeze_13_3a(self, out, start, (size_t)168U);
3980 }
3981
3982 /**
3983 Squeeze another block
3984 */
3985 static KRML_MUSTINLINE void
libcrux_sha3_portable_incremental_shake128_squeeze_next_block(libcrux_sha3_generic_keccak_KeccakState_17 * s,Eurydice_slice out0)3986 libcrux_sha3_portable_incremental_shake128_squeeze_next_block(
3987 libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out0) {
3988 libcrux_sha3_generic_keccak_portable_squeeze_next_block_b4_3a(s, out0,
3989 (size_t)0U);
3990 }
3991
3992 #define libcrux_sha3_Algorithm_Sha224 1
3993 #define libcrux_sha3_Algorithm_Sha256 2
3994 #define libcrux_sha3_Algorithm_Sha384 3
3995 #define libcrux_sha3_Algorithm_Sha512 4
3996
3997 typedef uint8_t libcrux_sha3_Algorithm;
3998
3999 typedef uint8_t libcrux_sha3_Sha3_224Digest[28U];
4000
4001 typedef uint8_t libcrux_sha3_Sha3_256Digest[32U];
4002
4003 typedef uint8_t libcrux_sha3_Sha3_384Digest[48U];
4004
4005 typedef uint8_t libcrux_sha3_Sha3_512Digest[64U];
4006
4007 /**
4008 Returns the output size of a digest.
4009 */
libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode)4010 static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) {
4011 switch (mode) {
4012 case libcrux_sha3_Algorithm_Sha224: {
4013 break;
4014 }
4015 case libcrux_sha3_Algorithm_Sha256: {
4016 return (size_t)32U;
4017 }
4018 case libcrux_sha3_Algorithm_Sha384: {
4019 return (size_t)48U;
4020 }
4021 case libcrux_sha3_Algorithm_Sha512: {
4022 return (size_t)64U;
4023 }
4024 default: {
4025 KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__,
4026 __LINE__);
4027 KRML_HOST_EXIT(253U);
4028 }
4029 }
4030 return (size_t)28U;
4031 }
4032
4033 /**
4034 A monomorphic instance of libcrux_sha3.simd.portable.load_block
4035 with const generics
4036 - RATE= 144
4037 */
libcrux_sha3_simd_portable_load_block_2c(uint64_t * state,Eurydice_slice blocks,size_t start)4038 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_block_2c(
4039 uint64_t *state, Eurydice_slice blocks, size_t start) {
4040 uint64_t state_flat[25U] = {0U};
4041 for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) {
4042 size_t i0 = i;
4043 size_t offset = start + (size_t)8U * i0;
4044 uint8_t uu____0[8U];
4045 Result_15 dst;
4046 Eurydice_slice_to_array2(
4047 &dst,
4048 Eurydice_slice_subslice3(blocks, offset, offset + (size_t)8U,
4049 uint8_t *),
4050 Eurydice_slice, uint8_t[8U], TryFromSliceError);
4051 unwrap_26_68(dst, uu____0);
4052 state_flat[i0] = core_num__u64__from_le_bytes(uu____0);
4053 }
4054 for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) {
4055 size_t i0 = i;
4056 libcrux_sha3_traits_set_ij_04(
4057 state, i0 / (size_t)5U, i0 % (size_t)5U,
4058 libcrux_sha3_traits_get_ij_04(state, i0 / (size_t)5U,
4059 i0 % (size_t)5U)[0U] ^
4060 state_flat[i0]);
4061 }
4062 }
4063
4064 /**
4065 This function found in impl {libcrux_sha3::traits::Absorb<1usize> for
4066 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>,
4067 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for
4068 u64}]}
4069 */
4070 /**
4071 A monomorphic instance of libcrux_sha3.simd.portable.load_block_a1
4072 with const generics
4073 - RATE= 144
4074 */
libcrux_sha3_simd_portable_load_block_a1_2c(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice * input,size_t start)4075 static inline void libcrux_sha3_simd_portable_load_block_a1_2c(
4076 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input,
4077 size_t start) {
4078 libcrux_sha3_simd_portable_load_block_2c(self->st, input[0U], start);
4079 }
4080
4081 /**
4082 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T,
4083 N>[TraitClause@0, TraitClause@1]}
4084 */
4085 /**
4086 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block_80
4087 with types uint64_t
4088 with const generics
4089 - N= 1
4090 - RATE= 144
4091 */
libcrux_sha3_generic_keccak_absorb_block_80_c61(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice * blocks,size_t start)4092 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_80_c61(
4093 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *blocks,
4094 size_t start) {
4095 libcrux_sha3_simd_portable_load_block_a1_2c(self, blocks, start);
4096 libcrux_sha3_generic_keccak_keccakf1600_80_04(self);
4097 }
4098
4099 /**
4100 A monomorphic instance of libcrux_sha3.simd.portable.load_last
4101 with const generics
4102 - RATE= 144
4103 - DELIMITER= 6
4104 */
libcrux_sha3_simd_portable_load_last_1e(uint64_t * state,Eurydice_slice blocks,size_t start,size_t len)4105 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_last_1e(
4106 uint64_t *state, Eurydice_slice blocks, size_t start, size_t len) {
4107 uint8_t buffer[144U] = {0U};
4108 Eurydice_slice_copy(
4109 Eurydice_array_to_subslice3(buffer, (size_t)0U, len, uint8_t *),
4110 Eurydice_slice_subslice3(blocks, start, start + len, uint8_t *), uint8_t);
4111 buffer[len] = 6U;
4112 size_t uu____0 = (size_t)144U - (size_t)1U;
4113 buffer[uu____0] = (uint32_t)buffer[uu____0] | 128U;
4114 libcrux_sha3_simd_portable_load_block_2c(
4115 state, Eurydice_array_to_slice((size_t)144U, buffer, uint8_t),
4116 (size_t)0U);
4117 }
4118
4119 /**
4120 This function found in impl {libcrux_sha3::traits::Absorb<1usize> for
4121 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>,
4122 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for
4123 u64}]}
4124 */
4125 /**
4126 A monomorphic instance of libcrux_sha3.simd.portable.load_last_a1
4127 with const generics
4128 - RATE= 144
4129 - DELIMITER= 6
4130 */
libcrux_sha3_simd_portable_load_last_a1_1e(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice * input,size_t start,size_t len)4131 static inline void libcrux_sha3_simd_portable_load_last_a1_1e(
4132 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input,
4133 size_t start, size_t len) {
4134 libcrux_sha3_simd_portable_load_last_1e(self->st, input[0U], start, len);
4135 }
4136
4137 /**
4138 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T,
4139 N>[TraitClause@0, TraitClause@1]}
4140 */
4141 /**
4142 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_80
4143 with types uint64_t
4144 with const generics
4145 - N= 1
4146 - RATE= 144
4147 - DELIM= 6
4148 */
libcrux_sha3_generic_keccak_absorb_final_80_9e3(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice * last,size_t start,size_t len)4149 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80_9e3(
4150 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *last,
4151 size_t start, size_t len) {
4152 libcrux_sha3_simd_portable_load_last_a1_1e(self, last, start, len);
4153 libcrux_sha3_generic_keccak_keccakf1600_80_04(self);
4154 }
4155
4156 /**
4157 A monomorphic instance of libcrux_sha3.simd.portable.store_block
4158 with const generics
4159 - RATE= 144
4160 */
libcrux_sha3_simd_portable_store_block_2c(uint64_t * s,Eurydice_slice out,size_t start,size_t len)4161 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_store_block_2c(
4162 uint64_t *s, Eurydice_slice out, size_t start, size_t len) {
4163 size_t octets = len / (size_t)8U;
4164 for (size_t i = (size_t)0U; i < octets; i++) {
4165 size_t i0 = i;
4166 Eurydice_slice uu____0 = Eurydice_slice_subslice3(
4167 out, start + (size_t)8U * i0, start + (size_t)8U * i0 + (size_t)8U,
4168 uint8_t *);
4169 uint8_t ret[8U];
4170 core_num__u64__to_le_bytes(
4171 libcrux_sha3_traits_get_ij_04(s, i0 / (size_t)5U, i0 % (size_t)5U)[0U],
4172 ret);
4173 Eurydice_slice_copy(
4174 uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
4175 }
4176 size_t remaining = len % (size_t)8U;
4177 if (remaining > (size_t)0U) {
4178 Eurydice_slice uu____1 = Eurydice_slice_subslice3(
4179 out, start + len - remaining, start + len, uint8_t *);
4180 uint8_t ret[8U];
4181 core_num__u64__to_le_bytes(
4182 libcrux_sha3_traits_get_ij_04(s, octets / (size_t)5U,
4183 octets % (size_t)5U)[0U],
4184 ret);
4185 Eurydice_slice_copy(
4186 uu____1,
4187 Eurydice_array_to_subslice3(ret, (size_t)0U, remaining, uint8_t *),
4188 uint8_t);
4189 }
4190 }
4191
4192 /**
4193 This function found in impl {libcrux_sha3::traits::Squeeze1<u64> for
4194 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>,
4195 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for
4196 u64}]}
4197 */
4198 /**
4199 A monomorphic instance of libcrux_sha3.simd.portable.squeeze_13
4200 with const generics
4201 - RATE= 144
4202 */
libcrux_sha3_simd_portable_squeeze_13_2c(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice out,size_t start,size_t len)4203 static inline void libcrux_sha3_simd_portable_squeeze_13_2c(
4204 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out,
4205 size_t start, size_t len) {
4206 libcrux_sha3_simd_portable_store_block_2c(self->st, out, start, len);
4207 }
4208
4209 /**
4210 A monomorphic instance of libcrux_sha3.generic_keccak.portable.keccak1
4211 with const generics
4212 - RATE= 144
4213 - DELIM= 6
4214 */
libcrux_sha3_generic_keccak_portable_keccak1_1e(Eurydice_slice data,Eurydice_slice out)4215 static inline void libcrux_sha3_generic_keccak_portable_keccak1_1e(
4216 Eurydice_slice data, Eurydice_slice out) {
4217 libcrux_sha3_generic_keccak_KeccakState_17 s =
4218 libcrux_sha3_generic_keccak_new_80_04();
4219 size_t data_len = Eurydice_slice_len(data, uint8_t);
4220 for (size_t i = (size_t)0U; i < data_len / (size_t)144U; i++) {
4221 size_t i0 = i;
4222 Eurydice_slice buf[1U] = {data};
4223 libcrux_sha3_generic_keccak_absorb_block_80_c61(&s, buf, i0 * (size_t)144U);
4224 }
4225 size_t rem = data_len % (size_t)144U;
4226 Eurydice_slice buf[1U] = {data};
4227 libcrux_sha3_generic_keccak_absorb_final_80_9e3(&s, buf, data_len - rem, rem);
4228 size_t outlen = Eurydice_slice_len(out, uint8_t);
4229 size_t blocks = outlen / (size_t)144U;
4230 size_t last = outlen - outlen % (size_t)144U;
4231 if (blocks == (size_t)0U) {
4232 libcrux_sha3_simd_portable_squeeze_13_2c(&s, out, (size_t)0U, outlen);
4233 } else {
4234 libcrux_sha3_simd_portable_squeeze_13_2c(&s, out, (size_t)0U, (size_t)144U);
4235 for (size_t i = (size_t)1U; i < blocks; i++) {
4236 size_t i0 = i;
4237 libcrux_sha3_generic_keccak_keccakf1600_80_04(&s);
4238 libcrux_sha3_simd_portable_squeeze_13_2c(&s, out, i0 * (size_t)144U,
4239 (size_t)144U);
4240 }
4241 if (last < outlen) {
4242 libcrux_sha3_generic_keccak_keccakf1600_80_04(&s);
4243 libcrux_sha3_simd_portable_squeeze_13_2c(&s, out, last, outlen - last);
4244 }
4245 }
4246 }
4247
4248 /**
4249 A portable SHA3 224 implementation.
4250 */
libcrux_sha3_portable_sha224(Eurydice_slice digest,Eurydice_slice data)4251 static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest,
4252 Eurydice_slice data) {
4253 libcrux_sha3_generic_keccak_portable_keccak1_1e(data, digest);
4254 }
4255
4256 /**
4257 A monomorphic instance of libcrux_sha3.simd.portable.load_block
4258 with const generics
4259 - RATE= 104
4260 */
libcrux_sha3_simd_portable_load_block_7a(uint64_t * state,Eurydice_slice blocks,size_t start)4261 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_block_7a(
4262 uint64_t *state, Eurydice_slice blocks, size_t start) {
4263 uint64_t state_flat[25U] = {0U};
4264 for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) {
4265 size_t i0 = i;
4266 size_t offset = start + (size_t)8U * i0;
4267 uint8_t uu____0[8U];
4268 Result_15 dst;
4269 Eurydice_slice_to_array2(
4270 &dst,
4271 Eurydice_slice_subslice3(blocks, offset, offset + (size_t)8U,
4272 uint8_t *),
4273 Eurydice_slice, uint8_t[8U], TryFromSliceError);
4274 unwrap_26_68(dst, uu____0);
4275 state_flat[i0] = core_num__u64__from_le_bytes(uu____0);
4276 }
4277 for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) {
4278 size_t i0 = i;
4279 libcrux_sha3_traits_set_ij_04(
4280 state, i0 / (size_t)5U, i0 % (size_t)5U,
4281 libcrux_sha3_traits_get_ij_04(state, i0 / (size_t)5U,
4282 i0 % (size_t)5U)[0U] ^
4283 state_flat[i0]);
4284 }
4285 }
4286
4287 /**
4288 This function found in impl {libcrux_sha3::traits::Absorb<1usize> for
4289 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>,
4290 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for
4291 u64}]}
4292 */
4293 /**
4294 A monomorphic instance of libcrux_sha3.simd.portable.load_block_a1
4295 with const generics
4296 - RATE= 104
4297 */
libcrux_sha3_simd_portable_load_block_a1_7a(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice * input,size_t start)4298 static inline void libcrux_sha3_simd_portable_load_block_a1_7a(
4299 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input,
4300 size_t start) {
4301 libcrux_sha3_simd_portable_load_block_7a(self->st, input[0U], start);
4302 }
4303
4304 /**
4305 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T,
4306 N>[TraitClause@0, TraitClause@1]}
4307 */
4308 /**
4309 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block_80
4310 with types uint64_t
4311 with const generics
4312 - N= 1
4313 - RATE= 104
4314 */
libcrux_sha3_generic_keccak_absorb_block_80_c62(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice * blocks,size_t start)4315 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_80_c62(
4316 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *blocks,
4317 size_t start) {
4318 libcrux_sha3_simd_portable_load_block_a1_7a(self, blocks, start);
4319 libcrux_sha3_generic_keccak_keccakf1600_80_04(self);
4320 }
4321
4322 /**
4323 A monomorphic instance of libcrux_sha3.simd.portable.load_last
4324 with const generics
4325 - RATE= 104
4326 - DELIMITER= 6
4327 */
libcrux_sha3_simd_portable_load_last_7c(uint64_t * state,Eurydice_slice blocks,size_t start,size_t len)4328 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_last_7c(
4329 uint64_t *state, Eurydice_slice blocks, size_t start, size_t len) {
4330 uint8_t buffer[104U] = {0U};
4331 Eurydice_slice_copy(
4332 Eurydice_array_to_subslice3(buffer, (size_t)0U, len, uint8_t *),
4333 Eurydice_slice_subslice3(blocks, start, start + len, uint8_t *), uint8_t);
4334 buffer[len] = 6U;
4335 size_t uu____0 = (size_t)104U - (size_t)1U;
4336 buffer[uu____0] = (uint32_t)buffer[uu____0] | 128U;
4337 libcrux_sha3_simd_portable_load_block_7a(
4338 state, Eurydice_array_to_slice((size_t)104U, buffer, uint8_t),
4339 (size_t)0U);
4340 }
4341
4342 /**
4343 This function found in impl {libcrux_sha3::traits::Absorb<1usize> for
4344 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>,
4345 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for
4346 u64}]}
4347 */
4348 /**
4349 A monomorphic instance of libcrux_sha3.simd.portable.load_last_a1
4350 with const generics
4351 - RATE= 104
4352 - DELIMITER= 6
4353 */
libcrux_sha3_simd_portable_load_last_a1_7c(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice * input,size_t start,size_t len)4354 static inline void libcrux_sha3_simd_portable_load_last_a1_7c(
4355 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input,
4356 size_t start, size_t len) {
4357 libcrux_sha3_simd_portable_load_last_7c(self->st, input[0U], start, len);
4358 }
4359
4360 /**
4361 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T,
4362 N>[TraitClause@0, TraitClause@1]}
4363 */
4364 /**
4365 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_80
4366 with types uint64_t
4367 with const generics
4368 - N= 1
4369 - RATE= 104
4370 - DELIM= 6
4371 */
libcrux_sha3_generic_keccak_absorb_final_80_9e4(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice * last,size_t start,size_t len)4372 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80_9e4(
4373 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *last,
4374 size_t start, size_t len) {
4375 libcrux_sha3_simd_portable_load_last_a1_7c(self, last, start, len);
4376 libcrux_sha3_generic_keccak_keccakf1600_80_04(self);
4377 }
4378
4379 /**
4380 A monomorphic instance of libcrux_sha3.simd.portable.store_block
4381 with const generics
4382 - RATE= 104
4383 */
libcrux_sha3_simd_portable_store_block_7a(uint64_t * s,Eurydice_slice out,size_t start,size_t len)4384 static KRML_MUSTINLINE void libcrux_sha3_simd_portable_store_block_7a(
4385 uint64_t *s, Eurydice_slice out, size_t start, size_t len) {
4386 size_t octets = len / (size_t)8U;
4387 for (size_t i = (size_t)0U; i < octets; i++) {
4388 size_t i0 = i;
4389 Eurydice_slice uu____0 = Eurydice_slice_subslice3(
4390 out, start + (size_t)8U * i0, start + (size_t)8U * i0 + (size_t)8U,
4391 uint8_t *);
4392 uint8_t ret[8U];
4393 core_num__u64__to_le_bytes(
4394 libcrux_sha3_traits_get_ij_04(s, i0 / (size_t)5U, i0 % (size_t)5U)[0U],
4395 ret);
4396 Eurydice_slice_copy(
4397 uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t);
4398 }
4399 size_t remaining = len % (size_t)8U;
4400 if (remaining > (size_t)0U) {
4401 Eurydice_slice uu____1 = Eurydice_slice_subslice3(
4402 out, start + len - remaining, start + len, uint8_t *);
4403 uint8_t ret[8U];
4404 core_num__u64__to_le_bytes(
4405 libcrux_sha3_traits_get_ij_04(s, octets / (size_t)5U,
4406 octets % (size_t)5U)[0U],
4407 ret);
4408 Eurydice_slice_copy(
4409 uu____1,
4410 Eurydice_array_to_subslice3(ret, (size_t)0U, remaining, uint8_t *),
4411 uint8_t);
4412 }
4413 }
4414
4415 /**
4416 This function found in impl {libcrux_sha3::traits::Squeeze1<u64> for
4417 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>,
4418 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for
4419 u64}]}
4420 */
4421 /**
4422 A monomorphic instance of libcrux_sha3.simd.portable.squeeze_13
4423 with const generics
4424 - RATE= 104
4425 */
libcrux_sha3_simd_portable_squeeze_13_7a(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice out,size_t start,size_t len)4426 static inline void libcrux_sha3_simd_portable_squeeze_13_7a(
4427 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out,
4428 size_t start, size_t len) {
4429 libcrux_sha3_simd_portable_store_block_7a(self->st, out, start, len);
4430 }
4431
4432 /**
4433 A monomorphic instance of libcrux_sha3.generic_keccak.portable.keccak1
4434 with const generics
4435 - RATE= 104
4436 - DELIM= 6
4437 */
libcrux_sha3_generic_keccak_portable_keccak1_7c(Eurydice_slice data,Eurydice_slice out)4438 static inline void libcrux_sha3_generic_keccak_portable_keccak1_7c(
4439 Eurydice_slice data, Eurydice_slice out) {
4440 libcrux_sha3_generic_keccak_KeccakState_17 s =
4441 libcrux_sha3_generic_keccak_new_80_04();
4442 size_t data_len = Eurydice_slice_len(data, uint8_t);
4443 for (size_t i = (size_t)0U; i < data_len / (size_t)104U; i++) {
4444 size_t i0 = i;
4445 Eurydice_slice buf[1U] = {data};
4446 libcrux_sha3_generic_keccak_absorb_block_80_c62(&s, buf, i0 * (size_t)104U);
4447 }
4448 size_t rem = data_len % (size_t)104U;
4449 Eurydice_slice buf[1U] = {data};
4450 libcrux_sha3_generic_keccak_absorb_final_80_9e4(&s, buf, data_len - rem, rem);
4451 size_t outlen = Eurydice_slice_len(out, uint8_t);
4452 size_t blocks = outlen / (size_t)104U;
4453 size_t last = outlen - outlen % (size_t)104U;
4454 if (blocks == (size_t)0U) {
4455 libcrux_sha3_simd_portable_squeeze_13_7a(&s, out, (size_t)0U, outlen);
4456 } else {
4457 libcrux_sha3_simd_portable_squeeze_13_7a(&s, out, (size_t)0U, (size_t)104U);
4458 for (size_t i = (size_t)1U; i < blocks; i++) {
4459 size_t i0 = i;
4460 libcrux_sha3_generic_keccak_keccakf1600_80_04(&s);
4461 libcrux_sha3_simd_portable_squeeze_13_7a(&s, out, i0 * (size_t)104U,
4462 (size_t)104U);
4463 }
4464 if (last < outlen) {
4465 libcrux_sha3_generic_keccak_keccakf1600_80_04(&s);
4466 libcrux_sha3_simd_portable_squeeze_13_7a(&s, out, last, outlen - last);
4467 }
4468 }
4469 }
4470
4471 /**
4472 A portable SHA3 384 implementation.
4473 */
libcrux_sha3_portable_sha384(Eurydice_slice digest,Eurydice_slice data)4474 static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest,
4475 Eurydice_slice data) {
4476 libcrux_sha3_generic_keccak_portable_keccak1_7c(data, digest);
4477 }
4478
4479 /**
4480 SHA3 224
4481
4482 Preconditions:
4483 - `digest.len() == 28`
4484 */
libcrux_sha3_sha224_ema(Eurydice_slice digest,Eurydice_slice payload)4485 static inline void libcrux_sha3_sha224_ema(Eurydice_slice digest,
4486 Eurydice_slice payload) {
4487 libcrux_sha3_portable_sha224(digest, payload);
4488 }
4489
4490 /**
4491 SHA3 224
4492 */
libcrux_sha3_sha224(Eurydice_slice data,uint8_t ret[28U])4493 static inline void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) {
4494 uint8_t out[28U] = {0U};
4495 libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t),
4496 data);
4497 memcpy(ret, out, (size_t)28U * sizeof(uint8_t));
4498 }
4499
4500 /**
4501 SHA3 256
4502 */
libcrux_sha3_sha256_ema(Eurydice_slice digest,Eurydice_slice payload)4503 static inline void libcrux_sha3_sha256_ema(Eurydice_slice digest,
4504 Eurydice_slice payload) {
4505 libcrux_sha3_portable_sha256(digest, payload);
4506 }
4507
4508 /**
4509 SHA3 256
4510 */
libcrux_sha3_sha256(Eurydice_slice data,uint8_t ret[32U])4511 static inline void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) {
4512 uint8_t out[32U] = {0U};
4513 libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
4514 data);
4515 memcpy(ret, out, (size_t)32U * sizeof(uint8_t));
4516 }
4517
4518 /**
4519 SHA3 384
4520 */
libcrux_sha3_sha384_ema(Eurydice_slice digest,Eurydice_slice payload)4521 static inline void libcrux_sha3_sha384_ema(Eurydice_slice digest,
4522 Eurydice_slice payload) {
4523 libcrux_sha3_portable_sha384(digest, payload);
4524 }
4525
4526 /**
4527 SHA3 384
4528 */
libcrux_sha3_sha384(Eurydice_slice data,uint8_t ret[48U])4529 static inline void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) {
4530 uint8_t out[48U] = {0U};
4531 libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t),
4532 data);
4533 memcpy(ret, out, (size_t)48U * sizeof(uint8_t));
4534 }
4535
4536 /**
4537 SHA3 512
4538 */
libcrux_sha3_sha512_ema(Eurydice_slice digest,Eurydice_slice payload)4539 static inline void libcrux_sha3_sha512_ema(Eurydice_slice digest,
4540 Eurydice_slice payload) {
4541 libcrux_sha3_portable_sha512(digest, payload);
4542 }
4543
4544 /**
4545 SHA3 512
4546 */
libcrux_sha3_sha512(Eurydice_slice data,uint8_t ret[64U])4547 static inline void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) {
4548 uint8_t out[64U] = {0U};
4549 libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t),
4550 data);
4551 memcpy(ret, out, (size_t)64U * sizeof(uint8_t));
4552 }
4553
4554 /**
4555 This function found in impl {libcrux_sha3::traits::Absorb<1usize> for
4556 libcrux_sha3::generic_keccak::KeccakState<u64, 1usize>[core::marker::Sized<u64>,
4557 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for
4558 u64}]}
4559 */
4560 /**
4561 A monomorphic instance of libcrux_sha3.simd.portable.load_block_a1
4562 with const generics
4563 - RATE= 168
4564 */
libcrux_sha3_simd_portable_load_block_a1_3a(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice * input,size_t start)4565 static inline void libcrux_sha3_simd_portable_load_block_a1_3a(
4566 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input,
4567 size_t start) {
4568 libcrux_sha3_simd_portable_load_block_3a(self->st, input[0U], start);
4569 }
4570
4571 /**
4572 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<T,
4573 N>[TraitClause@0, TraitClause@1]}
4574 */
4575 /**
4576 A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block_80
4577 with types uint64_t
4578 with const generics
4579 - N= 1
4580 - RATE= 168
4581 */
libcrux_sha3_generic_keccak_absorb_block_80_c63(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice * blocks,size_t start)4582 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_80_c63(
4583 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *blocks,
4584 size_t start) {
4585 libcrux_sha3_simd_portable_load_block_a1_3a(self, blocks, start);
4586 libcrux_sha3_generic_keccak_keccakf1600_80_04(self);
4587 }
4588
4589 /**
4590 A monomorphic instance of libcrux_sha3.generic_keccak.portable.keccak1
4591 with const generics
4592 - RATE= 168
4593 - DELIM= 31
4594 */
libcrux_sha3_generic_keccak_portable_keccak1_c6(Eurydice_slice data,Eurydice_slice out)4595 static inline void libcrux_sha3_generic_keccak_portable_keccak1_c6(
4596 Eurydice_slice data, Eurydice_slice out) {
4597 libcrux_sha3_generic_keccak_KeccakState_17 s =
4598 libcrux_sha3_generic_keccak_new_80_04();
4599 size_t data_len = Eurydice_slice_len(data, uint8_t);
4600 for (size_t i = (size_t)0U; i < data_len / (size_t)168U; i++) {
4601 size_t i0 = i;
4602 Eurydice_slice buf[1U] = {data};
4603 libcrux_sha3_generic_keccak_absorb_block_80_c63(&s, buf, i0 * (size_t)168U);
4604 }
4605 size_t rem = data_len % (size_t)168U;
4606 Eurydice_slice buf[1U] = {data};
4607 libcrux_sha3_generic_keccak_absorb_final_80_9e2(&s, buf, data_len - rem, rem);
4608 size_t outlen = Eurydice_slice_len(out, uint8_t);
4609 size_t blocks = outlen / (size_t)168U;
4610 size_t last = outlen - outlen % (size_t)168U;
4611 if (blocks == (size_t)0U) {
4612 libcrux_sha3_simd_portable_squeeze_13_3a(&s, out, (size_t)0U, outlen);
4613 } else {
4614 libcrux_sha3_simd_portable_squeeze_13_3a(&s, out, (size_t)0U, (size_t)168U);
4615 for (size_t i = (size_t)1U; i < blocks; i++) {
4616 size_t i0 = i;
4617 libcrux_sha3_generic_keccak_keccakf1600_80_04(&s);
4618 libcrux_sha3_simd_portable_squeeze_13_3a(&s, out, i0 * (size_t)168U,
4619 (size_t)168U);
4620 }
4621 if (last < outlen) {
4622 libcrux_sha3_generic_keccak_keccakf1600_80_04(&s);
4623 libcrux_sha3_simd_portable_squeeze_13_3a(&s, out, last, outlen - last);
4624 }
4625 }
4626 }
4627
4628 /**
4629 A portable SHAKE128 implementation.
4630 */
libcrux_sha3_portable_shake128(Eurydice_slice digest,Eurydice_slice data)4631 static KRML_MUSTINLINE void libcrux_sha3_portable_shake128(
4632 Eurydice_slice digest, Eurydice_slice data) {
4633 libcrux_sha3_generic_keccak_portable_keccak1_c6(data, digest);
4634 }
4635
4636 /**
4637 SHAKE 128
4638
4639 Writes `out.len()` bytes.
4640 */
libcrux_sha3_shake128_ema(Eurydice_slice out,Eurydice_slice data)4641 static inline void libcrux_sha3_shake128_ema(Eurydice_slice out,
4642 Eurydice_slice data) {
4643 libcrux_sha3_portable_shake128(out, data);
4644 }
4645
4646 /**
4647 SHAKE 256
4648
4649 Writes `out.len()` bytes.
4650 */
libcrux_sha3_shake256_ema(Eurydice_slice out,Eurydice_slice data)4651 static inline void libcrux_sha3_shake256_ema(Eurydice_slice out,
4652 Eurydice_slice data) {
4653 libcrux_sha3_portable_shake256(out, data);
4654 }
4655
4656 /**
4657 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<u64,
4658 1usize>[core::marker::Sized<u64>,
4659 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for
4660 u64}]}
4661 */
4662 /**
4663 A monomorphic instance of
4664 libcrux_sha3.generic_keccak.portable.squeeze_first_five_blocks_b4 with const
4665 generics
4666 - RATE= 168
4667 */
4668 static KRML_MUSTINLINE void
libcrux_sha3_generic_keccak_portable_squeeze_first_five_blocks_b4_3a(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice out)4669 libcrux_sha3_generic_keccak_portable_squeeze_first_five_blocks_b4_3a(
4670 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out) {
4671 libcrux_sha3_simd_portable_squeeze_13_3a(self, out, (size_t)0U, (size_t)168U);
4672 libcrux_sha3_generic_keccak_keccakf1600_80_04(self);
4673 libcrux_sha3_simd_portable_squeeze_13_3a(self, out, (size_t)168U,
4674 (size_t)168U);
4675 libcrux_sha3_generic_keccak_keccakf1600_80_04(self);
4676 libcrux_sha3_simd_portable_squeeze_13_3a(self, out, (size_t)2U * (size_t)168U,
4677 (size_t)168U);
4678 libcrux_sha3_generic_keccak_keccakf1600_80_04(self);
4679 libcrux_sha3_simd_portable_squeeze_13_3a(self, out, (size_t)3U * (size_t)168U,
4680 (size_t)168U);
4681 libcrux_sha3_generic_keccak_keccakf1600_80_04(self);
4682 libcrux_sha3_simd_portable_squeeze_13_3a(self, out, (size_t)4U * (size_t)168U,
4683 (size_t)168U);
4684 }
4685
4686 /**
4687 Squeeze five blocks
4688 */
4689 static KRML_MUSTINLINE void
libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks(libcrux_sha3_generic_keccak_KeccakState_17 * s,Eurydice_slice out0)4690 libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks(
4691 libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out0) {
4692 libcrux_sha3_generic_keccak_portable_squeeze_first_five_blocks_b4_3a(s, out0);
4693 }
4694
4695 /**
4696 Absorb some data for SHAKE-256 for the last time
4697 */
4698 static KRML_MUSTINLINE void
libcrux_sha3_portable_incremental_shake256_absorb_final(libcrux_sha3_generic_keccak_KeccakState_17 * s,Eurydice_slice data)4699 libcrux_sha3_portable_incremental_shake256_absorb_final(
4700 libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice data) {
4701 libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = s;
4702 Eurydice_slice uu____1[1U] = {data};
4703 libcrux_sha3_generic_keccak_absorb_final_80_9e1(
4704 uu____0, uu____1, (size_t)0U, Eurydice_slice_len(data, uint8_t));
4705 }
4706
4707 /**
4708 Create a new SHAKE-256 state object.
4709 */
4710 static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_17
libcrux_sha3_portable_incremental_shake256_init(void)4711 libcrux_sha3_portable_incremental_shake256_init(void) {
4712 return libcrux_sha3_generic_keccak_new_80_04();
4713 }
4714
4715 /**
4716 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<u64,
4717 1usize>[core::marker::Sized<u64>,
4718 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for
4719 u64}]}
4720 */
4721 /**
4722 A monomorphic instance of
4723 libcrux_sha3.generic_keccak.portable.squeeze_first_block_b4 with const generics
4724 - RATE= 136
4725 */
4726 static KRML_MUSTINLINE void
libcrux_sha3_generic_keccak_portable_squeeze_first_block_b4_5b(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice out)4727 libcrux_sha3_generic_keccak_portable_squeeze_first_block_b4_5b(
4728 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out) {
4729 libcrux_sha3_simd_portable_squeeze_13_5b(self, out, (size_t)0U, (size_t)136U);
4730 }
4731
4732 /**
4733 Squeeze the first SHAKE-256 block
4734 */
4735 static KRML_MUSTINLINE void
libcrux_sha3_portable_incremental_shake256_squeeze_first_block(libcrux_sha3_generic_keccak_KeccakState_17 * s,Eurydice_slice out)4736 libcrux_sha3_portable_incremental_shake256_squeeze_first_block(
4737 libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out) {
4738 libcrux_sha3_generic_keccak_portable_squeeze_first_block_b4_5b(s, out);
4739 }
4740
4741 /**
4742 This function found in impl {libcrux_sha3::generic_keccak::KeccakState<u64,
4743 1usize>[core::marker::Sized<u64>,
4744 libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for
4745 u64}]}
4746 */
4747 /**
4748 A monomorphic instance of
4749 libcrux_sha3.generic_keccak.portable.squeeze_next_block_b4 with const generics
4750 - RATE= 136
4751 */
4752 static KRML_MUSTINLINE void
libcrux_sha3_generic_keccak_portable_squeeze_next_block_b4_5b(libcrux_sha3_generic_keccak_KeccakState_17 * self,Eurydice_slice out,size_t start)4753 libcrux_sha3_generic_keccak_portable_squeeze_next_block_b4_5b(
4754 libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out,
4755 size_t start) {
4756 libcrux_sha3_generic_keccak_keccakf1600_80_04(self);
4757 libcrux_sha3_simd_portable_squeeze_13_5b(self, out, start, (size_t)136U);
4758 }
4759
4760 /**
4761 Squeeze the next SHAKE-256 block
4762 */
4763 static KRML_MUSTINLINE void
libcrux_sha3_portable_incremental_shake256_squeeze_next_block(libcrux_sha3_generic_keccak_KeccakState_17 * s,Eurydice_slice out)4764 libcrux_sha3_portable_incremental_shake256_squeeze_next_block(
4765 libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out) {
4766 libcrux_sha3_generic_keccak_portable_squeeze_next_block_b4_5b(s, out,
4767 (size_t)0U);
4768 }
4769
4770 /**
4771 A monomorphic instance of libcrux_sha3.generic_keccak.xof.KeccakXofState
4772 with types uint64_t
4773 with const generics
4774 - $1size_t
4775 - $136size_t
4776 */
4777 typedef struct libcrux_sha3_generic_keccak_xof_KeccakXofState_e2_s {
4778 libcrux_sha3_generic_keccak_KeccakState_17 inner;
4779 uint8_t buf[1U][136U];
4780 size_t buf_len;
4781 bool sponge;
4782 } libcrux_sha3_generic_keccak_xof_KeccakXofState_e2;
4783
4784 typedef libcrux_sha3_generic_keccak_xof_KeccakXofState_e2
4785 libcrux_sha3_portable_incremental_Shake256Xof;
4786
4787 /**
4788 This function found in impl
4789 {libcrux_sha3::generic_keccak::xof::KeccakXofState<STATE, PARALLEL_LANES,
4790 RATE>[TraitClause@0, TraitClause@1]}
4791 */
4792 /**
4793 A monomorphic instance of libcrux_sha3.generic_keccak.xof.fill_buffer_35
4794 with types uint64_t
4795 with const generics
4796 - PARALLEL_LANES= 1
4797 - RATE= 136
4798 */
libcrux_sha3_generic_keccak_xof_fill_buffer_35_c6(libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 * self,Eurydice_slice * inputs)4799 static inline size_t libcrux_sha3_generic_keccak_xof_fill_buffer_35_c6(
4800 libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 *self,
4801 Eurydice_slice *inputs) {
4802 size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
4803 size_t consumed = (size_t)0U;
4804 if (self->buf_len > (size_t)0U) {
4805 if (self->buf_len + input_len >= (size_t)136U) {
4806 consumed = (size_t)136U - self->buf_len;
4807 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
4808 size_t i0 = i;
4809 Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
4810 (size_t)136U, self->buf[i0], self->buf_len, uint8_t, size_t,
4811 uint8_t[]);
4812 Eurydice_slice_copy(
4813 uu____0,
4814 Eurydice_slice_subslice_to(inputs[i0], consumed, uint8_t, size_t,
4815 uint8_t[]),
4816 uint8_t);
4817 }
4818 self->buf_len = self->buf_len + consumed;
4819 }
4820 }
4821 return consumed;
4822 }
4823
4824 /**
4825 This function found in impl
4826 {libcrux_sha3::generic_keccak::xof::KeccakXofState<STATE, PARALLEL_LANES,
4827 RATE>[TraitClause@0, TraitClause@1]}
4828 */
4829 /**
4830 A monomorphic instance of libcrux_sha3.generic_keccak.xof.absorb_full_35
4831 with types uint64_t
4832 with const generics
4833 - PARALLEL_LANES= 1
4834 - RATE= 136
4835 */
libcrux_sha3_generic_keccak_xof_absorb_full_35_c6(libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 * self,Eurydice_slice * inputs)4836 static inline size_t libcrux_sha3_generic_keccak_xof_absorb_full_35_c6(
4837 libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 *self,
4838 Eurydice_slice *inputs) {
4839 size_t input_consumed =
4840 libcrux_sha3_generic_keccak_xof_fill_buffer_35_c6(self, inputs);
4841 if (input_consumed > (size_t)0U) {
4842 Eurydice_slice borrowed[1U];
4843 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
4844 uint8_t buf[136U] = {0U};
4845 borrowed[i] = core_array___Array_T__N___as_slice((size_t)136U, buf,
4846 uint8_t, Eurydice_slice);
4847 }
4848 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
4849 size_t i0 = i;
4850 borrowed[i0] =
4851 Eurydice_array_to_slice((size_t)136U, self->buf[i0], uint8_t);
4852 }
4853 libcrux_sha3_simd_portable_load_block_a1_5b(&self->inner, borrowed,
4854 (size_t)0U);
4855 libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner);
4856 self->buf_len = (size_t)0U;
4857 }
4858 size_t input_to_consume =
4859 Eurydice_slice_len(inputs[0U], uint8_t) - input_consumed;
4860 size_t num_blocks = input_to_consume / (size_t)136U;
4861 size_t remainder = input_to_consume % (size_t)136U;
4862 for (size_t i = (size_t)0U; i < num_blocks; i++) {
4863 size_t i0 = i;
4864 libcrux_sha3_simd_portable_load_block_a1_5b(
4865 &self->inner, inputs, input_consumed + i0 * (size_t)136U);
4866 libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner);
4867 }
4868 return remainder;
4869 }
4870
4871 /**
4872 This function found in impl
4873 {libcrux_sha3::generic_keccak::xof::KeccakXofState<STATE, PARALLEL_LANES,
4874 RATE>[TraitClause@0, TraitClause@1]}
4875 */
4876 /**
4877 A monomorphic instance of libcrux_sha3.generic_keccak.xof.absorb_35
4878 with types uint64_t
4879 with const generics
4880 - PARALLEL_LANES= 1
4881 - RATE= 136
4882 */
libcrux_sha3_generic_keccak_xof_absorb_35_c6(libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 * self,Eurydice_slice * inputs)4883 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_xof_absorb_35_c6(
4884 libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 *self,
4885 Eurydice_slice *inputs) {
4886 size_t input_remainder_len =
4887 libcrux_sha3_generic_keccak_xof_absorb_full_35_c6(self, inputs);
4888 if (input_remainder_len > (size_t)0U) {
4889 size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
4890 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
4891 size_t i0 = i;
4892 Eurydice_slice_copy(Eurydice_array_to_subslice3(
4893 self->buf[i0], self->buf_len,
4894 self->buf_len + input_remainder_len, uint8_t *),
4895 Eurydice_slice_subslice_from(
4896 inputs[i0], input_len - input_remainder_len,
4897 uint8_t, size_t, uint8_t[]),
4898 uint8_t);
4899 }
4900 self->buf_len = self->buf_len + input_remainder_len;
4901 }
4902 }
4903
4904 /**
4905 Shake256 absorb
4906 */
4907 /**
4908 This function found in impl {libcrux_sha3::portable::incremental::Xof<136usize>
4909 for libcrux_sha3::portable::incremental::Shake256Xof}
4910 */
libcrux_sha3_portable_incremental_absorb_42(libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 * self,Eurydice_slice input)4911 static inline void libcrux_sha3_portable_incremental_absorb_42(
4912 libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 *self,
4913 Eurydice_slice input) {
4914 Eurydice_slice buf[1U] = {input};
4915 libcrux_sha3_generic_keccak_xof_absorb_35_c6(self, buf);
4916 }
4917
4918 /**
4919 This function found in impl
4920 {libcrux_sha3::generic_keccak::xof::KeccakXofState<STATE, PARALLEL_LANES,
4921 RATE>[TraitClause@0, TraitClause@1]}
4922 */
4923 /**
4924 A monomorphic instance of libcrux_sha3.generic_keccak.xof.absorb_final_35
4925 with types uint64_t
4926 with const generics
4927 - PARALLEL_LANES= 1
4928 - RATE= 136
4929 - DELIMITER= 31
4930 */
libcrux_sha3_generic_keccak_xof_absorb_final_35_9e(libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 * self,Eurydice_slice * inputs)4931 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_xof_absorb_final_35_9e(
4932 libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 *self,
4933 Eurydice_slice *inputs) {
4934 libcrux_sha3_generic_keccak_xof_absorb_35_c6(self, inputs);
4935 Eurydice_slice borrowed[1U];
4936 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
4937 uint8_t buf[136U] = {0U};
4938 borrowed[i] = core_array___Array_T__N___as_slice((size_t)136U, buf, uint8_t,
4939 Eurydice_slice);
4940 }
4941 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
4942 size_t i0 = i;
4943 borrowed[i0] =
4944 Eurydice_array_to_slice((size_t)136U, self->buf[i0], uint8_t);
4945 }
4946 libcrux_sha3_simd_portable_load_last_a1_ad0(&self->inner, borrowed,
4947 (size_t)0U, self->buf_len);
4948 libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner);
4949 }
4950
4951 /**
4952 Shake256 absorb final
4953 */
4954 /**
4955 This function found in impl {libcrux_sha3::portable::incremental::Xof<136usize>
4956 for libcrux_sha3::portable::incremental::Shake256Xof}
4957 */
libcrux_sha3_portable_incremental_absorb_final_42(libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 * self,Eurydice_slice input)4958 static inline void libcrux_sha3_portable_incremental_absorb_final_42(
4959 libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 *self,
4960 Eurydice_slice input) {
4961 Eurydice_slice buf[1U] = {input};
4962 libcrux_sha3_generic_keccak_xof_absorb_final_35_9e(self, buf);
4963 }
4964
4965 /**
4966 This function found in impl
4967 {libcrux_sha3::generic_keccak::xof::KeccakXofState<STATE, PARALLEL_LANES,
4968 RATE>[TraitClause@0, TraitClause@1]}
4969 */
4970 /**
4971 A monomorphic instance of libcrux_sha3.generic_keccak.xof.zero_block_35
4972 with types uint64_t
4973 with const generics
4974 - PARALLEL_LANES= 1
4975 - RATE= 136
4976 */
libcrux_sha3_generic_keccak_xof_zero_block_35_c6(uint8_t ret[136U])4977 static inline void libcrux_sha3_generic_keccak_xof_zero_block_35_c6(
4978 uint8_t ret[136U]) {
4979 memset(ret, 0U, 136U * sizeof(uint8_t));
4980 }
4981
4982 /**
4983 This function found in impl
4984 {libcrux_sha3::generic_keccak::xof::KeccakXofState<STATE, PARALLEL_LANES,
4985 RATE>[TraitClause@0, TraitClause@1]}
4986 */
4987 /**
4988 A monomorphic instance of libcrux_sha3.generic_keccak.xof.new_35
4989 with types uint64_t
4990 with const generics
4991 - PARALLEL_LANES= 1
4992 - RATE= 136
4993 */
4994 static inline libcrux_sha3_generic_keccak_xof_KeccakXofState_e2
libcrux_sha3_generic_keccak_xof_new_35_c6(void)4995 libcrux_sha3_generic_keccak_xof_new_35_c6(void) {
4996 libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 lit;
4997 lit.inner = libcrux_sha3_generic_keccak_new_80_04();
4998 uint8_t repeat_expression[1U][136U];
4999 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
5000 libcrux_sha3_generic_keccak_xof_zero_block_35_c6(repeat_expression[i]);
5001 }
5002 memcpy(lit.buf, repeat_expression, (size_t)1U * sizeof(uint8_t[136U]));
5003 lit.buf_len = (size_t)0U;
5004 lit.sponge = false;
5005 return lit;
5006 }
5007
5008 /**
5009 Shake256 new state
5010 */
5011 /**
5012 This function found in impl {libcrux_sha3::portable::incremental::Xof<136usize>
5013 for libcrux_sha3::portable::incremental::Shake256Xof}
5014 */
5015 static inline libcrux_sha3_generic_keccak_xof_KeccakXofState_e2
libcrux_sha3_portable_incremental_new_42(void)5016 libcrux_sha3_portable_incremental_new_42(void) {
5017 return libcrux_sha3_generic_keccak_xof_new_35_c6();
5018 }
5019
5020 /**
5021 Squeeze `N` x `LEN` bytes. Only `N = 1` for now.
5022 */
5023 /**
5024 This function found in impl
5025 {libcrux_sha3::generic_keccak::xof::KeccakXofState<STATE, 1usize,
5026 RATE>[TraitClause@0, TraitClause@1]}
5027 */
5028 /**
5029 A monomorphic instance of libcrux_sha3.generic_keccak.xof.squeeze_85
5030 with types uint64_t
5031 with const generics
5032 - RATE= 136
5033 */
libcrux_sha3_generic_keccak_xof_squeeze_85_c7(libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 * self,Eurydice_slice out)5034 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_xof_squeeze_85_c7(
5035 libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 *self,
5036 Eurydice_slice out) {
5037 if (self->sponge) {
5038 libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner);
5039 }
5040 size_t out_len = Eurydice_slice_len(out, uint8_t);
5041 if (out_len > (size_t)0U) {
5042 if (out_len <= (size_t)136U) {
5043 libcrux_sha3_simd_portable_squeeze_13_5b(&self->inner, out, (size_t)0U,
5044 out_len);
5045 } else {
5046 size_t blocks = out_len / (size_t)136U;
5047 for (size_t i = (size_t)0U; i < blocks; i++) {
5048 size_t i0 = i;
5049 libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner);
5050 libcrux_sha3_simd_portable_squeeze_13_5b(
5051 &self->inner, out, i0 * (size_t)136U, (size_t)136U);
5052 }
5053 size_t remaining = out_len % (size_t)136U;
5054 if (remaining > (size_t)0U) {
5055 libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner);
5056 libcrux_sha3_simd_portable_squeeze_13_5b(
5057 &self->inner, out, blocks * (size_t)136U, remaining);
5058 }
5059 }
5060 self->sponge = true;
5061 }
5062 }
5063
5064 /**
5065 Shake256 squeeze
5066 */
5067 /**
5068 This function found in impl {libcrux_sha3::portable::incremental::Xof<136usize>
5069 for libcrux_sha3::portable::incremental::Shake256Xof}
5070 */
libcrux_sha3_portable_incremental_squeeze_42(libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 * self,Eurydice_slice out)5071 static inline void libcrux_sha3_portable_incremental_squeeze_42(
5072 libcrux_sha3_generic_keccak_xof_KeccakXofState_e2 *self,
5073 Eurydice_slice out) {
5074 libcrux_sha3_generic_keccak_xof_squeeze_85_c7(self, out);
5075 }
5076
5077 /**
5078 A monomorphic instance of libcrux_sha3.generic_keccak.xof.KeccakXofState
5079 with types uint64_t
5080 with const generics
5081 - $1size_t
5082 - $168size_t
5083 */
5084 typedef struct libcrux_sha3_generic_keccak_xof_KeccakXofState_97_s {
5085 libcrux_sha3_generic_keccak_KeccakState_17 inner;
5086 uint8_t buf[1U][168U];
5087 size_t buf_len;
5088 bool sponge;
5089 } libcrux_sha3_generic_keccak_xof_KeccakXofState_97;
5090
5091 typedef libcrux_sha3_generic_keccak_xof_KeccakXofState_97
5092 libcrux_sha3_portable_incremental_Shake128Xof;
5093
5094 /**
5095 This function found in impl
5096 {libcrux_sha3::generic_keccak::xof::KeccakXofState<STATE, PARALLEL_LANES,
5097 RATE>[TraitClause@0, TraitClause@1]}
5098 */
5099 /**
5100 A monomorphic instance of libcrux_sha3.generic_keccak.xof.fill_buffer_35
5101 with types uint64_t
5102 with const generics
5103 - PARALLEL_LANES= 1
5104 - RATE= 168
5105 */
libcrux_sha3_generic_keccak_xof_fill_buffer_35_c60(libcrux_sha3_generic_keccak_xof_KeccakXofState_97 * self,Eurydice_slice * inputs)5106 static inline size_t libcrux_sha3_generic_keccak_xof_fill_buffer_35_c60(
5107 libcrux_sha3_generic_keccak_xof_KeccakXofState_97 *self,
5108 Eurydice_slice *inputs) {
5109 size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
5110 size_t consumed = (size_t)0U;
5111 if (self->buf_len > (size_t)0U) {
5112 if (self->buf_len + input_len >= (size_t)168U) {
5113 consumed = (size_t)168U - self->buf_len;
5114 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
5115 size_t i0 = i;
5116 Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
5117 (size_t)168U, self->buf[i0], self->buf_len, uint8_t, size_t,
5118 uint8_t[]);
5119 Eurydice_slice_copy(
5120 uu____0,
5121 Eurydice_slice_subslice_to(inputs[i0], consumed, uint8_t, size_t,
5122 uint8_t[]),
5123 uint8_t);
5124 }
5125 self->buf_len = self->buf_len + consumed;
5126 }
5127 }
5128 return consumed;
5129 }
5130
5131 /**
5132 This function found in impl
5133 {libcrux_sha3::generic_keccak::xof::KeccakXofState<STATE, PARALLEL_LANES,
5134 RATE>[TraitClause@0, TraitClause@1]}
5135 */
5136 /**
5137 A monomorphic instance of libcrux_sha3.generic_keccak.xof.absorb_full_35
5138 with types uint64_t
5139 with const generics
5140 - PARALLEL_LANES= 1
5141 - RATE= 168
5142 */
libcrux_sha3_generic_keccak_xof_absorb_full_35_c60(libcrux_sha3_generic_keccak_xof_KeccakXofState_97 * self,Eurydice_slice * inputs)5143 static inline size_t libcrux_sha3_generic_keccak_xof_absorb_full_35_c60(
5144 libcrux_sha3_generic_keccak_xof_KeccakXofState_97 *self,
5145 Eurydice_slice *inputs) {
5146 size_t input_consumed =
5147 libcrux_sha3_generic_keccak_xof_fill_buffer_35_c60(self, inputs);
5148 if (input_consumed > (size_t)0U) {
5149 Eurydice_slice borrowed[1U];
5150 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
5151 uint8_t buf[168U] = {0U};
5152 borrowed[i] = core_array___Array_T__N___as_slice((size_t)168U, buf,
5153 uint8_t, Eurydice_slice);
5154 }
5155 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
5156 size_t i0 = i;
5157 borrowed[i0] =
5158 Eurydice_array_to_slice((size_t)168U, self->buf[i0], uint8_t);
5159 }
5160 libcrux_sha3_simd_portable_load_block_a1_3a(&self->inner, borrowed,
5161 (size_t)0U);
5162 libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner);
5163 self->buf_len = (size_t)0U;
5164 }
5165 size_t input_to_consume =
5166 Eurydice_slice_len(inputs[0U], uint8_t) - input_consumed;
5167 size_t num_blocks = input_to_consume / (size_t)168U;
5168 size_t remainder = input_to_consume % (size_t)168U;
5169 for (size_t i = (size_t)0U; i < num_blocks; i++) {
5170 size_t i0 = i;
5171 libcrux_sha3_simd_portable_load_block_a1_3a(
5172 &self->inner, inputs, input_consumed + i0 * (size_t)168U);
5173 libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner);
5174 }
5175 return remainder;
5176 }
5177
5178 /**
5179 This function found in impl
5180 {libcrux_sha3::generic_keccak::xof::KeccakXofState<STATE, PARALLEL_LANES,
5181 RATE>[TraitClause@0, TraitClause@1]}
5182 */
5183 /**
5184 A monomorphic instance of libcrux_sha3.generic_keccak.xof.absorb_35
5185 with types uint64_t
5186 with const generics
5187 - PARALLEL_LANES= 1
5188 - RATE= 168
5189 */
libcrux_sha3_generic_keccak_xof_absorb_35_c60(libcrux_sha3_generic_keccak_xof_KeccakXofState_97 * self,Eurydice_slice * inputs)5190 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_xof_absorb_35_c60(
5191 libcrux_sha3_generic_keccak_xof_KeccakXofState_97 *self,
5192 Eurydice_slice *inputs) {
5193 size_t input_remainder_len =
5194 libcrux_sha3_generic_keccak_xof_absorb_full_35_c60(self, inputs);
5195 if (input_remainder_len > (size_t)0U) {
5196 size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t);
5197 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
5198 size_t i0 = i;
5199 Eurydice_slice_copy(Eurydice_array_to_subslice3(
5200 self->buf[i0], self->buf_len,
5201 self->buf_len + input_remainder_len, uint8_t *),
5202 Eurydice_slice_subslice_from(
5203 inputs[i0], input_len - input_remainder_len,
5204 uint8_t, size_t, uint8_t[]),
5205 uint8_t);
5206 }
5207 self->buf_len = self->buf_len + input_remainder_len;
5208 }
5209 }
5210
5211 /**
5212 This function found in impl {libcrux_sha3::portable::incremental::Xof<168usize>
5213 for libcrux_sha3::portable::incremental::Shake128Xof}
5214 */
libcrux_sha3_portable_incremental_absorb_26(libcrux_sha3_generic_keccak_xof_KeccakXofState_97 * self,Eurydice_slice input)5215 static inline void libcrux_sha3_portable_incremental_absorb_26(
5216 libcrux_sha3_generic_keccak_xof_KeccakXofState_97 *self,
5217 Eurydice_slice input) {
5218 Eurydice_slice buf[1U] = {input};
5219 libcrux_sha3_generic_keccak_xof_absorb_35_c60(self, buf);
5220 }
5221
5222 /**
5223 This function found in impl
5224 {libcrux_sha3::generic_keccak::xof::KeccakXofState<STATE, PARALLEL_LANES,
5225 RATE>[TraitClause@0, TraitClause@1]}
5226 */
5227 /**
5228 A monomorphic instance of libcrux_sha3.generic_keccak.xof.absorb_final_35
5229 with types uint64_t
5230 with const generics
5231 - PARALLEL_LANES= 1
5232 - RATE= 168
5233 - DELIMITER= 31
5234 */
libcrux_sha3_generic_keccak_xof_absorb_final_35_9e0(libcrux_sha3_generic_keccak_xof_KeccakXofState_97 * self,Eurydice_slice * inputs)5235 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_xof_absorb_final_35_9e0(
5236 libcrux_sha3_generic_keccak_xof_KeccakXofState_97 *self,
5237 Eurydice_slice *inputs) {
5238 libcrux_sha3_generic_keccak_xof_absorb_35_c60(self, inputs);
5239 Eurydice_slice borrowed[1U];
5240 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
5241 uint8_t buf[168U] = {0U};
5242 borrowed[i] = core_array___Array_T__N___as_slice((size_t)168U, buf, uint8_t,
5243 Eurydice_slice);
5244 }
5245 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
5246 size_t i0 = i;
5247 borrowed[i0] =
5248 Eurydice_array_to_slice((size_t)168U, self->buf[i0], uint8_t);
5249 }
5250 libcrux_sha3_simd_portable_load_last_a1_c6(&self->inner, borrowed, (size_t)0U,
5251 self->buf_len);
5252 libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner);
5253 }
5254
5255 /**
5256 This function found in impl {libcrux_sha3::portable::incremental::Xof<168usize>
5257 for libcrux_sha3::portable::incremental::Shake128Xof}
5258 */
libcrux_sha3_portable_incremental_absorb_final_26(libcrux_sha3_generic_keccak_xof_KeccakXofState_97 * self,Eurydice_slice input)5259 static inline void libcrux_sha3_portable_incremental_absorb_final_26(
5260 libcrux_sha3_generic_keccak_xof_KeccakXofState_97 *self,
5261 Eurydice_slice input) {
5262 Eurydice_slice buf[1U] = {input};
5263 libcrux_sha3_generic_keccak_xof_absorb_final_35_9e0(self, buf);
5264 }
5265
5266 /**
5267 This function found in impl
5268 {libcrux_sha3::generic_keccak::xof::KeccakXofState<STATE, PARALLEL_LANES,
5269 RATE>[TraitClause@0, TraitClause@1]}
5270 */
5271 /**
5272 A monomorphic instance of libcrux_sha3.generic_keccak.xof.zero_block_35
5273 with types uint64_t
5274 with const generics
5275 - PARALLEL_LANES= 1
5276 - RATE= 168
5277 */
libcrux_sha3_generic_keccak_xof_zero_block_35_c60(uint8_t ret[168U])5278 static inline void libcrux_sha3_generic_keccak_xof_zero_block_35_c60(
5279 uint8_t ret[168U]) {
5280 memset(ret, 0U, 168U * sizeof(uint8_t));
5281 }
5282
5283 /**
5284 This function found in impl
5285 {libcrux_sha3::generic_keccak::xof::KeccakXofState<STATE, PARALLEL_LANES,
5286 RATE>[TraitClause@0, TraitClause@1]}
5287 */
5288 /**
5289 A monomorphic instance of libcrux_sha3.generic_keccak.xof.new_35
5290 with types uint64_t
5291 with const generics
5292 - PARALLEL_LANES= 1
5293 - RATE= 168
5294 */
5295 static inline libcrux_sha3_generic_keccak_xof_KeccakXofState_97
libcrux_sha3_generic_keccak_xof_new_35_c60(void)5296 libcrux_sha3_generic_keccak_xof_new_35_c60(void) {
5297 libcrux_sha3_generic_keccak_xof_KeccakXofState_97 lit;
5298 lit.inner = libcrux_sha3_generic_keccak_new_80_04();
5299 uint8_t repeat_expression[1U][168U];
5300 for (size_t i = (size_t)0U; i < (size_t)1U; i++) {
5301 libcrux_sha3_generic_keccak_xof_zero_block_35_c60(repeat_expression[i]);
5302 }
5303 memcpy(lit.buf, repeat_expression, (size_t)1U * sizeof(uint8_t[168U]));
5304 lit.buf_len = (size_t)0U;
5305 lit.sponge = false;
5306 return lit;
5307 }
5308
5309 /**
5310 This function found in impl {libcrux_sha3::portable::incremental::Xof<168usize>
5311 for libcrux_sha3::portable::incremental::Shake128Xof}
5312 */
5313 static inline libcrux_sha3_generic_keccak_xof_KeccakXofState_97
libcrux_sha3_portable_incremental_new_26(void)5314 libcrux_sha3_portable_incremental_new_26(void) {
5315 return libcrux_sha3_generic_keccak_xof_new_35_c60();
5316 }
5317
5318 /**
5319 Squeeze `N` x `LEN` bytes. Only `N = 1` for now.
5320 */
5321 /**
5322 This function found in impl
5323 {libcrux_sha3::generic_keccak::xof::KeccakXofState<STATE, 1usize,
5324 RATE>[TraitClause@0, TraitClause@1]}
5325 */
5326 /**
5327 A monomorphic instance of libcrux_sha3.generic_keccak.xof.squeeze_85
5328 with types uint64_t
5329 with const generics
5330 - RATE= 168
5331 */
libcrux_sha3_generic_keccak_xof_squeeze_85_13(libcrux_sha3_generic_keccak_xof_KeccakXofState_97 * self,Eurydice_slice out)5332 static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_xof_squeeze_85_13(
5333 libcrux_sha3_generic_keccak_xof_KeccakXofState_97 *self,
5334 Eurydice_slice out) {
5335 if (self->sponge) {
5336 libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner);
5337 }
5338 size_t out_len = Eurydice_slice_len(out, uint8_t);
5339 if (out_len > (size_t)0U) {
5340 if (out_len <= (size_t)168U) {
5341 libcrux_sha3_simd_portable_squeeze_13_3a(&self->inner, out, (size_t)0U,
5342 out_len);
5343 } else {
5344 size_t blocks = out_len / (size_t)168U;
5345 for (size_t i = (size_t)0U; i < blocks; i++) {
5346 size_t i0 = i;
5347 libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner);
5348 libcrux_sha3_simd_portable_squeeze_13_3a(
5349 &self->inner, out, i0 * (size_t)168U, (size_t)168U);
5350 }
5351 size_t remaining = out_len % (size_t)168U;
5352 if (remaining > (size_t)0U) {
5353 libcrux_sha3_generic_keccak_keccakf1600_80_04(&self->inner);
5354 libcrux_sha3_simd_portable_squeeze_13_3a(
5355 &self->inner, out, blocks * (size_t)168U, remaining);
5356 }
5357 }
5358 self->sponge = true;
5359 }
5360 }
5361
5362 /**
5363 Shake128 squeeze
5364 */
5365 /**
5366 This function found in impl {libcrux_sha3::portable::incremental::Xof<168usize>
5367 for libcrux_sha3::portable::incremental::Shake128Xof}
5368 */
libcrux_sha3_portable_incremental_squeeze_26(libcrux_sha3_generic_keccak_xof_KeccakXofState_97 * self,Eurydice_slice out)5369 static inline void libcrux_sha3_portable_incremental_squeeze_26(
5370 libcrux_sha3_generic_keccak_xof_KeccakXofState_97 *self,
5371 Eurydice_slice out) {
5372 libcrux_sha3_generic_keccak_xof_squeeze_85_13(self, out);
5373 }
5374
5375 /**
5376 This function found in impl {core::clone::Clone for
5377 libcrux_sha3::portable::KeccakState}
5378 */
5379 static inline libcrux_sha3_generic_keccak_KeccakState_17
libcrux_sha3_portable_clone_fe(libcrux_sha3_generic_keccak_KeccakState_17 * self)5380 libcrux_sha3_portable_clone_fe(
5381 libcrux_sha3_generic_keccak_KeccakState_17 *self) {
5382 return self[0U];
5383 }
5384
5385 /**
5386 This function found in impl {core::convert::From<libcrux_sha3::Algorithm> for
5387 u32}
5388 */
libcrux_sha3_from_6c(libcrux_sha3_Algorithm v)5389 static inline uint32_t libcrux_sha3_from_6c(libcrux_sha3_Algorithm v) {
5390 switch (v) {
5391 case libcrux_sha3_Algorithm_Sha224: {
5392 break;
5393 }
5394 case libcrux_sha3_Algorithm_Sha256: {
5395 return 2U;
5396 }
5397 case libcrux_sha3_Algorithm_Sha384: {
5398 return 3U;
5399 }
5400 case libcrux_sha3_Algorithm_Sha512: {
5401 return 4U;
5402 }
5403 default: {
5404 KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__,
5405 __LINE__);
5406 KRML_HOST_EXIT(253U);
5407 }
5408 }
5409 return 1U;
5410 }
5411
5412 /**
5413 This function found in impl {core::convert::From<u32> for
5414 libcrux_sha3::Algorithm}
5415 */
libcrux_sha3_from_29(uint32_t v)5416 static inline libcrux_sha3_Algorithm libcrux_sha3_from_29(uint32_t v) {
5417 switch (v) {
5418 case 1U: {
5419 break;
5420 }
5421 case 2U: {
5422 return libcrux_sha3_Algorithm_Sha256;
5423 }
5424 case 3U: {
5425 return libcrux_sha3_Algorithm_Sha384;
5426 }
5427 case 4U: {
5428 return libcrux_sha3_Algorithm_Sha512;
5429 }
5430 default: {
5431 KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__,
5432 "panic!");
5433 KRML_HOST_EXIT(255U);
5434 }
5435 }
5436 return libcrux_sha3_Algorithm_Sha224;
5437 }
5438
5439 #if defined(__cplusplus)
5440 }
5441 #endif
5442
5443 #define libcrux_sha3_portable_H_DEFINED
5444 #endif /* libcrux_sha3_portable_H */
5445
5446 /* from libcrux/libcrux-ml-kem/extracts/c_header_only/generated/libcrux_mlkem768_portable.h */
5447 /*
5448 * SPDX-FileCopyrightText: 2025 Cryspen Sarl <info@cryspen.com>
5449 *
5450 * SPDX-License-Identifier: MIT or Apache-2.0
5451 *
5452 * This code was generated with the following revisions:
5453 * Charon: 667d2fc98984ff7f3df989c2367e6c1fa4a000e7
5454 * Eurydice: 2381cbc416ef2ad0b561c362c500bc84f36b6785
5455 * Karamel: 80f5435f2fc505973c469a4afcc8d875cddd0d8b
5456 * F*: 71d8221589d4d438af3706d89cb653cf53e18aab
5457 * Libcrux: 68dfed5a4a9e40277f62828471c029afed1ecdcc
5458 */
5459
5460 #ifndef libcrux_mlkem768_portable_H
5461 #define libcrux_mlkem768_portable_H
5462
5463
5464 #if defined(__cplusplus)
5465 extern "C" {
5466 #endif
5467
5468
libcrux_ml_kem_hash_functions_portable_G(Eurydice_slice input,uint8_t ret[64U])5469 static inline void libcrux_ml_kem_hash_functions_portable_G(
5470 Eurydice_slice input, uint8_t ret[64U]) {
5471 uint8_t digest[64U] = {0U};
5472 libcrux_sha3_portable_sha512(
5473 Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input);
5474 memcpy(ret, digest, (size_t)64U * sizeof(uint8_t));
5475 }
5476
libcrux_ml_kem_hash_functions_portable_H(Eurydice_slice input,uint8_t ret[32U])5477 static inline void libcrux_ml_kem_hash_functions_portable_H(
5478 Eurydice_slice input, uint8_t ret[32U]) {
5479 uint8_t digest[32U] = {0U};
5480 libcrux_sha3_portable_sha256(
5481 Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input);
5482 memcpy(ret, digest, (size_t)32U * sizeof(uint8_t));
5483 }
5484
5485 static const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] =
5486 {(int16_t)-1044, (int16_t)-758, (int16_t)-359, (int16_t)-1517,
5487 (int16_t)1493, (int16_t)1422, (int16_t)287, (int16_t)202,
5488 (int16_t)-171, (int16_t)622, (int16_t)1577, (int16_t)182,
5489 (int16_t)962, (int16_t)-1202, (int16_t)-1474, (int16_t)1468,
5490 (int16_t)573, (int16_t)-1325, (int16_t)264, (int16_t)383,
5491 (int16_t)-829, (int16_t)1458, (int16_t)-1602, (int16_t)-130,
5492 (int16_t)-681, (int16_t)1017, (int16_t)732, (int16_t)608,
5493 (int16_t)-1542, (int16_t)411, (int16_t)-205, (int16_t)-1571,
5494 (int16_t)1223, (int16_t)652, (int16_t)-552, (int16_t)1015,
5495 (int16_t)-1293, (int16_t)1491, (int16_t)-282, (int16_t)-1544,
5496 (int16_t)516, (int16_t)-8, (int16_t)-320, (int16_t)-666,
5497 (int16_t)-1618, (int16_t)-1162, (int16_t)126, (int16_t)1469,
5498 (int16_t)-853, (int16_t)-90, (int16_t)-271, (int16_t)830,
5499 (int16_t)107, (int16_t)-1421, (int16_t)-247, (int16_t)-951,
5500 (int16_t)-398, (int16_t)961, (int16_t)-1508, (int16_t)-725,
5501 (int16_t)448, (int16_t)-1065, (int16_t)677, (int16_t)-1275,
5502 (int16_t)-1103, (int16_t)430, (int16_t)555, (int16_t)843,
5503 (int16_t)-1251, (int16_t)871, (int16_t)1550, (int16_t)105,
5504 (int16_t)422, (int16_t)587, (int16_t)177, (int16_t)-235,
5505 (int16_t)-291, (int16_t)-460, (int16_t)1574, (int16_t)1653,
5506 (int16_t)-246, (int16_t)778, (int16_t)1159, (int16_t)-147,
5507 (int16_t)-777, (int16_t)1483, (int16_t)-602, (int16_t)1119,
5508 (int16_t)-1590, (int16_t)644, (int16_t)-872, (int16_t)349,
5509 (int16_t)418, (int16_t)329, (int16_t)-156, (int16_t)-75,
5510 (int16_t)817, (int16_t)1097, (int16_t)603, (int16_t)610,
5511 (int16_t)1322, (int16_t)-1285, (int16_t)-1465, (int16_t)384,
5512 (int16_t)-1215, (int16_t)-136, (int16_t)1218, (int16_t)-1335,
5513 (int16_t)-874, (int16_t)220, (int16_t)-1187, (int16_t)-1659,
5514 (int16_t)-1185, (int16_t)-1530, (int16_t)-1278, (int16_t)794,
5515 (int16_t)-1510, (int16_t)-854, (int16_t)-870, (int16_t)478,
5516 (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991,
5517 (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628};
5518
libcrux_ml_kem_polynomial_zeta(size_t i)5519 static KRML_MUSTINLINE int16_t libcrux_ml_kem_polynomial_zeta(size_t i) {
5520 return libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[i];
5521 }
5522
5523 #define LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT ((size_t)16U)
5524
5525 #define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR ((size_t)16U)
5526
5527 #define LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS \
5528 ((int16_t)1353)
5529
5530 #define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS ((int16_t)3329)
5531
5532 #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \
5533 (62209U)
5534
5535 typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s {
5536 int16_t elements[16U];
5537 } libcrux_ml_kem_vector_portable_vector_type_PortableVector;
5538
5539 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_vector_type_from_i16_array(Eurydice_slice array)5540 libcrux_ml_kem_vector_portable_vector_type_from_i16_array(
5541 Eurydice_slice array) {
5542 libcrux_ml_kem_vector_portable_vector_type_PortableVector lit;
5543 int16_t ret[16U];
5544 Result_0a dst;
5545 Eurydice_slice_to_array2(
5546 &dst, Eurydice_slice_subslice3(array, (size_t)0U, (size_t)16U, int16_t *),
5547 Eurydice_slice, int16_t[16U], TryFromSliceError);
5548 unwrap_26_00(dst, ret);
5549 memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t));
5550 return lit;
5551 }
5552
5553 /**
5554 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
5555 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
5556 */
5557 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_from_i16_array_b8(Eurydice_slice array)5558 libcrux_ml_kem_vector_portable_from_i16_array_b8(Eurydice_slice array) {
5559 return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(
5560 libcrux_secrets_int_classify_public_classify_ref_9b_39(array));
5561 }
5562
5563 typedef struct int16_t_x8_s {
5564 int16_t fst;
5565 int16_t snd;
5566 int16_t thd;
5567 int16_t f3;
5568 int16_t f4;
5569 int16_t f5;
5570 int16_t f6;
5571 int16_t f7;
5572 } int16_t_x8;
5573
5574 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_vector_type_zero(void)5575 libcrux_ml_kem_vector_portable_vector_type_zero(void) {
5576 libcrux_ml_kem_vector_portable_vector_type_PortableVector lit;
5577 int16_t ret[16U];
5578 int16_t buf[16U] = {0U};
5579 libcrux_secrets_int_public_integers_classify_27_46(buf, ret);
5580 memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t));
5581 return lit;
5582 }
5583
5584 /**
5585 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
5586 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
5587 */
5588 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ZERO_b8(void)5589 libcrux_ml_kem_vector_portable_ZERO_b8(void) {
5590 return libcrux_ml_kem_vector_portable_vector_type_zero();
5591 }
5592
5593 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_arithmetic_add(libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,libcrux_ml_kem_vector_portable_vector_type_PortableVector * rhs)5594 libcrux_ml_kem_vector_portable_arithmetic_add(
5595 libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,
5596 libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) {
5597 for (size_t i = (size_t)0U;
5598 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
5599 size_t i0 = i;
5600 size_t uu____0 = i0;
5601 lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0];
5602 }
5603 return lhs;
5604 }
5605
5606 /**
5607 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
5608 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
5609 */
5610 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_add_b8(libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,libcrux_ml_kem_vector_portable_vector_type_PortableVector * rhs)5611 libcrux_ml_kem_vector_portable_add_b8(
5612 libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,
5613 libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) {
5614 return libcrux_ml_kem_vector_portable_arithmetic_add(lhs, rhs);
5615 }
5616
5617 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_arithmetic_sub(libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,libcrux_ml_kem_vector_portable_vector_type_PortableVector * rhs)5618 libcrux_ml_kem_vector_portable_arithmetic_sub(
5619 libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,
5620 libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) {
5621 for (size_t i = (size_t)0U;
5622 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
5623 size_t i0 = i;
5624 size_t uu____0 = i0;
5625 lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0];
5626 }
5627 return lhs;
5628 }
5629
5630 /**
5631 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
5632 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
5633 */
5634 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_sub_b8(libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,libcrux_ml_kem_vector_portable_vector_type_PortableVector * rhs)5635 libcrux_ml_kem_vector_portable_sub_b8(
5636 libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs,
5637 libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) {
5638 return libcrux_ml_kem_vector_portable_arithmetic_sub(lhs, rhs);
5639 }
5640
5641 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec,int16_t c)5642 libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(
5643 libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) {
5644 for (size_t i = (size_t)0U;
5645 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
5646 size_t i0 = i;
5647 size_t uu____0 = i0;
5648 vec.elements[uu____0] = vec.elements[uu____0] * c;
5649 }
5650 return vec;
5651 }
5652
5653 /**
5654 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
5655 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
5656 */
5657 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_multiply_by_constant_b8(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec,int16_t c)5658 libcrux_ml_kem_vector_portable_multiply_by_constant_b8(
5659 libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) {
5660 return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(vec, c);
5661 }
5662
5663 /**
5664 Note: This function is not secret independent
5665 Only use with public values.
5666 */
5667 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec)5668 libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(
5669 libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
5670 for (size_t i = (size_t)0U;
5671 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
5672 size_t i0 = i;
5673 if (libcrux_secrets_int_public_integers_declassify_d8_39(
5674 vec.elements[i0]) >= (int16_t)3329) {
5675 size_t uu____0 = i0;
5676 vec.elements[uu____0] = vec.elements[uu____0] - (int16_t)3329;
5677 }
5678 }
5679 return vec;
5680 }
5681
5682 /**
5683 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
5684 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
5685 */
5686 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_cond_subtract_3329_b8(libcrux_ml_kem_vector_portable_vector_type_PortableVector v)5687 libcrux_ml_kem_vector_portable_cond_subtract_3329_b8(
5688 libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
5689 return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v);
5690 }
5691
5692 #define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER \
5693 ((int32_t)20159)
5694
5695 #define LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_SHIFT ((int32_t)26)
5696
5697 #define LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_R \
5698 ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_SHIFT)
5699
5700 /**
5701 Signed Barrett Reduction
5702
5703 Given an input `value`, `barrett_reduce` outputs a representative `result`
5704 such that:
5705
5706 - result ≡ value (mod FIELD_MODULUS)
5707 - the absolute value of `result` is bound as follows:
5708
5709 `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1)
5710
5711 Note: The input bound is 28296 to prevent overflow in the multiplication of
5712 quotient by FIELD_MODULUS
5713
5714 */
5715 static inline int16_t
libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element(int16_t value)5716 libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element(
5717 int16_t value) {
5718 int32_t t = libcrux_secrets_int_as_i32_f5(value) *
5719 LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER +
5720 (LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_R >> 1U);
5721 int16_t quotient = libcrux_secrets_int_as_i16_36(
5722 t >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_SHIFT);
5723 return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS;
5724 }
5725
5726 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec)5727 libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(
5728 libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
5729 for (size_t i = (size_t)0U;
5730 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
5731 size_t i0 = i;
5732 int16_t vi =
5733 libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element(
5734 vec.elements[i0]);
5735 vec.elements[i0] = vi;
5736 }
5737 return vec;
5738 }
5739
5740 /**
5741 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
5742 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
5743 */
5744 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_barrett_reduce_b8(libcrux_ml_kem_vector_portable_vector_type_PortableVector vector)5745 libcrux_ml_kem_vector_portable_barrett_reduce_b8(
5746 libcrux_ml_kem_vector_portable_vector_type_PortableVector vector) {
5747 return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(vector);
5748 }
5749
5750 #define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT (16U)
5751
5752 /**
5753 Signed Montgomery Reduction
5754
5755 Given an input `value`, `montgomery_reduce` outputs a representative `o`
5756 such that:
5757
5758 - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS)
5759 - the absolute value of `o` is bound as follows:
5760
5761 `|result| ≤ ceil(|value| / MONTGOMERY_R) + 1665
5762
5763 In particular, if `|value| ≤ FIELD_MODULUS-1 * FIELD_MODULUS-1`, then `|o| <=
5764 FIELD_MODULUS-1`. And, if `|value| ≤ pow2 16 * FIELD_MODULUS-1`, then `|o| <=
5765 FIELD_MODULUS + 1664
5766
5767 */
5768 static inline int16_t
libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element(int32_t value)5769 libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element(
5770 int32_t value) {
5771 int32_t k =
5772 libcrux_secrets_int_as_i32_f5(libcrux_secrets_int_as_i16_36(value)) *
5773 libcrux_secrets_int_as_i32_b8(
5774 libcrux_secrets_int_public_integers_classify_27_df(
5775 LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R));
5776 int32_t k_times_modulus =
5777 libcrux_secrets_int_as_i32_f5(libcrux_secrets_int_as_i16_36(k)) *
5778 libcrux_secrets_int_as_i32_f5(
5779 libcrux_secrets_int_public_integers_classify_27_39(
5780 LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS));
5781 int16_t c = libcrux_secrets_int_as_i16_36(
5782 k_times_modulus >>
5783 (uint32_t)LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT);
5784 int16_t value_high = libcrux_secrets_int_as_i16_36(
5785 value >>
5786 (uint32_t)LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT);
5787 return value_high - c;
5788 }
5789
5790 /**
5791 If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to
5792 `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to
5793 `x · y`, as follows:
5794
5795 `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)`
5796
5797 `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a
5798 representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod
5799 FIELD_MODULUS)`.
5800 */
5801 static KRML_MUSTINLINE int16_t
libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer(int16_t fe,int16_t fer)5802 libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer(
5803 int16_t fe, int16_t fer) {
5804 int32_t product =
5805 libcrux_secrets_int_as_i32_f5(fe) * libcrux_secrets_int_as_i32_f5(fer);
5806 return libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element(
5807 product);
5808 }
5809
5810 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec,int16_t c)5811 libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant(
5812 libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) {
5813 for (size_t i = (size_t)0U;
5814 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
5815 size_t i0 = i;
5816 vec.elements[i0] =
5817 libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer(
5818 vec.elements[i0], c);
5819 }
5820 return vec;
5821 }
5822
5823 /**
5824 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
5825 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
5826 */
5827 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8(libcrux_ml_kem_vector_portable_vector_type_PortableVector vector,int16_t constant)5828 libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8(
5829 libcrux_ml_kem_vector_portable_vector_type_PortableVector vector,
5830 int16_t constant) {
5831 return libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant(
5832 vector, libcrux_secrets_int_public_integers_classify_27_39(constant));
5833 }
5834
5835 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec,int16_t c)5836 libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(
5837 libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) {
5838 for (size_t i = (size_t)0U;
5839 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
5840 size_t i0 = i;
5841 size_t uu____0 = i0;
5842 vec.elements[uu____0] = vec.elements[uu____0] & c;
5843 }
5844 return vec;
5845 }
5846
5847 /**
5848 A monomorphic instance of libcrux_ml_kem.vector.portable.arithmetic.shift_right
5849 with const generics
5850 - SHIFT_BY= 15
5851 */
5852 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_arithmetic_shift_right_ef(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec)5853 libcrux_ml_kem_vector_portable_arithmetic_shift_right_ef(
5854 libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
5855 for (size_t i = (size_t)0U;
5856 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
5857 size_t i0 = i;
5858 vec.elements[i0] = vec.elements[i0] >> (uint32_t)(int32_t)15;
5859 }
5860 return vec;
5861 }
5862
5863 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_arithmetic_to_unsigned_representative(libcrux_ml_kem_vector_portable_vector_type_PortableVector a)5864 libcrux_ml_kem_vector_portable_arithmetic_to_unsigned_representative(
5865 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
5866 libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
5867 libcrux_ml_kem_vector_portable_arithmetic_shift_right_ef(a);
5868 libcrux_ml_kem_vector_portable_vector_type_PortableVector fm =
5869 libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(
5870 t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
5871 return libcrux_ml_kem_vector_portable_arithmetic_add(a, &fm);
5872 }
5873
5874 /**
5875 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
5876 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
5877 */
5878 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_to_unsigned_representative_b8(libcrux_ml_kem_vector_portable_vector_type_PortableVector a)5879 libcrux_ml_kem_vector_portable_to_unsigned_representative_b8(
5880 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
5881 return libcrux_ml_kem_vector_portable_arithmetic_to_unsigned_representative(
5882 a);
5883 }
5884
5885 /**
5886 The `compress_*` functions implement the `Compress` function specified in the
5887 NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as:
5888
5889 ```plaintext
5890 Compress_d: ℤq -> ℤ_{2ᵈ}
5891 Compress_d(x) = ⌈(2ᵈ/q)·x⌋
5892 ```
5893
5894 Since `⌈x⌋ = ⌊x + 1/2⌋` we have:
5895
5896 ```plaintext
5897 Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋
5898 = ⌊(2^{d+1}·x + q) / 2q⌋
5899 ```
5900
5901 For further information about the function implementations, consult the
5902 `implementation_notes.pdf` document in this directory.
5903
5904 The NIST FIPS 203 standard can be found at
5905 <https://csrc.nist.gov/pubs/fips/203/ipd>.
5906 */
5907 static inline uint8_t
libcrux_ml_kem_vector_portable_compress_compress_message_coefficient(uint16_t fe)5908 libcrux_ml_kem_vector_portable_compress_compress_message_coefficient(
5909 uint16_t fe) {
5910 int16_t shifted =
5911 libcrux_secrets_int_public_integers_classify_27_39((int16_t)1664) -
5912 libcrux_secrets_int_as_i16_ca(fe);
5913 int16_t mask = shifted >> 15U;
5914 int16_t shifted_to_positive = mask ^ shifted;
5915 int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832;
5916 int16_t r0 = shifted_positive_in_range >> 15U;
5917 int16_t r1 = r0 & (int16_t)1;
5918 return libcrux_secrets_int_as_u8_f5(r1);
5919 }
5920
5921 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_compress_1(libcrux_ml_kem_vector_portable_vector_type_PortableVector a)5922 libcrux_ml_kem_vector_portable_compress_compress_1(
5923 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
5924 for (size_t i = (size_t)0U;
5925 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
5926 size_t i0 = i;
5927 a.elements[i0] = libcrux_secrets_int_as_i16_59(
5928 libcrux_ml_kem_vector_portable_compress_compress_message_coefficient(
5929 libcrux_secrets_int_as_u16_f5(a.elements[i0])));
5930 }
5931 return a;
5932 }
5933
5934 /**
5935 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
5936 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
5937 */
5938 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_1_b8(libcrux_ml_kem_vector_portable_vector_type_PortableVector a)5939 libcrux_ml_kem_vector_portable_compress_1_b8(
5940 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
5941 return libcrux_ml_kem_vector_portable_compress_compress_1(a);
5942 }
5943
5944 static KRML_MUSTINLINE uint32_t
libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits(uint8_t n,uint32_t value)5945 libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits(
5946 uint8_t n, uint32_t value) {
5947 return value & ((1U << (uint32_t)n) - 1U);
5948 }
5949
5950 static inline int16_t
libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient(uint8_t coefficient_bits,uint16_t fe)5951 libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient(
5952 uint8_t coefficient_bits, uint16_t fe) {
5953 uint64_t compressed = libcrux_secrets_int_as_u64_ca(fe)
5954 << (uint32_t)coefficient_bits;
5955 compressed = compressed + 1664ULL;
5956 compressed = compressed * 10321340ULL;
5957 compressed = compressed >> 35U;
5958 return libcrux_secrets_int_as_i16_b8(
5959 libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits(
5960 coefficient_bits, libcrux_secrets_int_as_u32_a3(compressed)));
5961 }
5962
5963 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_decompress_1(libcrux_ml_kem_vector_portable_vector_type_PortableVector a)5964 libcrux_ml_kem_vector_portable_compress_decompress_1(
5965 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
5966 libcrux_ml_kem_vector_portable_vector_type_PortableVector z =
5967 libcrux_ml_kem_vector_portable_vector_type_zero();
5968 libcrux_ml_kem_vector_portable_vector_type_PortableVector s =
5969 libcrux_ml_kem_vector_portable_arithmetic_sub(z, &a);
5970 libcrux_ml_kem_vector_portable_vector_type_PortableVector res =
5971 libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(
5972 s, (int16_t)1665);
5973 return res;
5974 }
5975
5976 /**
5977 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
5978 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
5979 */
5980 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_decompress_1_b8(libcrux_ml_kem_vector_portable_vector_type_PortableVector a)5981 libcrux_ml_kem_vector_portable_decompress_1_b8(
5982 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
5983 return libcrux_ml_kem_vector_portable_compress_decompress_1(a);
5984 }
5985
libcrux_ml_kem_vector_portable_ntt_ntt_step(libcrux_ml_kem_vector_portable_vector_type_PortableVector * vec,int16_t zeta,size_t i,size_t j)5986 static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step(
5987 libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec,
5988 int16_t zeta, size_t i, size_t j) {
5989 int16_t t =
5990 libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer(
5991 vec->elements[j],
5992 libcrux_secrets_int_public_integers_classify_27_39(zeta));
5993 int16_t a_minus_t = vec->elements[i] - t;
5994 int16_t a_plus_t = vec->elements[i] + t;
5995 vec->elements[j] = a_minus_t;
5996 vec->elements[i] = a_plus_t;
5997 }
5998
5999 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec,int16_t zeta0,int16_t zeta1,int16_t zeta2,int16_t zeta3)6000 libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(
6001 libcrux_ml_kem_vector_portable_vector_type_PortableVector vec,
6002 int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) {
6003 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)0U,
6004 (size_t)2U);
6005 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)1U,
6006 (size_t)3U);
6007 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)4U,
6008 (size_t)6U);
6009 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)5U,
6010 (size_t)7U);
6011 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta2, (size_t)8U,
6012 (size_t)10U);
6013 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta2, (size_t)9U,
6014 (size_t)11U);
6015 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta3, (size_t)12U,
6016 (size_t)14U);
6017 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta3, (size_t)13U,
6018 (size_t)15U);
6019 return vec;
6020 }
6021
6022 /**
6023 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
6024 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
6025 */
6026 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_layer_1_step_b8(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,int16_t zeta0,int16_t zeta1,int16_t zeta2,int16_t zeta3)6027 libcrux_ml_kem_vector_portable_ntt_layer_1_step_b8(
6028 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0,
6029 int16_t zeta1, int16_t zeta2, int16_t zeta3) {
6030 return libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(a, zeta0, zeta1,
6031 zeta2, zeta3);
6032 }
6033
6034 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec,int16_t zeta0,int16_t zeta1)6035 libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(
6036 libcrux_ml_kem_vector_portable_vector_type_PortableVector vec,
6037 int16_t zeta0, int16_t zeta1) {
6038 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)0U,
6039 (size_t)4U);
6040 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)1U,
6041 (size_t)5U);
6042 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)2U,
6043 (size_t)6U);
6044 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)3U,
6045 (size_t)7U);
6046 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)8U,
6047 (size_t)12U);
6048 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)9U,
6049 (size_t)13U);
6050 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)10U,
6051 (size_t)14U);
6052 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)11U,
6053 (size_t)15U);
6054 return vec;
6055 }
6056
6057 /**
6058 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
6059 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
6060 */
6061 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_layer_2_step_b8(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,int16_t zeta0,int16_t zeta1)6062 libcrux_ml_kem_vector_portable_ntt_layer_2_step_b8(
6063 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0,
6064 int16_t zeta1) {
6065 return libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(a, zeta0, zeta1);
6066 }
6067
6068 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec,int16_t zeta)6069 libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(
6070 libcrux_ml_kem_vector_portable_vector_type_PortableVector vec,
6071 int16_t zeta) {
6072 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)0U,
6073 (size_t)8U);
6074 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)1U,
6075 (size_t)9U);
6076 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)2U,
6077 (size_t)10U);
6078 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)3U,
6079 (size_t)11U);
6080 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)4U,
6081 (size_t)12U);
6082 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)5U,
6083 (size_t)13U);
6084 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)6U,
6085 (size_t)14U);
6086 libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)7U,
6087 (size_t)15U);
6088 return vec;
6089 }
6090
6091 /**
6092 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
6093 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
6094 */
6095 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_layer_3_step_b8(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,int16_t zeta)6096 libcrux_ml_kem_vector_portable_ntt_layer_3_step_b8(
6097 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) {
6098 return libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(a, zeta);
6099 }
6100
libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(libcrux_ml_kem_vector_portable_vector_type_PortableVector * vec,int16_t zeta,size_t i,size_t j)6101 static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(
6102 libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec,
6103 int16_t zeta, size_t i, size_t j) {
6104 int16_t a_minus_b = vec->elements[j] - vec->elements[i];
6105 int16_t a_plus_b = vec->elements[j] + vec->elements[i];
6106 int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element(
6107 a_plus_b);
6108 int16_t o1 =
6109 libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer(
6110 a_minus_b, libcrux_secrets_int_public_integers_classify_27_39(zeta));
6111 vec->elements[i] = o0;
6112 vec->elements[j] = o1;
6113 }
6114
6115 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec,int16_t zeta0,int16_t zeta1,int16_t zeta2,int16_t zeta3)6116 libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step(
6117 libcrux_ml_kem_vector_portable_vector_type_PortableVector vec,
6118 int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) {
6119 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)0U,
6120 (size_t)2U);
6121 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)1U,
6122 (size_t)3U);
6123 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)4U,
6124 (size_t)6U);
6125 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)5U,
6126 (size_t)7U);
6127 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta2, (size_t)8U,
6128 (size_t)10U);
6129 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta2, (size_t)9U,
6130 (size_t)11U);
6131 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta3, (size_t)12U,
6132 (size_t)14U);
6133 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta3, (size_t)13U,
6134 (size_t)15U);
6135 return vec;
6136 }
6137
6138 /**
6139 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
6140 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
6141 */
6142 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_b8(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,int16_t zeta0,int16_t zeta1,int16_t zeta2,int16_t zeta3)6143 libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_b8(
6144 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0,
6145 int16_t zeta1, int16_t zeta2, int16_t zeta3) {
6146 return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step(
6147 a, zeta0, zeta1, zeta2, zeta3);
6148 }
6149
6150 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec,int16_t zeta0,int16_t zeta1)6151 libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(
6152 libcrux_ml_kem_vector_portable_vector_type_PortableVector vec,
6153 int16_t zeta0, int16_t zeta1) {
6154 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)0U,
6155 (size_t)4U);
6156 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)1U,
6157 (size_t)5U);
6158 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)2U,
6159 (size_t)6U);
6160 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)3U,
6161 (size_t)7U);
6162 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)8U,
6163 (size_t)12U);
6164 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)9U,
6165 (size_t)13U);
6166 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)10U,
6167 (size_t)14U);
6168 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)11U,
6169 (size_t)15U);
6170 return vec;
6171 }
6172
6173 /**
6174 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
6175 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
6176 */
6177 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_b8(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,int16_t zeta0,int16_t zeta1)6178 libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_b8(
6179 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0,
6180 int16_t zeta1) {
6181 return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(a, zeta0,
6182 zeta1);
6183 }
6184
6185 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec,int16_t zeta)6186 libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(
6187 libcrux_ml_kem_vector_portable_vector_type_PortableVector vec,
6188 int16_t zeta) {
6189 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)0U,
6190 (size_t)8U);
6191 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)1U,
6192 (size_t)9U);
6193 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)2U,
6194 (size_t)10U);
6195 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)3U,
6196 (size_t)11U);
6197 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)4U,
6198 (size_t)12U);
6199 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)5U,
6200 (size_t)13U);
6201 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)6U,
6202 (size_t)14U);
6203 libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)7U,
6204 (size_t)15U);
6205 return vec;
6206 }
6207
6208 /**
6209 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
6210 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
6211 */
6212 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_b8(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,int16_t zeta)6213 libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_b8(
6214 libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) {
6215 return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta);
6216 }
6217
6218 /**
6219 Compute the product of two Kyber binomials with respect to the
6220 modulus `X² - zeta`.
6221
6222 This function almost implements <strong>Algorithm 11</strong> of the
6223 NIST FIPS 203 standard, which is reproduced below:
6224
6225 ```plaintext
6226 Input: a₀, a₁, b₀, b₁ ∈ ℤq.
6227 Input: γ ∈ ℤq.
6228 Output: c₀, c₁ ∈ ℤq.
6229
6230 c₀ ← a₀·b₀ + a₁·b₁·γ
6231 c₁ ← a₀·b₁ + a₁·b₀
6232 return c₀, c₁
6233 ```
6234 We say "almost" because the coefficients output by this function are in
6235 the Montgomery domain (unlike in the specification).
6236
6237 The NIST FIPS 203 standard can be found at
6238 <https://csrc.nist.gov/pubs/fips/203/ipd>.
6239 */
6240 static KRML_MUSTINLINE void
libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(libcrux_ml_kem_vector_portable_vector_type_PortableVector * a,libcrux_ml_kem_vector_portable_vector_type_PortableVector * b,int16_t zeta,size_t i,libcrux_ml_kem_vector_portable_vector_type_PortableVector * out)6241 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
6242 libcrux_ml_kem_vector_portable_vector_type_PortableVector *a,
6243 libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta,
6244 size_t i, libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) {
6245 int16_t ai = a->elements[(size_t)2U * i];
6246 int16_t bi = b->elements[(size_t)2U * i];
6247 int16_t aj = a->elements[(size_t)2U * i + (size_t)1U];
6248 int16_t bj = b->elements[(size_t)2U * i + (size_t)1U];
6249 int32_t ai_bi =
6250 libcrux_secrets_int_as_i32_f5(ai) * libcrux_secrets_int_as_i32_f5(bi);
6251 int32_t aj_bj_ =
6252 libcrux_secrets_int_as_i32_f5(aj) * libcrux_secrets_int_as_i32_f5(bj);
6253 int16_t aj_bj =
6254 libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element(
6255 aj_bj_);
6256 int32_t aj_bj_zeta = libcrux_secrets_int_as_i32_f5(aj_bj) *
6257 libcrux_secrets_int_as_i32_f5(zeta);
6258 int32_t ai_bi_aj_bj = ai_bi + aj_bj_zeta;
6259 int16_t o0 =
6260 libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element(
6261 ai_bi_aj_bj);
6262 int32_t ai_bj =
6263 libcrux_secrets_int_as_i32_f5(ai) * libcrux_secrets_int_as_i32_f5(bj);
6264 int32_t aj_bi =
6265 libcrux_secrets_int_as_i32_f5(aj) * libcrux_secrets_int_as_i32_f5(bi);
6266 int32_t ai_bj_aj_bi = ai_bj + aj_bi;
6267 int16_t o1 =
6268 libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element(
6269 ai_bj_aj_bi);
6270 out->elements[(size_t)2U * i] = o0;
6271 out->elements[(size_t)2U * i + (size_t)1U] = o1;
6272 }
6273
6274 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_ntt_multiply(libcrux_ml_kem_vector_portable_vector_type_PortableVector * lhs,libcrux_ml_kem_vector_portable_vector_type_PortableVector * rhs,int16_t zeta0,int16_t zeta1,int16_t zeta2,int16_t zeta3)6275 libcrux_ml_kem_vector_portable_ntt_ntt_multiply(
6276 libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs,
6277 libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs,
6278 int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) {
6279 int16_t nzeta0 = -zeta0;
6280 int16_t nzeta1 = -zeta1;
6281 int16_t nzeta2 = -zeta2;
6282 int16_t nzeta3 = -zeta3;
6283 libcrux_ml_kem_vector_portable_vector_type_PortableVector out =
6284 libcrux_ml_kem_vector_portable_vector_type_zero();
6285 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
6286 lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(zeta0),
6287 (size_t)0U, &out);
6288 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
6289 lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(nzeta0),
6290 (size_t)1U, &out);
6291 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
6292 lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(zeta1),
6293 (size_t)2U, &out);
6294 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
6295 lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(nzeta1),
6296 (size_t)3U, &out);
6297 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
6298 lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(zeta2),
6299 (size_t)4U, &out);
6300 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
6301 lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(nzeta2),
6302 (size_t)5U, &out);
6303 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
6304 lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(zeta3),
6305 (size_t)6U, &out);
6306 libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
6307 lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(nzeta3),
6308 (size_t)7U, &out);
6309 return out;
6310 }
6311
6312 /**
6313 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
6314 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
6315 */
6316 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_multiply_b8(libcrux_ml_kem_vector_portable_vector_type_PortableVector * lhs,libcrux_ml_kem_vector_portable_vector_type_PortableVector * rhs,int16_t zeta0,int16_t zeta1,int16_t zeta2,int16_t zeta3)6317 libcrux_ml_kem_vector_portable_ntt_multiply_b8(
6318 libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs,
6319 libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs,
6320 int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) {
6321 return libcrux_ml_kem_vector_portable_ntt_ntt_multiply(lhs, rhs, zeta0, zeta1,
6322 zeta2, zeta3);
6323 }
6324
6325 static KRML_MUSTINLINE void
libcrux_ml_kem_vector_portable_serialize_serialize_1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,uint8_t ret[2U])6326 libcrux_ml_kem_vector_portable_serialize_serialize_1(
6327 libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
6328 uint8_t ret[2U]) {
6329 uint8_t result0 =
6330 (((((((uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[0U]) |
6331 (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[1U]) << 1U) |
6332 (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[2U]) << 2U) |
6333 (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[3U]) << 3U) |
6334 (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[4U]) << 4U) |
6335 (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[5U]) << 5U) |
6336 (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[6U]) << 6U) |
6337 (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[7U]) << 7U;
6338 uint8_t result1 =
6339 (((((((uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[8U]) |
6340 (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[9U]) << 1U) |
6341 (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[10U]) << 2U) |
6342 (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[11U]) << 3U) |
6343 (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[12U]) << 4U) |
6344 (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[13U]) << 5U) |
6345 (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[14U]) << 6U) |
6346 (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[15U]) << 7U;
6347 ret[0U] = result0;
6348 ret[1U] = result1;
6349 }
6350
libcrux_ml_kem_vector_portable_serialize_1(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,uint8_t ret[2U])6351 static inline void libcrux_ml_kem_vector_portable_serialize_1(
6352 libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
6353 uint8_t ret[2U]) {
6354 uint8_t ret0[2U];
6355 libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret0);
6356 libcrux_secrets_int_public_integers_declassify_d8_d4(ret0, ret);
6357 }
6358
6359 /**
6360 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
6361 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
6362 */
libcrux_ml_kem_vector_portable_serialize_1_b8(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,uint8_t ret[2U])6363 static inline void libcrux_ml_kem_vector_portable_serialize_1_b8(
6364 libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
6365 uint8_t ret[2U]) {
6366 libcrux_ml_kem_vector_portable_serialize_1(a, ret);
6367 }
6368
6369 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v)6370 libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) {
6371 int16_t result0 = libcrux_secrets_int_as_i16_59(
6372 (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) & 1U);
6373 int16_t result1 = libcrux_secrets_int_as_i16_59(
6374 (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) >> 1U &
6375 1U);
6376 int16_t result2 = libcrux_secrets_int_as_i16_59(
6377 (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) >> 2U &
6378 1U);
6379 int16_t result3 = libcrux_secrets_int_as_i16_59(
6380 (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) >> 3U &
6381 1U);
6382 int16_t result4 = libcrux_secrets_int_as_i16_59(
6383 (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) >> 4U &
6384 1U);
6385 int16_t result5 = libcrux_secrets_int_as_i16_59(
6386 (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) >> 5U &
6387 1U);
6388 int16_t result6 = libcrux_secrets_int_as_i16_59(
6389 (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) >> 6U &
6390 1U);
6391 int16_t result7 = libcrux_secrets_int_as_i16_59(
6392 (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) >> 7U &
6393 1U);
6394 int16_t result8 = libcrux_secrets_int_as_i16_59(
6395 (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) & 1U);
6396 int16_t result9 = libcrux_secrets_int_as_i16_59(
6397 (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) >> 1U &
6398 1U);
6399 int16_t result10 = libcrux_secrets_int_as_i16_59(
6400 (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) >> 2U &
6401 1U);
6402 int16_t result11 = libcrux_secrets_int_as_i16_59(
6403 (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) >> 3U &
6404 1U);
6405 int16_t result12 = libcrux_secrets_int_as_i16_59(
6406 (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) >> 4U &
6407 1U);
6408 int16_t result13 = libcrux_secrets_int_as_i16_59(
6409 (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) >> 5U &
6410 1U);
6411 int16_t result14 = libcrux_secrets_int_as_i16_59(
6412 (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) >> 6U &
6413 1U);
6414 int16_t result15 = libcrux_secrets_int_as_i16_59(
6415 (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) >> 7U &
6416 1U);
6417 return (
6418 KRML_CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector){
6419 .elements = {result0, result1, result2, result3, result4, result5,
6420 result6, result7, result8, result9, result10, result11,
6421 result12, result13, result14, result15}});
6422 }
6423
6424 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_1(Eurydice_slice a)6425 libcrux_ml_kem_vector_portable_deserialize_1(Eurydice_slice a) {
6426 return libcrux_ml_kem_vector_portable_serialize_deserialize_1(
6427 libcrux_secrets_int_classify_public_classify_ref_9b_90(a));
6428 }
6429
6430 /**
6431 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
6432 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
6433 */
6434 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_1_b8(Eurydice_slice a)6435 libcrux_ml_kem_vector_portable_deserialize_1_b8(Eurydice_slice a) {
6436 return libcrux_ml_kem_vector_portable_deserialize_1(a);
6437 }
6438
6439 typedef struct uint8_t_x4_s {
6440 uint8_t fst;
6441 uint8_t snd;
6442 uint8_t thd;
6443 uint8_t f3;
6444 } uint8_t_x4;
6445
6446 static KRML_MUSTINLINE uint8_t_x4
libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v)6447 libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) {
6448 uint8_t result0 = (uint32_t)libcrux_secrets_int_as_u8_f5(
6449 Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *))
6450 << 4U |
6451 (uint32_t)libcrux_secrets_int_as_u8_f5(Eurydice_slice_index(
6452 v, (size_t)0U, int16_t, int16_t *));
6453 uint8_t result1 = (uint32_t)libcrux_secrets_int_as_u8_f5(
6454 Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *))
6455 << 4U |
6456 (uint32_t)libcrux_secrets_int_as_u8_f5(Eurydice_slice_index(
6457 v, (size_t)2U, int16_t, int16_t *));
6458 uint8_t result2 = (uint32_t)libcrux_secrets_int_as_u8_f5(
6459 Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *))
6460 << 4U |
6461 (uint32_t)libcrux_secrets_int_as_u8_f5(Eurydice_slice_index(
6462 v, (size_t)4U, int16_t, int16_t *));
6463 uint8_t result3 = (uint32_t)libcrux_secrets_int_as_u8_f5(
6464 Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *))
6465 << 4U |
6466 (uint32_t)libcrux_secrets_int_as_u8_f5(Eurydice_slice_index(
6467 v, (size_t)6U, int16_t, int16_t *));
6468 return (KRML_CLITERAL(uint8_t_x4){
6469 .fst = result0, .snd = result1, .thd = result2, .f3 = result3});
6470 }
6471
6472 static KRML_MUSTINLINE void
libcrux_ml_kem_vector_portable_serialize_serialize_4(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,uint8_t ret[8U])6473 libcrux_ml_kem_vector_portable_serialize_serialize_4(
6474 libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
6475 uint8_t ret[8U]) {
6476 uint8_t_x4 result0_3 =
6477 libcrux_ml_kem_vector_portable_serialize_serialize_4_int(
6478 Eurydice_array_to_subslice3(v.elements, (size_t)0U, (size_t)8U,
6479 int16_t *));
6480 uint8_t_x4 result4_7 =
6481 libcrux_ml_kem_vector_portable_serialize_serialize_4_int(
6482 Eurydice_array_to_subslice3(v.elements, (size_t)8U, (size_t)16U,
6483 int16_t *));
6484 ret[0U] = result0_3.fst;
6485 ret[1U] = result0_3.snd;
6486 ret[2U] = result0_3.thd;
6487 ret[3U] = result0_3.f3;
6488 ret[4U] = result4_7.fst;
6489 ret[5U] = result4_7.snd;
6490 ret[6U] = result4_7.thd;
6491 ret[7U] = result4_7.f3;
6492 }
6493
libcrux_ml_kem_vector_portable_serialize_4(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,uint8_t ret[8U])6494 static inline void libcrux_ml_kem_vector_portable_serialize_4(
6495 libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
6496 uint8_t ret[8U]) {
6497 uint8_t ret0[8U];
6498 libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret0);
6499 libcrux_secrets_int_public_integers_declassify_d8_76(ret0, ret);
6500 }
6501
6502 /**
6503 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
6504 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
6505 */
libcrux_ml_kem_vector_portable_serialize_4_b8(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,uint8_t ret[8U])6506 static inline void libcrux_ml_kem_vector_portable_serialize_4_b8(
6507 libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
6508 uint8_t ret[8U]) {
6509 libcrux_ml_kem_vector_portable_serialize_4(a, ret);
6510 }
6511
6512 static KRML_MUSTINLINE int16_t_x8
libcrux_ml_kem_vector_portable_serialize_deserialize_4_int(Eurydice_slice bytes)6513 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int(
6514 Eurydice_slice bytes) {
6515 int16_t v0 = libcrux_secrets_int_as_i16_59(
6516 (uint32_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *) &
6517 15U);
6518 int16_t v1 = libcrux_secrets_int_as_i16_59(
6519 (uint32_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *) >>
6520 4U &
6521 15U);
6522 int16_t v2 = libcrux_secrets_int_as_i16_59(
6523 (uint32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) &
6524 15U);
6525 int16_t v3 = libcrux_secrets_int_as_i16_59(
6526 (uint32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >>
6527 4U &
6528 15U);
6529 int16_t v4 = libcrux_secrets_int_as_i16_59(
6530 (uint32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) &
6531 15U);
6532 int16_t v5 = libcrux_secrets_int_as_i16_59(
6533 (uint32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >>
6534 4U &
6535 15U);
6536 int16_t v6 = libcrux_secrets_int_as_i16_59(
6537 (uint32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) &
6538 15U);
6539 int16_t v7 = libcrux_secrets_int_as_i16_59(
6540 (uint32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) >>
6541 4U &
6542 15U);
6543 return (KRML_CLITERAL(int16_t_x8){.fst = v0,
6544 .snd = v1,
6545 .thd = v2,
6546 .f3 = v3,
6547 .f4 = v4,
6548 .f5 = v5,
6549 .f6 = v6,
6550 .f7 = v7});
6551 }
6552
6553 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes)6554 libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) {
6555 int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int(
6556 Eurydice_slice_subslice3(bytes, (size_t)0U, (size_t)4U, uint8_t *));
6557 int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int(
6558 Eurydice_slice_subslice3(bytes, (size_t)4U, (size_t)8U, uint8_t *));
6559 return (
6560 KRML_CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector){
6561 .elements = {v0_7.fst, v0_7.snd, v0_7.thd, v0_7.f3, v0_7.f4, v0_7.f5,
6562 v0_7.f6, v0_7.f7, v8_15.fst, v8_15.snd, v8_15.thd,
6563 v8_15.f3, v8_15.f4, v8_15.f5, v8_15.f6, v8_15.f7}});
6564 }
6565
6566 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_4(Eurydice_slice a)6567 libcrux_ml_kem_vector_portable_deserialize_4(Eurydice_slice a) {
6568 return libcrux_ml_kem_vector_portable_serialize_deserialize_4(
6569 libcrux_secrets_int_classify_public_classify_ref_9b_90(a));
6570 }
6571
6572 /**
6573 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
6574 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
6575 */
6576 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_4_b8(Eurydice_slice a)6577 libcrux_ml_kem_vector_portable_deserialize_4_b8(Eurydice_slice a) {
6578 return libcrux_ml_kem_vector_portable_deserialize_4(a);
6579 }
6580
6581 typedef struct uint8_t_x5_s {
6582 uint8_t fst;
6583 uint8_t snd;
6584 uint8_t thd;
6585 uint8_t f3;
6586 uint8_t f4;
6587 } uint8_t_x5;
6588
6589 static KRML_MUSTINLINE uint8_t_x5
libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v)6590 libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) {
6591 uint8_t r0 = libcrux_secrets_int_as_u8_f5(
6592 Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & (int16_t)255);
6593 uint8_t r1 =
6594 (uint32_t)libcrux_secrets_int_as_u8_f5(
6595 Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) & (int16_t)63)
6596 << 2U |
6597 (uint32_t)libcrux_secrets_int_as_u8_f5(
6598 Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) >> 8U &
6599 (int16_t)3);
6600 uint8_t r2 =
6601 (uint32_t)libcrux_secrets_int_as_u8_f5(
6602 Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) & (int16_t)15)
6603 << 4U |
6604 (uint32_t)libcrux_secrets_int_as_u8_f5(
6605 Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 6U &
6606 (int16_t)15);
6607 uint8_t r3 =
6608 (uint32_t)libcrux_secrets_int_as_u8_f5(
6609 Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) & (int16_t)3)
6610 << 6U |
6611 (uint32_t)libcrux_secrets_int_as_u8_f5(
6612 Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) >> 4U &
6613 (int16_t)63);
6614 uint8_t r4 = libcrux_secrets_int_as_u8_f5(
6615 Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 2U &
6616 (int16_t)255);
6617 return (KRML_CLITERAL(uint8_t_x5){
6618 .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4});
6619 }
6620
6621 static KRML_MUSTINLINE void
libcrux_ml_kem_vector_portable_serialize_serialize_10(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,uint8_t ret[20U])6622 libcrux_ml_kem_vector_portable_serialize_serialize_10(
6623 libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
6624 uint8_t ret[20U]) {
6625 uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int(
6626 Eurydice_array_to_subslice3(v.elements, (size_t)0U, (size_t)4U,
6627 int16_t *));
6628 uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int(
6629 Eurydice_array_to_subslice3(v.elements, (size_t)4U, (size_t)8U,
6630 int16_t *));
6631 uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int(
6632 Eurydice_array_to_subslice3(v.elements, (size_t)8U, (size_t)12U,
6633 int16_t *));
6634 uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int(
6635 Eurydice_array_to_subslice3(v.elements, (size_t)12U, (size_t)16U,
6636 int16_t *));
6637 ret[0U] = r0_4.fst;
6638 ret[1U] = r0_4.snd;
6639 ret[2U] = r0_4.thd;
6640 ret[3U] = r0_4.f3;
6641 ret[4U] = r0_4.f4;
6642 ret[5U] = r5_9.fst;
6643 ret[6U] = r5_9.snd;
6644 ret[7U] = r5_9.thd;
6645 ret[8U] = r5_9.f3;
6646 ret[9U] = r5_9.f4;
6647 ret[10U] = r10_14.fst;
6648 ret[11U] = r10_14.snd;
6649 ret[12U] = r10_14.thd;
6650 ret[13U] = r10_14.f3;
6651 ret[14U] = r10_14.f4;
6652 ret[15U] = r15_19.fst;
6653 ret[16U] = r15_19.snd;
6654 ret[17U] = r15_19.thd;
6655 ret[18U] = r15_19.f3;
6656 ret[19U] = r15_19.f4;
6657 }
6658
libcrux_ml_kem_vector_portable_serialize_10(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,uint8_t ret[20U])6659 static inline void libcrux_ml_kem_vector_portable_serialize_10(
6660 libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
6661 uint8_t ret[20U]) {
6662 uint8_t ret0[20U];
6663 libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret0);
6664 libcrux_secrets_int_public_integers_declassify_d8_57(ret0, ret);
6665 }
6666
6667 /**
6668 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
6669 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
6670 */
libcrux_ml_kem_vector_portable_serialize_10_b8(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,uint8_t ret[20U])6671 static inline void libcrux_ml_kem_vector_portable_serialize_10_b8(
6672 libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
6673 uint8_t ret[20U]) {
6674 libcrux_ml_kem_vector_portable_serialize_10(a, ret);
6675 }
6676
6677 static KRML_MUSTINLINE int16_t_x8
libcrux_ml_kem_vector_portable_serialize_deserialize_10_int(Eurydice_slice bytes)6678 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int(
6679 Eurydice_slice bytes) {
6680 int16_t r0 = libcrux_secrets_int_as_i16_f5(
6681 (libcrux_secrets_int_as_i16_59(
6682 Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *)) &
6683 (int16_t)3)
6684 << 8U |
6685 (libcrux_secrets_int_as_i16_59(
6686 Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)) &
6687 (int16_t)255));
6688 int16_t r1 = libcrux_secrets_int_as_i16_f5(
6689 (libcrux_secrets_int_as_i16_59(
6690 Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *)) &
6691 (int16_t)15)
6692 << 6U |
6693 libcrux_secrets_int_as_i16_59(
6694 Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *)) >>
6695 2U);
6696 int16_t r2 = libcrux_secrets_int_as_i16_f5(
6697 (libcrux_secrets_int_as_i16_59(
6698 Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *)) &
6699 (int16_t)63)
6700 << 4U |
6701 libcrux_secrets_int_as_i16_59(
6702 Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *)) >>
6703 4U);
6704 int16_t r3 = libcrux_secrets_int_as_i16_f5(
6705 libcrux_secrets_int_as_i16_59(
6706 Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *))
6707 << 2U |
6708 libcrux_secrets_int_as_i16_59(
6709 Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *)) >>
6710 6U);
6711 int16_t r4 = libcrux_secrets_int_as_i16_f5(
6712 (libcrux_secrets_int_as_i16_59(
6713 Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *)) &
6714 (int16_t)3)
6715 << 8U |
6716 (libcrux_secrets_int_as_i16_59(
6717 Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *)) &
6718 (int16_t)255));
6719 int16_t r5 = libcrux_secrets_int_as_i16_f5(
6720 (libcrux_secrets_int_as_i16_59(
6721 Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *)) &
6722 (int16_t)15)
6723 << 6U |
6724 libcrux_secrets_int_as_i16_59(
6725 Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *)) >>
6726 2U);
6727 int16_t r6 = libcrux_secrets_int_as_i16_f5(
6728 (libcrux_secrets_int_as_i16_59(
6729 Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *)) &
6730 (int16_t)63)
6731 << 4U |
6732 libcrux_secrets_int_as_i16_59(
6733 Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *)) >>
6734 4U);
6735 int16_t r7 = libcrux_secrets_int_as_i16_f5(
6736 libcrux_secrets_int_as_i16_59(
6737 Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *))
6738 << 2U |
6739 libcrux_secrets_int_as_i16_59(
6740 Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *)) >>
6741 6U);
6742 return (KRML_CLITERAL(int16_t_x8){.fst = r0,
6743 .snd = r1,
6744 .thd = r2,
6745 .f3 = r3,
6746 .f4 = r4,
6747 .f5 = r5,
6748 .f6 = r6,
6749 .f7 = r7});
6750 }
6751
6752 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes)6753 libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) {
6754 int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int(
6755 Eurydice_slice_subslice3(bytes, (size_t)0U, (size_t)10U, uint8_t *));
6756 int16_t_x8 v8_15 =
6757 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int(
6758 Eurydice_slice_subslice3(bytes, (size_t)10U, (size_t)20U, uint8_t *));
6759 return (
6760 KRML_CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector){
6761 .elements = {v0_7.fst, v0_7.snd, v0_7.thd, v0_7.f3, v0_7.f4, v0_7.f5,
6762 v0_7.f6, v0_7.f7, v8_15.fst, v8_15.snd, v8_15.thd,
6763 v8_15.f3, v8_15.f4, v8_15.f5, v8_15.f6, v8_15.f7}});
6764 }
6765
6766 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_10(Eurydice_slice a)6767 libcrux_ml_kem_vector_portable_deserialize_10(Eurydice_slice a) {
6768 return libcrux_ml_kem_vector_portable_serialize_deserialize_10(
6769 libcrux_secrets_int_classify_public_classify_ref_9b_90(a));
6770 }
6771
6772 /**
6773 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
6774 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
6775 */
6776 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_10_b8(Eurydice_slice a)6777 libcrux_ml_kem_vector_portable_deserialize_10_b8(Eurydice_slice a) {
6778 return libcrux_ml_kem_vector_portable_deserialize_10(a);
6779 }
6780
6781 typedef struct uint8_t_x3_s {
6782 uint8_t fst;
6783 uint8_t snd;
6784 uint8_t thd;
6785 } uint8_t_x3;
6786
6787 static KRML_MUSTINLINE uint8_t_x3
libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v)6788 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) {
6789 uint8_t r0 = libcrux_secrets_int_as_u8_f5(
6790 Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & (int16_t)255);
6791 uint8_t r1 = libcrux_secrets_int_as_u8_f5(
6792 Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) >> 8U |
6793 (Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) & (int16_t)15)
6794 << 4U);
6795 uint8_t r2 = libcrux_secrets_int_as_u8_f5(
6796 Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 4U &
6797 (int16_t)255);
6798 return (KRML_CLITERAL(uint8_t_x3){.fst = r0, .snd = r1, .thd = r2});
6799 }
6800
6801 static KRML_MUSTINLINE void
libcrux_ml_kem_vector_portable_serialize_serialize_12(libcrux_ml_kem_vector_portable_vector_type_PortableVector v,uint8_t ret[24U])6802 libcrux_ml_kem_vector_portable_serialize_serialize_12(
6803 libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
6804 uint8_t ret[24U]) {
6805 uint8_t_x3 r0_2 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int(
6806 Eurydice_array_to_subslice3(v.elements, (size_t)0U, (size_t)2U,
6807 int16_t *));
6808 uint8_t_x3 r3_5 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int(
6809 Eurydice_array_to_subslice3(v.elements, (size_t)2U, (size_t)4U,
6810 int16_t *));
6811 uint8_t_x3 r6_8 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int(
6812 Eurydice_array_to_subslice3(v.elements, (size_t)4U, (size_t)6U,
6813 int16_t *));
6814 uint8_t_x3 r9_11 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int(
6815 Eurydice_array_to_subslice3(v.elements, (size_t)6U, (size_t)8U,
6816 int16_t *));
6817 uint8_t_x3 r12_14 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int(
6818 Eurydice_array_to_subslice3(v.elements, (size_t)8U, (size_t)10U,
6819 int16_t *));
6820 uint8_t_x3 r15_17 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int(
6821 Eurydice_array_to_subslice3(v.elements, (size_t)10U, (size_t)12U,
6822 int16_t *));
6823 uint8_t_x3 r18_20 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int(
6824 Eurydice_array_to_subslice3(v.elements, (size_t)12U, (size_t)14U,
6825 int16_t *));
6826 uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int(
6827 Eurydice_array_to_subslice3(v.elements, (size_t)14U, (size_t)16U,
6828 int16_t *));
6829 ret[0U] = r0_2.fst;
6830 ret[1U] = r0_2.snd;
6831 ret[2U] = r0_2.thd;
6832 ret[3U] = r3_5.fst;
6833 ret[4U] = r3_5.snd;
6834 ret[5U] = r3_5.thd;
6835 ret[6U] = r6_8.fst;
6836 ret[7U] = r6_8.snd;
6837 ret[8U] = r6_8.thd;
6838 ret[9U] = r9_11.fst;
6839 ret[10U] = r9_11.snd;
6840 ret[11U] = r9_11.thd;
6841 ret[12U] = r12_14.fst;
6842 ret[13U] = r12_14.snd;
6843 ret[14U] = r12_14.thd;
6844 ret[15U] = r15_17.fst;
6845 ret[16U] = r15_17.snd;
6846 ret[17U] = r15_17.thd;
6847 ret[18U] = r18_20.fst;
6848 ret[19U] = r18_20.snd;
6849 ret[20U] = r18_20.thd;
6850 ret[21U] = r21_23.fst;
6851 ret[22U] = r21_23.snd;
6852 ret[23U] = r21_23.thd;
6853 }
6854
libcrux_ml_kem_vector_portable_serialize_12(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,uint8_t ret[24U])6855 static inline void libcrux_ml_kem_vector_portable_serialize_12(
6856 libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
6857 uint8_t ret[24U]) {
6858 uint8_t ret0[24U];
6859 libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret0);
6860 libcrux_secrets_int_public_integers_declassify_d8_d2(ret0, ret);
6861 }
6862
6863 /**
6864 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
6865 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
6866 */
libcrux_ml_kem_vector_portable_serialize_12_b8(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,uint8_t ret[24U])6867 static inline void libcrux_ml_kem_vector_portable_serialize_12_b8(
6868 libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
6869 uint8_t ret[24U]) {
6870 libcrux_ml_kem_vector_portable_serialize_12(a, ret);
6871 }
6872
6873 typedef struct int16_t_x2_s {
6874 int16_t fst;
6875 int16_t snd;
6876 } int16_t_x2;
6877
6878 static KRML_MUSTINLINE int16_t_x2
libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(Eurydice_slice bytes)6879 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
6880 Eurydice_slice bytes) {
6881 int16_t byte0 = libcrux_secrets_int_as_i16_59(
6882 Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *));
6883 int16_t byte1 = libcrux_secrets_int_as_i16_59(
6884 Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *));
6885 int16_t byte2 = libcrux_secrets_int_as_i16_59(
6886 Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *));
6887 int16_t r0 = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255);
6888 int16_t r1 = byte2 << 4U | (byte1 >> 4U & (int16_t)15);
6889 return (KRML_CLITERAL(int16_t_x2){.fst = r0, .snd = r1});
6890 }
6891
6892 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes)6893 libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) {
6894 int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
6895 Eurydice_slice_subslice3(bytes, (size_t)0U, (size_t)3U, uint8_t *));
6896 int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
6897 Eurydice_slice_subslice3(bytes, (size_t)3U, (size_t)6U, uint8_t *));
6898 int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
6899 Eurydice_slice_subslice3(bytes, (size_t)6U, (size_t)9U, uint8_t *));
6900 int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
6901 Eurydice_slice_subslice3(bytes, (size_t)9U, (size_t)12U, uint8_t *));
6902 int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
6903 Eurydice_slice_subslice3(bytes, (size_t)12U, (size_t)15U, uint8_t *));
6904 int16_t_x2 v10_11 =
6905 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
6906 Eurydice_slice_subslice3(bytes, (size_t)15U, (size_t)18U, uint8_t *));
6907 int16_t_x2 v12_13 =
6908 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
6909 Eurydice_slice_subslice3(bytes, (size_t)18U, (size_t)21U, uint8_t *));
6910 int16_t_x2 v14_15 =
6911 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
6912 Eurydice_slice_subslice3(bytes, (size_t)21U, (size_t)24U, uint8_t *));
6913 return (
6914 KRML_CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector){
6915 .elements = {v0_1.fst, v0_1.snd, v2_3.fst, v2_3.snd, v4_5.fst,
6916 v4_5.snd, v6_7.fst, v6_7.snd, v8_9.fst, v8_9.snd,
6917 v10_11.fst, v10_11.snd, v12_13.fst, v12_13.snd,
6918 v14_15.fst, v14_15.snd}});
6919 }
6920
6921 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_12(Eurydice_slice a)6922 libcrux_ml_kem_vector_portable_deserialize_12(Eurydice_slice a) {
6923 return libcrux_ml_kem_vector_portable_serialize_deserialize_12(
6924 libcrux_secrets_int_classify_public_classify_ref_9b_90(a));
6925 }
6926
6927 /**
6928 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
6929 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
6930 */
6931 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_12_b8(Eurydice_slice a)6932 libcrux_ml_kem_vector_portable_deserialize_12_b8(Eurydice_slice a) {
6933 return libcrux_ml_kem_vector_portable_deserialize_12(a);
6934 }
6935
6936 static KRML_MUSTINLINE size_t
libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a,Eurydice_slice result)6937 libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a,
6938 Eurydice_slice result) {
6939 size_t sampled = (size_t)0U;
6940 for (size_t i = (size_t)0U; i < Eurydice_slice_len(a, uint8_t) / (size_t)3U;
6941 i++) {
6942 size_t i0 = i;
6943 int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U,
6944 uint8_t, uint8_t *);
6945 int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U,
6946 uint8_t, uint8_t *);
6947 int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U,
6948 uint8_t, uint8_t *);
6949 int16_t d1 = (b2 & (int16_t)15) << 8U | b1;
6950 int16_t d2 = b3 << 4U | b2 >> 4U;
6951 if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) {
6952 if (sampled < (size_t)16U) {
6953 Eurydice_slice_index(result, sampled, int16_t, int16_t *) = d1;
6954 sampled++;
6955 }
6956 }
6957 if (d2 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) {
6958 if (sampled < (size_t)16U) {
6959 Eurydice_slice_index(result, sampled, int16_t, int16_t *) = d2;
6960 sampled++;
6961 }
6962 }
6963 }
6964 return sampled;
6965 }
6966
6967 /**
6968 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
6969 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
6970 */
libcrux_ml_kem_vector_portable_rej_sample_b8(Eurydice_slice a,Eurydice_slice out)6971 static inline size_t libcrux_ml_kem_vector_portable_rej_sample_b8(
6972 Eurydice_slice a, Eurydice_slice out) {
6973 return libcrux_ml_kem_vector_portable_sampling_rej_sample(a, out);
6974 }
6975
6976 #define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR ((size_t)10U)
6977
6978 #define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE \
6979 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \
6980 LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR / (size_t)8U)
6981
6982 #define LIBCRUX_ML_KEM_MLKEM768_RANK ((size_t)3U)
6983
6984 #define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE \
6985 (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE * LIBCRUX_ML_KEM_MLKEM768_RANK)
6986
6987 #define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR ((size_t)4U)
6988
6989 #define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE \
6990 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \
6991 LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR / (size_t)8U)
6992
6993 #define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE \
6994 (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE)
6995
6996 #define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE \
6997 (LIBCRUX_ML_KEM_MLKEM768_RANK * \
6998 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \
6999 LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U)
7000
7001 #define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE \
7002 (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE + (size_t)32U)
7003
7004 #define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE \
7005 (LIBCRUX_ML_KEM_MLKEM768_RANK * \
7006 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \
7007 LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U)
7008
7009 #define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U)
7010
7011 #define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE \
7012 (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U)
7013
7014 #define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U)
7015
7016 #define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE \
7017 (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U)
7018
7019 #define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE \
7020 (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \
7021 LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE)
7022
7023 typedef libcrux_ml_kem_types_MlKemPrivateKey_d9
7024 libcrux_ml_kem_mlkem768_MlKem768PrivateKey;
7025
7026 typedef libcrux_ml_kem_types_MlKemPublicKey_30
7027 libcrux_ml_kem_mlkem768_MlKem768PublicKey;
7028
7029 #define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT \
7030 (LIBCRUX_ML_KEM_MLKEM768_RANK * \
7031 LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U)
7032
7033 #define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE \
7034 (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE + \
7035 LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE + \
7036 LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \
7037 LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)
7038
7039 /**
7040 A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement
7041 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7042
7043 */
7044 typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1d_s {
7045 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U];
7046 } libcrux_ml_kem_polynomial_PolynomialRingElement_1d;
7047
7048 /**
7049 A monomorphic instance of
7050 libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types
7051 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
7052 - $3size_t
7053 */
7054 typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s {
7055 libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[3U];
7056 } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0;
7057
7058 /**
7059 This function found in impl
7060 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
7061 TraitClause@1]}
7062 */
7063 /**
7064 A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_d6
7065 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7066 with const generics
7067
7068 */
7069 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_polynomial_ZERO_d6_ea(void)7070 libcrux_ml_kem_polynomial_ZERO_d6_ea(void) {
7071 libcrux_ml_kem_polynomial_PolynomialRingElement_1d lit;
7072 libcrux_ml_kem_vector_portable_vector_type_PortableVector
7073 repeat_expression[16U];
7074 for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
7075 repeat_expression[i] = libcrux_ml_kem_vector_portable_ZERO_b8();
7076 }
7077 memcpy(lit.coefficients, repeat_expression,
7078 (size_t)16U *
7079 sizeof(libcrux_ml_kem_vector_portable_vector_type_PortableVector));
7080 return lit;
7081 }
7082
7083 /**
7084 This function found in impl {core::ops::function::FnMut<(usize),
7085 libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
7086 TraitClause@1]> for libcrux_ml_kem::ind_cpa::decrypt::closure<Vector, K,
7087 CIPHERTEXT_SIZE, VECTOR_U_ENCODED_SIZE, U_COMPRESSION_FACTOR,
7088 V_COMPRESSION_FACTOR>[TraitClause@0, TraitClause@1]}
7089 */
7090 /**
7091 A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt.call_mut_0b
7092 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7093 with const generics
7094 - K= 3
7095 - CIPHERTEXT_SIZE= 1088
7096 - VECTOR_U_ENCODED_SIZE= 960
7097 - U_COMPRESSION_FACTOR= 10
7098 - V_COMPRESSION_FACTOR= 4
7099 */
7100 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_ind_cpa_decrypt_call_mut_0b_42(void ** _,size_t tupled_args)7101 libcrux_ml_kem_ind_cpa_decrypt_call_mut_0b_42(void **_, size_t tupled_args) {
7102 return libcrux_ml_kem_polynomial_ZERO_d6_ea();
7103 }
7104
7105 /**
7106 A monomorphic instance of
7107 libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types
7108 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
7109
7110 */
7111 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ea(Eurydice_slice serialized)7112 libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ea(
7113 Eurydice_slice serialized) {
7114 libcrux_ml_kem_polynomial_PolynomialRingElement_1d re =
7115 libcrux_ml_kem_polynomial_ZERO_d6_ea();
7116 for (size_t i = (size_t)0U;
7117 i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
7118 size_t i0 = i;
7119 Eurydice_slice bytes =
7120 Eurydice_slice_subslice3(serialized, i0 * (size_t)24U,
7121 i0 * (size_t)24U + (size_t)24U, uint8_t *);
7122 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
7123 libcrux_ml_kem_vector_portable_deserialize_12_b8(bytes);
7124 re.coefficients[i0] = uu____0;
7125 }
7126 return re;
7127 }
7128
7129 /**
7130 Call [`deserialize_to_uncompressed_ring_element`] for each ring element.
7131 */
7132 /**
7133 A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_vector
7134 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7135 with const generics
7136 - K= 3
7137 */
libcrux_ml_kem_ind_cpa_deserialize_vector_1b(Eurydice_slice secret_key,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * secret_as_ntt)7138 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_vector_1b(
7139 Eurydice_slice secret_key,
7140 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *secret_as_ntt) {
7141 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
7142 size_t i0 = i;
7143 libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
7144 libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ea(
7145 Eurydice_slice_subslice3(
7146 secret_key,
7147 i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
7148 (i0 + (size_t)1U) *
7149 LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
7150 uint8_t *));
7151 secret_as_ntt[i0] = uu____0;
7152 }
7153 }
7154
7155 /**
7156 This function found in impl {core::ops::function::FnMut<(usize),
7157 libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
7158 TraitClause@1]> for
7159 libcrux_ml_kem::ind_cpa::deserialize_then_decompress_u::closure<Vector, K,
7160 CIPHERTEXT_SIZE, U_COMPRESSION_FACTOR>[TraitClause@0, TraitClause@1]}
7161 */
7162 /**
7163 A monomorphic instance of
7164 libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.call_mut_35 with types
7165 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
7166 - K= 3
7167 - CIPHERTEXT_SIZE= 1088
7168 - U_COMPRESSION_FACTOR= 10
7169 */
7170 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_call_mut_35_6c(void ** _,size_t tupled_args)7171 libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_call_mut_35_6c(
7172 void **_, size_t tupled_args) {
7173 return libcrux_ml_kem_polynomial_ZERO_d6_ea();
7174 }
7175
7176 /**
7177 A monomorphic instance of
7178 libcrux_ml_kem.vector.portable.compress.decompress_ciphertext_coefficient with
7179 const generics
7180 - COEFFICIENT_BITS= 10
7181 */
7182 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_ef(libcrux_ml_kem_vector_portable_vector_type_PortableVector a)7183 libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_ef(
7184 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
7185 for (size_t i = (size_t)0U;
7186 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
7187 size_t i0 = i;
7188 int32_t decompressed =
7189 libcrux_secrets_int_as_i32_f5(a.elements[i0]) *
7190 libcrux_secrets_int_as_i32_f5(
7191 libcrux_secrets_int_public_integers_classify_27_39(
7192 LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS));
7193 decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)10);
7194 decompressed = decompressed >> (uint32_t)((int32_t)10 + (int32_t)1);
7195 a.elements[i0] = libcrux_secrets_int_as_i16_36(decompressed);
7196 }
7197 return a;
7198 }
7199
7200 /**
7201 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
7202 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
7203 */
7204 /**
7205 A monomorphic instance of
7206 libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_b8 with const
7207 generics
7208 - COEFFICIENT_BITS= 10
7209 */
7210 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_b8_ef(libcrux_ml_kem_vector_portable_vector_type_PortableVector a)7211 libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_b8_ef(
7212 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
7213 return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_ef(
7214 a);
7215 }
7216
7217 /**
7218 A monomorphic instance of
7219 libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types
7220 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
7221
7222 */
7223 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_serialize_deserialize_then_decompress_10_ea(Eurydice_slice serialized)7224 libcrux_ml_kem_serialize_deserialize_then_decompress_10_ea(
7225 Eurydice_slice serialized) {
7226 libcrux_ml_kem_polynomial_PolynomialRingElement_1d re =
7227 libcrux_ml_kem_polynomial_ZERO_d6_ea();
7228 for (size_t i = (size_t)0U;
7229 i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) {
7230 size_t i0 = i;
7231 Eurydice_slice bytes =
7232 Eurydice_slice_subslice3(serialized, i0 * (size_t)20U,
7233 i0 * (size_t)20U + (size_t)20U, uint8_t *);
7234 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
7235 libcrux_ml_kem_vector_portable_deserialize_10_b8(bytes);
7236 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
7237 libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_b8_ef(
7238 coefficient);
7239 re.coefficients[i0] = uu____0;
7240 }
7241 return re;
7242 }
7243
7244 /**
7245 A monomorphic instance of
7246 libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types
7247 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
7248 - COMPRESSION_FACTOR= 10
7249 */
7250 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_0a(Eurydice_slice serialized)7251 libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_0a(
7252 Eurydice_slice serialized) {
7253 return libcrux_ml_kem_serialize_deserialize_then_decompress_10_ea(serialized);
7254 }
7255
7256 typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s {
7257 libcrux_ml_kem_vector_portable_vector_type_PortableVector fst;
7258 libcrux_ml_kem_vector_portable_vector_type_PortableVector snd;
7259 } libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2;
7260
7261 /**
7262 A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step
7263 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7264 with const generics
7265
7266 */
7267 static KRML_MUSTINLINE
7268 libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2
libcrux_ml_kem_ntt_ntt_layer_int_vec_step_ea(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,libcrux_ml_kem_vector_portable_vector_type_PortableVector b,int16_t zeta_r)7269 libcrux_ml_kem_ntt_ntt_layer_int_vec_step_ea(
7270 libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
7271 libcrux_ml_kem_vector_portable_vector_type_PortableVector b,
7272 int16_t zeta_r) {
7273 libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
7274 libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8(b,
7275 zeta_r);
7276 b = libcrux_ml_kem_vector_portable_sub_b8(a, &t);
7277 a = libcrux_ml_kem_vector_portable_add_b8(a, &t);
7278 return (KRML_CLITERAL(
7279 libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){.fst = a,
7280 .snd = b});
7281 }
7282
7283 /**
7284 A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus
7285 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7286 with const generics
7287
7288 */
libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea(size_t * zeta_i,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * re,size_t layer,size_t _initial_coefficient_bound)7289 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea(
7290 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
7291 size_t layer, size_t _initial_coefficient_bound) {
7292 size_t step = (size_t)1U << (uint32_t)layer;
7293 for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
7294 size_t round = i0;
7295 zeta_i[0U] = zeta_i[0U] + (size_t)1U;
7296 size_t offset = round * step * (size_t)2U;
7297 size_t offset_vec = offset / (size_t)16U;
7298 size_t step_vec = step / (size_t)16U;
7299 for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
7300 size_t j = i;
7301 libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 =
7302 libcrux_ml_kem_ntt_ntt_layer_int_vec_step_ea(
7303 re->coefficients[j], re->coefficients[j + step_vec],
7304 libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
7305 libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst;
7306 libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd;
7307 re->coefficients[j] = x;
7308 re->coefficients[j + step_vec] = y;
7309 }
7310 }
7311 }
7312
7313 /**
7314 A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3
7315 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7316 with const generics
7317
7318 */
libcrux_ml_kem_ntt_ntt_at_layer_3_ea(size_t * zeta_i,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * re,size_t _initial_coefficient_bound)7319 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_ea(
7320 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
7321 size_t _initial_coefficient_bound) {
7322 for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
7323 size_t round = i;
7324 zeta_i[0U] = zeta_i[0U] + (size_t)1U;
7325 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
7326 libcrux_ml_kem_vector_portable_ntt_layer_3_step_b8(
7327 re->coefficients[round],
7328 libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
7329 re->coefficients[round] = uu____0;
7330 }
7331 }
7332
7333 /**
7334 A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2
7335 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7336 with const generics
7337
7338 */
libcrux_ml_kem_ntt_ntt_at_layer_2_ea(size_t * zeta_i,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * re,size_t _initial_coefficient_bound)7339 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_ea(
7340 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
7341 size_t _initial_coefficient_bound) {
7342 for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
7343 size_t round = i;
7344 zeta_i[0U] = zeta_i[0U] + (size_t)1U;
7345 re->coefficients[round] =
7346 libcrux_ml_kem_vector_portable_ntt_layer_2_step_b8(
7347 re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
7348 libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)1U));
7349 zeta_i[0U] = zeta_i[0U] + (size_t)1U;
7350 }
7351 }
7352
7353 /**
7354 A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1
7355 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7356 with const generics
7357
7358 */
libcrux_ml_kem_ntt_ntt_at_layer_1_ea(size_t * zeta_i,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * re,size_t _initial_coefficient_bound)7359 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_ea(
7360 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
7361 size_t _initial_coefficient_bound) {
7362 for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
7363 size_t round = i;
7364 zeta_i[0U] = zeta_i[0U] + (size_t)1U;
7365 re->coefficients[round] =
7366 libcrux_ml_kem_vector_portable_ntt_layer_1_step_b8(
7367 re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
7368 libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)1U),
7369 libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)2U),
7370 libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)3U));
7371 zeta_i[0U] = zeta_i[0U] + (size_t)3U;
7372 }
7373 }
7374
7375 /**
7376 A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce
7377 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7378 with const generics
7379
7380 */
libcrux_ml_kem_polynomial_poly_barrett_reduce_ea(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * myself)7381 static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ea(
7382 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself) {
7383 for (size_t i = (size_t)0U;
7384 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
7385 size_t i0 = i;
7386 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
7387 libcrux_ml_kem_vector_portable_barrett_reduce_b8(
7388 myself->coefficients[i0]);
7389 myself->coefficients[i0] = uu____0;
7390 }
7391 }
7392
7393 /**
7394 This function found in impl
7395 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
7396 TraitClause@1]}
7397 */
7398 /**
7399 A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_d6
7400 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7401 with const generics
7402
7403 */
libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_ea(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * self)7404 static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_ea(
7405 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self) {
7406 libcrux_ml_kem_polynomial_poly_barrett_reduce_ea(self);
7407 }
7408
7409 /**
7410 A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u
7411 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7412 with const generics
7413 - VECTOR_U_COMPRESSION_FACTOR= 10
7414 */
libcrux_ml_kem_ntt_ntt_vector_u_0a(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * re)7415 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_0a(
7416 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
7417 size_t zeta_i = (size_t)0U;
7418 libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)7U,
7419 (size_t)3328U);
7420 libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)6U,
7421 (size_t)2U * (size_t)3328U);
7422 libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)5U,
7423 (size_t)3U * (size_t)3328U);
7424 libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)4U,
7425 (size_t)4U * (size_t)3328U);
7426 libcrux_ml_kem_ntt_ntt_at_layer_3_ea(&zeta_i, re, (size_t)5U * (size_t)3328U);
7427 libcrux_ml_kem_ntt_ntt_at_layer_2_ea(&zeta_i, re, (size_t)6U * (size_t)3328U);
7428 libcrux_ml_kem_ntt_ntt_at_layer_1_ea(&zeta_i, re, (size_t)7U * (size_t)3328U);
7429 libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_ea(re);
7430 }
7431
7432 /**
7433 Call [`deserialize_then_decompress_ring_element_u`] on each ring element
7434 in the `ciphertext`.
7435 */
7436 /**
7437 A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u
7438 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7439 with const generics
7440 - K= 3
7441 - CIPHERTEXT_SIZE= 1088
7442 - U_COMPRESSION_FACTOR= 10
7443 */
7444 static KRML_MUSTINLINE void
libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c(uint8_t * ciphertext,libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U])7445 libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c(
7446 uint8_t *ciphertext,
7447 libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) {
7448 libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[3U];
7449 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
7450 /* original Rust expression is not an lvalue in C */
7451 void *lvalue = (void *)0U;
7452 u_as_ntt[i] =
7453 libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_call_mut_35_6c(
7454 &lvalue, i);
7455 }
7456 for (size_t i = (size_t)0U;
7457 i < Eurydice_slice_len(
7458 Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t),
7459 uint8_t) /
7460 (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
7461 (size_t)10U / (size_t)8U);
7462 i++) {
7463 size_t i0 = i;
7464 Eurydice_slice u_bytes = Eurydice_array_to_subslice3(
7465 ciphertext,
7466 i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
7467 (size_t)10U / (size_t)8U),
7468 i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
7469 (size_t)10U / (size_t)8U) +
7470 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
7471 (size_t)10U / (size_t)8U,
7472 uint8_t *);
7473 u_as_ntt[i0] =
7474 libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_0a(
7475 u_bytes);
7476 libcrux_ml_kem_ntt_ntt_vector_u_0a(&u_as_ntt[i0]);
7477 }
7478 memcpy(
7479 ret, u_as_ntt,
7480 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
7481 }
7482
7483 /**
7484 A monomorphic instance of
7485 libcrux_ml_kem.vector.portable.compress.decompress_ciphertext_coefficient with
7486 const generics
7487 - COEFFICIENT_BITS= 4
7488 */
7489 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_d1(libcrux_ml_kem_vector_portable_vector_type_PortableVector a)7490 libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_d1(
7491 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
7492 for (size_t i = (size_t)0U;
7493 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
7494 size_t i0 = i;
7495 int32_t decompressed =
7496 libcrux_secrets_int_as_i32_f5(a.elements[i0]) *
7497 libcrux_secrets_int_as_i32_f5(
7498 libcrux_secrets_int_public_integers_classify_27_39(
7499 LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS));
7500 decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)4);
7501 decompressed = decompressed >> (uint32_t)((int32_t)4 + (int32_t)1);
7502 a.elements[i0] = libcrux_secrets_int_as_i16_36(decompressed);
7503 }
7504 return a;
7505 }
7506
7507 /**
7508 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
7509 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
7510 */
7511 /**
7512 A monomorphic instance of
7513 libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_b8 with const
7514 generics
7515 - COEFFICIENT_BITS= 4
7516 */
7517 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_b8_d1(libcrux_ml_kem_vector_portable_vector_type_PortableVector a)7518 libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_b8_d1(
7519 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
7520 return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_d1(
7521 a);
7522 }
7523
7524 /**
7525 A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4
7526 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7527 with const generics
7528
7529 */
7530 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_serialize_deserialize_then_decompress_4_ea(Eurydice_slice serialized)7531 libcrux_ml_kem_serialize_deserialize_then_decompress_4_ea(
7532 Eurydice_slice serialized) {
7533 libcrux_ml_kem_polynomial_PolynomialRingElement_1d re =
7534 libcrux_ml_kem_polynomial_ZERO_d6_ea();
7535 for (size_t i = (size_t)0U;
7536 i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) {
7537 size_t i0 = i;
7538 Eurydice_slice bytes = Eurydice_slice_subslice3(
7539 serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t *);
7540 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
7541 libcrux_ml_kem_vector_portable_deserialize_4_b8(bytes);
7542 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
7543 libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_b8_d1(
7544 coefficient);
7545 re.coefficients[i0] = uu____0;
7546 }
7547 return re;
7548 }
7549
7550 /**
7551 A monomorphic instance of
7552 libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types
7553 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
7554 - K= 3
7555 - COMPRESSION_FACTOR= 4
7556 */
7557 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_89(Eurydice_slice serialized)7558 libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_89(
7559 Eurydice_slice serialized) {
7560 return libcrux_ml_kem_serialize_deserialize_then_decompress_4_ea(serialized);
7561 }
7562
7563 /**
7564 A monomorphic instance of libcrux_ml_kem.polynomial.ZERO
7565 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7566 with const generics
7567
7568 */
7569 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_polynomial_ZERO_ea(void)7570 libcrux_ml_kem_polynomial_ZERO_ea(void) {
7571 libcrux_ml_kem_polynomial_PolynomialRingElement_1d lit;
7572 libcrux_ml_kem_vector_portable_vector_type_PortableVector
7573 repeat_expression[16U];
7574 for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
7575 repeat_expression[i] = libcrux_ml_kem_vector_portable_ZERO_b8();
7576 }
7577 memcpy(lit.coefficients, repeat_expression,
7578 (size_t)16U *
7579 sizeof(libcrux_ml_kem_vector_portable_vector_type_PortableVector));
7580 return lit;
7581 }
7582
7583 /**
7584 Given two `KyberPolynomialRingElement`s in their NTT representations,
7585 compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`,
7586 the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation:
7587
7588 ```plaintext
7589 ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X²
7590 - ζ^(2·BitRev₇(i) + 1))
7591 ```
7592
7593 This function almost implements <strong>Algorithm 10</strong> of the
7594 NIST FIPS 203 standard, which is reproduced below:
7595
7596 ```plaintext
7597 Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆.
7598 Output: An array ĥ ∈ ℤq.
7599
7600 for(i ← 0; i < 128; i++)
7601 (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1],
7602 ζ^(2·BitRev₇(i) + 1)) end for return ĥ
7603 ```
7604 We say "almost" because the coefficients of the ring element output by
7605 this function are in the Montgomery domain.
7606
7607 The NIST FIPS 203 standard can be found at
7608 <https://csrc.nist.gov/pubs/fips/203/ipd>.
7609 */
7610 /**
7611 A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply
7612 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7613 with const generics
7614
7615 */
7616 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_polynomial_ntt_multiply_ea(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * myself,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * rhs)7617 libcrux_ml_kem_polynomial_ntt_multiply_ea(
7618 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
7619 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
7620 libcrux_ml_kem_polynomial_PolynomialRingElement_1d out =
7621 libcrux_ml_kem_polynomial_ZERO_ea();
7622 for (size_t i = (size_t)0U;
7623 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
7624 size_t i0 = i;
7625 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
7626 libcrux_ml_kem_vector_portable_ntt_multiply_b8(
7627 &myself->coefficients[i0], &rhs->coefficients[i0],
7628 libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0),
7629 libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 +
7630 (size_t)1U),
7631 libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 +
7632 (size_t)2U),
7633 libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 +
7634 (size_t)3U));
7635 out.coefficients[i0] = uu____0;
7636 }
7637 return out;
7638 }
7639
7640 /**
7641 This function found in impl
7642 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
7643 TraitClause@1]}
7644 */
7645 /**
7646 A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_d6
7647 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7648 with const generics
7649
7650 */
7651 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_polynomial_ntt_multiply_d6_ea(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * self,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * rhs)7652 libcrux_ml_kem_polynomial_ntt_multiply_d6_ea(
7653 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
7654 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
7655 return libcrux_ml_kem_polynomial_ntt_multiply_ea(self, rhs);
7656 }
7657
7658 /**
7659 Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise
7660 sum of their constituent coefficients.
7661 */
7662 /**
7663 A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element
7664 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7665 with const generics
7666 - K= 3
7667 */
libcrux_ml_kem_polynomial_add_to_ring_element_1b(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * myself,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * rhs)7668 static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_1b(
7669 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
7670 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
7671 for (size_t i = (size_t)0U;
7672 i < Eurydice_slice_len(
7673 Eurydice_array_to_slice(
7674 (size_t)16U, myself->coefficients,
7675 libcrux_ml_kem_vector_portable_vector_type_PortableVector),
7676 libcrux_ml_kem_vector_portable_vector_type_PortableVector);
7677 i++) {
7678 size_t i0 = i;
7679 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
7680 libcrux_ml_kem_vector_portable_add_b8(myself->coefficients[i0],
7681 &rhs->coefficients[i0]);
7682 myself->coefficients[i0] = uu____0;
7683 }
7684 }
7685
7686 /**
7687 This function found in impl
7688 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
7689 TraitClause@1]}
7690 */
7691 /**
7692 A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6
7693 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7694 with const generics
7695 - K= 3
7696 */
libcrux_ml_kem_polynomial_add_to_ring_element_d6_1b(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * self,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * rhs)7697 static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_d6_1b(
7698 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
7699 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) {
7700 libcrux_ml_kem_polynomial_add_to_ring_element_1b(self, rhs);
7701 }
7702
7703 /**
7704 A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1
7705 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7706 with const generics
7707
7708 */
libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_ea(size_t * zeta_i,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * re)7709 static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_ea(
7710 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
7711 for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
7712 size_t round = i;
7713 zeta_i[0U] = zeta_i[0U] - (size_t)1U;
7714 re->coefficients[round] =
7715 libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_b8(
7716 re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
7717 libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)1U),
7718 libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)2U),
7719 libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)3U));
7720 zeta_i[0U] = zeta_i[0U] - (size_t)3U;
7721 }
7722 }
7723
7724 /**
7725 A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2
7726 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7727 with const generics
7728
7729 */
libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ea(size_t * zeta_i,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * re)7730 static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ea(
7731 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
7732 for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
7733 size_t round = i;
7734 zeta_i[0U] = zeta_i[0U] - (size_t)1U;
7735 re->coefficients[round] =
7736 libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_b8(
7737 re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]),
7738 libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)1U));
7739 zeta_i[0U] = zeta_i[0U] - (size_t)1U;
7740 }
7741 }
7742
7743 /**
7744 A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3
7745 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7746 with const generics
7747
7748 */
libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_ea(size_t * zeta_i,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * re)7749 static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_ea(
7750 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
7751 for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
7752 size_t round = i;
7753 zeta_i[0U] = zeta_i[0U] - (size_t)1U;
7754 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
7755 libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_b8(
7756 re->coefficients[round],
7757 libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
7758 re->coefficients[round] = uu____0;
7759 }
7760 }
7761
7762 /**
7763 A monomorphic instance of
7764 libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types
7765 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
7766
7767 */
7768 static KRML_MUSTINLINE
7769 libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2
libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ea(libcrux_ml_kem_vector_portable_vector_type_PortableVector a,libcrux_ml_kem_vector_portable_vector_type_PortableVector b,int16_t zeta_r)7770 libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ea(
7771 libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
7772 libcrux_ml_kem_vector_portable_vector_type_PortableVector b,
7773 int16_t zeta_r) {
7774 libcrux_ml_kem_vector_portable_vector_type_PortableVector a_minus_b =
7775 libcrux_ml_kem_vector_portable_sub_b8(b, &a);
7776 a = libcrux_ml_kem_vector_portable_barrett_reduce_b8(
7777 libcrux_ml_kem_vector_portable_add_b8(a, &b));
7778 b = libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8(
7779 a_minus_b, zeta_r);
7780 return (KRML_CLITERAL(
7781 libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){.fst = a,
7782 .snd = b});
7783 }
7784
7785 /**
7786 A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus
7787 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7788 with const generics
7789
7790 */
7791 static KRML_MUSTINLINE void
libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ea(size_t * zeta_i,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * re,size_t layer)7792 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ea(
7793 size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re,
7794 size_t layer) {
7795 size_t step = (size_t)1U << (uint32_t)layer;
7796 for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) {
7797 size_t round = i0;
7798 zeta_i[0U] = zeta_i[0U] - (size_t)1U;
7799 size_t offset = round * step * (size_t)2U;
7800 size_t offset_vec =
7801 offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR;
7802 size_t step_vec =
7803 step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR;
7804 for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
7805 size_t j = i;
7806 libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 =
7807 libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ea(
7808 re->coefficients[j], re->coefficients[j + step_vec],
7809 libcrux_ml_kem_polynomial_zeta(zeta_i[0U]));
7810 libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst;
7811 libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd;
7812 re->coefficients[j] = x;
7813 re->coefficients[j + step_vec] = y;
7814 }
7815 }
7816 }
7817
7818 /**
7819 A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery
7820 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7821 with const generics
7822 - K= 3
7823 */
libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * re)7824 static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b(
7825 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
7826 size_t zeta_i =
7827 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
7828 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_ea(&zeta_i, re);
7829 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ea(&zeta_i, re);
7830 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_ea(&zeta_i, re);
7831 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ea(&zeta_i, re,
7832 (size_t)4U);
7833 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ea(&zeta_i, re,
7834 (size_t)5U);
7835 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ea(&zeta_i, re,
7836 (size_t)6U);
7837 libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ea(&zeta_i, re,
7838 (size_t)7U);
7839 libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_ea(re);
7840 }
7841
7842 /**
7843 A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce
7844 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7845 with const generics
7846
7847 */
7848 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_polynomial_subtract_reduce_ea(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * myself,libcrux_ml_kem_polynomial_PolynomialRingElement_1d b)7849 libcrux_ml_kem_polynomial_subtract_reduce_ea(
7850 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
7851 libcrux_ml_kem_polynomial_PolynomialRingElement_1d b) {
7852 for (size_t i = (size_t)0U;
7853 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
7854 size_t i0 = i;
7855 libcrux_ml_kem_vector_portable_vector_type_PortableVector
7856 coefficient_normal_form =
7857 libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8(
7858 b.coefficients[i0], (int16_t)1441);
7859 libcrux_ml_kem_vector_portable_vector_type_PortableVector diff =
7860 libcrux_ml_kem_vector_portable_sub_b8(myself->coefficients[i0],
7861 &coefficient_normal_form);
7862 libcrux_ml_kem_vector_portable_vector_type_PortableVector red =
7863 libcrux_ml_kem_vector_portable_barrett_reduce_b8(diff);
7864 b.coefficients[i0] = red;
7865 }
7866 return b;
7867 }
7868
7869 /**
7870 This function found in impl
7871 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
7872 TraitClause@1]}
7873 */
7874 /**
7875 A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_d6
7876 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7877 with const generics
7878
7879 */
7880 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_polynomial_subtract_reduce_d6_ea(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * self,libcrux_ml_kem_polynomial_PolynomialRingElement_1d b)7881 libcrux_ml_kem_polynomial_subtract_reduce_d6_ea(
7882 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
7883 libcrux_ml_kem_polynomial_PolynomialRingElement_1d b) {
7884 return libcrux_ml_kem_polynomial_subtract_reduce_ea(self, b);
7885 }
7886
7887 /**
7888 The following functions compute various expressions involving
7889 vectors and matrices. The computation of these expressions has been
7890 abstracted away into these functions in order to save on loop iterations.
7891 Compute v − InverseNTT(sᵀ ◦ NTT(u))
7892 */
7893 /**
7894 A monomorphic instance of libcrux_ml_kem.matrix.compute_message
7895 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7896 with const generics
7897 - K= 3
7898 */
7899 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_matrix_compute_message_1b(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * v,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * secret_as_ntt,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * u_as_ntt)7900 libcrux_ml_kem_matrix_compute_message_1b(
7901 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *v,
7902 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *secret_as_ntt,
7903 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *u_as_ntt) {
7904 libcrux_ml_kem_polynomial_PolynomialRingElement_1d result =
7905 libcrux_ml_kem_polynomial_ZERO_d6_ea();
7906 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
7907 size_t i0 = i;
7908 libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
7909 libcrux_ml_kem_polynomial_ntt_multiply_d6_ea(&secret_as_ntt[i0],
7910 &u_as_ntt[i0]);
7911 libcrux_ml_kem_polynomial_add_to_ring_element_d6_1b(&result, &product);
7912 }
7913 libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b(&result);
7914 return libcrux_ml_kem_polynomial_subtract_reduce_d6_ea(v, result);
7915 }
7916
7917 /**
7918 A monomorphic instance of libcrux_ml_kem.serialize.to_unsigned_field_modulus
7919 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7920 with const generics
7921
7922 */
7923 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_serialize_to_unsigned_field_modulus_ea(libcrux_ml_kem_vector_portable_vector_type_PortableVector a)7924 libcrux_ml_kem_serialize_to_unsigned_field_modulus_ea(
7925 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
7926 return libcrux_ml_kem_vector_portable_to_unsigned_representative_b8(a);
7927 }
7928
7929 /**
7930 A monomorphic instance of
7931 libcrux_ml_kem.serialize.compress_then_serialize_message with types
7932 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
7933
7934 */
7935 static KRML_MUSTINLINE void
libcrux_ml_kem_serialize_compress_then_serialize_message_ea(libcrux_ml_kem_polynomial_PolynomialRingElement_1d re,uint8_t ret[32U])7936 libcrux_ml_kem_serialize_compress_then_serialize_message_ea(
7937 libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, uint8_t ret[32U]) {
7938 uint8_t serialized[32U] = {0U};
7939 for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
7940 size_t i0 = i;
7941 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
7942 libcrux_ml_kem_serialize_to_unsigned_field_modulus_ea(
7943 re.coefficients[i0]);
7944 libcrux_ml_kem_vector_portable_vector_type_PortableVector
7945 coefficient_compressed =
7946 libcrux_ml_kem_vector_portable_compress_1_b8(coefficient);
7947 uint8_t bytes[2U];
7948 libcrux_ml_kem_vector_portable_serialize_1_b8(coefficient_compressed,
7949 bytes);
7950 Eurydice_slice_copy(
7951 Eurydice_array_to_subslice3(serialized, (size_t)2U * i0,
7952 (size_t)2U * i0 + (size_t)2U, uint8_t *),
7953 Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), uint8_t);
7954 }
7955 memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t));
7956 }
7957
7958 /**
7959 This function implements <strong>Algorithm 14</strong> of the
7960 NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm.
7961
7962 Algorithm 14 is reproduced below:
7963
7964 ```plaintext
7965 Input: decryption key dkₚₖₑ ∈ ��^{384k}.
7966 Input: ciphertext c ∈ ��^{32(dᵤk + dᵥ)}.
7967 Output: message m ∈ ��^{32}.
7968
7969 c₁ ← c[0 : 32dᵤk]
7970 c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)]
7971 u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁))
7972 v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂))
7973 ŝ ← ByteDecode₁₂(dkₚₖₑ)
7974 w ← v - NTT-¹(ŝᵀ ◦ NTT(u))
7975 m ← ByteEncode₁(Compress₁(w))
7976 return m
7977 ```
7978
7979 The NIST FIPS 203 standard can be found at
7980 <https://csrc.nist.gov/pubs/fips/203/ipd>.
7981 */
7982 /**
7983 A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked
7984 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
7985 with const generics
7986 - K= 3
7987 - CIPHERTEXT_SIZE= 1088
7988 - VECTOR_U_ENCODED_SIZE= 960
7989 - U_COMPRESSION_FACTOR= 10
7990 - V_COMPRESSION_FACTOR= 4
7991 */
libcrux_ml_kem_ind_cpa_decrypt_unpacked_42(libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 * secret_key,uint8_t * ciphertext,uint8_t ret[32U])7992 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_decrypt_unpacked_42(
7993 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key,
7994 uint8_t *ciphertext, uint8_t ret[32U]) {
7995 libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[3U];
7996 libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c(ciphertext, u_as_ntt);
7997 libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
7998 libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_89(
7999 Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
8000 (size_t)960U, uint8_t, size_t,
8001 uint8_t[]));
8002 libcrux_ml_kem_polynomial_PolynomialRingElement_1d message =
8003 libcrux_ml_kem_matrix_compute_message_1b(&v, secret_key->secret_as_ntt,
8004 u_as_ntt);
8005 uint8_t ret0[32U];
8006 libcrux_ml_kem_serialize_compress_then_serialize_message_ea(message, ret0);
8007 memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
8008 }
8009
8010 /**
8011 A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt
8012 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8013 with const generics
8014 - K= 3
8015 - CIPHERTEXT_SIZE= 1088
8016 - VECTOR_U_ENCODED_SIZE= 960
8017 - U_COMPRESSION_FACTOR= 10
8018 - V_COMPRESSION_FACTOR= 4
8019 */
libcrux_ml_kem_ind_cpa_decrypt_42(Eurydice_slice secret_key,uint8_t * ciphertext,uint8_t ret[32U])8020 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_decrypt_42(
8021 Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) {
8022 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0
8023 secret_key_unpacked;
8024 libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret0[3U];
8025 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
8026 /* original Rust expression is not an lvalue in C */
8027 void *lvalue = (void *)0U;
8028 ret0[i] = libcrux_ml_kem_ind_cpa_decrypt_call_mut_0b_42(&lvalue, i);
8029 }
8030 memcpy(
8031 secret_key_unpacked.secret_as_ntt, ret0,
8032 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
8033 libcrux_ml_kem_ind_cpa_deserialize_vector_1b(
8034 secret_key, secret_key_unpacked.secret_as_ntt);
8035 uint8_t ret1[32U];
8036 libcrux_ml_kem_ind_cpa_decrypt_unpacked_42(&secret_key_unpacked, ciphertext,
8037 ret1);
8038 memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t));
8039 }
8040
8041 /**
8042 This function found in impl {libcrux_ml_kem::hash_functions::Hash<K> for
8043 libcrux_ml_kem::hash_functions::portable::PortableHash<K>}
8044 */
8045 /**
8046 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_4a
8047 with const generics
8048 - K= 3
8049 */
libcrux_ml_kem_hash_functions_portable_G_4a_e0(Eurydice_slice input,uint8_t ret[64U])8050 static inline void libcrux_ml_kem_hash_functions_portable_G_4a_e0(
8051 Eurydice_slice input, uint8_t ret[64U]) {
8052 libcrux_ml_kem_hash_functions_portable_G(input, ret);
8053 }
8054
8055 /**
8056 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF
8057 with const generics
8058 - LEN= 32
8059 */
libcrux_ml_kem_hash_functions_portable_PRF_9e(Eurydice_slice input,uint8_t ret[32U])8060 static inline void libcrux_ml_kem_hash_functions_portable_PRF_9e(
8061 Eurydice_slice input, uint8_t ret[32U]) {
8062 uint8_t digest[32U] = {0U};
8063 libcrux_sha3_portable_shake256(
8064 Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input);
8065 memcpy(ret, digest, (size_t)32U * sizeof(uint8_t));
8066 }
8067
8068 /**
8069 This function found in impl {libcrux_ml_kem::hash_functions::Hash<K> for
8070 libcrux_ml_kem::hash_functions::portable::PortableHash<K>}
8071 */
8072 /**
8073 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF_4a
8074 with const generics
8075 - K= 3
8076 - LEN= 32
8077 */
libcrux_ml_kem_hash_functions_portable_PRF_4a_41(Eurydice_slice input,uint8_t ret[32U])8078 static inline void libcrux_ml_kem_hash_functions_portable_PRF_4a_41(
8079 Eurydice_slice input, uint8_t ret[32U]) {
8080 libcrux_ml_kem_hash_functions_portable_PRF_9e(input, ret);
8081 }
8082
8083 /**
8084 A monomorphic instance of
8085 libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types
8086 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
8087 - $3size_t
8088 */
8089 typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s {
8090 libcrux_ml_kem_polynomial_PolynomialRingElement_1d t_as_ntt[3U];
8091 uint8_t seed_for_A[32U];
8092 libcrux_ml_kem_polynomial_PolynomialRingElement_1d A[3U][3U];
8093 } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0;
8094
8095 /**
8096 This function found in impl {core::default::Default for
8097 libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked<Vector,
8098 K>[TraitClause@0, TraitClause@1]}
8099 */
8100 /**
8101 A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8b
8102 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8103 with const generics
8104 - K= 3
8105 */
8106 static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0
libcrux_ml_kem_ind_cpa_unpacked_default_8b_1b(void)8107 libcrux_ml_kem_ind_cpa_unpacked_default_8b_1b(void) {
8108 libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[3U];
8109 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
8110 uu____0[i] = libcrux_ml_kem_polynomial_ZERO_d6_ea();
8111 }
8112 uint8_t uu____1[32U] = {0U};
8113 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit;
8114 memcpy(
8115 lit.t_as_ntt, uu____0,
8116 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
8117 memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t));
8118 libcrux_ml_kem_polynomial_PolynomialRingElement_1d repeat_expression0[3U][3U];
8119 for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) {
8120 libcrux_ml_kem_polynomial_PolynomialRingElement_1d repeat_expression[3U];
8121 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
8122 repeat_expression[i] = libcrux_ml_kem_polynomial_ZERO_d6_ea();
8123 }
8124 memcpy(repeat_expression0[i0], repeat_expression,
8125 (size_t)3U *
8126 sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
8127 }
8128 memcpy(lit.A, repeat_expression0,
8129 (size_t)3U *
8130 sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]));
8131 return lit;
8132 }
8133
8134 /**
8135 Only use with public values.
8136
8137 This MUST NOT be used with secret inputs, like its caller
8138 `deserialize_ring_elements_reduced`.
8139 */
8140 /**
8141 A monomorphic instance of
8142 libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types
8143 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
8144
8145 */
8146 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ea(Eurydice_slice serialized)8147 libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ea(
8148 Eurydice_slice serialized) {
8149 libcrux_ml_kem_polynomial_PolynomialRingElement_1d re =
8150 libcrux_ml_kem_polynomial_ZERO_d6_ea();
8151 for (size_t i = (size_t)0U;
8152 i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
8153 size_t i0 = i;
8154 Eurydice_slice bytes =
8155 Eurydice_slice_subslice3(serialized, i0 * (size_t)24U,
8156 i0 * (size_t)24U + (size_t)24U, uint8_t *);
8157 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
8158 libcrux_ml_kem_vector_portable_deserialize_12_b8(bytes);
8159 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
8160 libcrux_ml_kem_vector_portable_cond_subtract_3329_b8(coefficient);
8161 re.coefficients[i0] = uu____0;
8162 }
8163 return re;
8164 }
8165
8166 /**
8167 See [deserialize_ring_elements_reduced_out].
8168 */
8169 /**
8170 A monomorphic instance of
8171 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
8172 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
8173 - K= 3
8174 */
8175 static KRML_MUSTINLINE void
libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1b(Eurydice_slice public_key,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * deserialized_pk)8176 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1b(
8177 Eurydice_slice public_key,
8178 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *deserialized_pk) {
8179 for (size_t i = (size_t)0U;
8180 i < Eurydice_slice_len(public_key, uint8_t) /
8181 LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT;
8182 i++) {
8183 size_t i0 = i;
8184 Eurydice_slice ring_element = Eurydice_slice_subslice3(
8185 public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
8186 i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT +
8187 LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
8188 uint8_t *);
8189 libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
8190 libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ea(
8191 ring_element);
8192 deserialized_pk[i0] = uu____0;
8193 }
8194 }
8195
8196 /**
8197 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PortableHash
8198 with const generics
8199 - $3size_t
8200 */
8201 typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash_88_s {
8202 libcrux_sha3_generic_keccak_KeccakState_17 shake128_state[3U];
8203 } libcrux_ml_kem_hash_functions_portable_PortableHash_88;
8204
8205 /**
8206 A monomorphic instance of
8207 libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_final with const
8208 generics
8209 - K= 3
8210 */
8211 static inline libcrux_ml_kem_hash_functions_portable_PortableHash_88
libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_e0(uint8_t (* input)[34U])8212 libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_e0(
8213 uint8_t (*input)[34U]) {
8214 libcrux_ml_kem_hash_functions_portable_PortableHash_88 shake128_state;
8215 libcrux_sha3_generic_keccak_KeccakState_17 repeat_expression[3U];
8216 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
8217 repeat_expression[i] = libcrux_sha3_portable_incremental_shake128_init();
8218 }
8219 memcpy(shake128_state.shake128_state, repeat_expression,
8220 (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_17));
8221 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
8222 size_t i0 = i;
8223 libcrux_sha3_portable_incremental_shake128_absorb_final(
8224 &shake128_state.shake128_state[i0],
8225 Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));
8226 }
8227 return shake128_state;
8228 }
8229
8230 /**
8231 This function found in impl {libcrux_ml_kem::hash_functions::Hash<K> for
8232 libcrux_ml_kem::hash_functions::portable::PortableHash<K>}
8233 */
8234 /**
8235 A monomorphic instance of
8236 libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_final_4a with const
8237 generics
8238 - K= 3
8239 */
8240 static inline libcrux_ml_kem_hash_functions_portable_PortableHash_88
libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_4a_e0(uint8_t (* input)[34U])8241 libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_4a_e0(
8242 uint8_t (*input)[34U]) {
8243 return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_e0(
8244 input);
8245 }
8246
8247 /**
8248 A monomorphic instance of
8249 libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with
8250 const generics
8251 - K= 3
8252 */
8253 static inline void
libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_e0(libcrux_ml_kem_hash_functions_portable_PortableHash_88 * st,uint8_t ret[3U][504U])8254 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_e0(
8255 libcrux_ml_kem_hash_functions_portable_PortableHash_88 *st,
8256 uint8_t ret[3U][504U]) {
8257 uint8_t out[3U][504U] = {{0U}};
8258 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
8259 size_t i0 = i;
8260 libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks(
8261 &st->shake128_state[i0],
8262 Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));
8263 }
8264 memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U]));
8265 }
8266
8267 /**
8268 This function found in impl {libcrux_ml_kem::hash_functions::Hash<K> for
8269 libcrux_ml_kem::hash_functions::portable::PortableHash<K>}
8270 */
8271 /**
8272 A monomorphic instance of
8273 libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_4a
8274 with const generics
8275 - K= 3
8276 */
8277 static inline void
libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_4a_e0(libcrux_ml_kem_hash_functions_portable_PortableHash_88 * self,uint8_t ret[3U][504U])8278 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_4a_e0(
8279 libcrux_ml_kem_hash_functions_portable_PortableHash_88 *self,
8280 uint8_t ret[3U][504U]) {
8281 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_e0(
8282 self, ret);
8283 }
8284
8285 /**
8286 If `bytes` contains a set of uniformly random bytes, this function
8287 uniformly samples a ring element `â` that is treated as being the NTT
8288 representation of the corresponding polynomial `a`.
8289
8290 Since rejection sampling is used, it is possible the supplied bytes are
8291 not enough to sample the element, in which case an `Err` is returned and the
8292 caller must try again with a fresh set of bytes.
8293
8294 This function <strong>partially</strong> implements <strong>Algorithm
8295 6</strong> of the NIST FIPS 203 standard, We say "partially" because this
8296 implementation only accepts a finite set of bytes as input and returns an error
8297 if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other
8298 hand samples from an infinite stream of bytes until the ring element is filled.
8299 Algorithm 6 is reproduced below:
8300
8301 ```plaintext
8302 Input: byte stream B ∈ ��*.
8303 Output: array â ∈ ℤ₂₅₆.
8304
8305 i ← 0
8306 j ← 0
8307 while j < 256 do
8308 d₁ ← B[i] + 256·(B[i+1] mod 16)
8309 d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2]
8310 if d₁ < q then
8311 â[j] ← d₁
8312 j ← j + 1
8313 end if
8314 if d₂ < q and j < 256 then
8315 â[j] ← d₂
8316 j ← j + 1
8317 end if
8318 i ← i + 3
8319 end while
8320 return â
8321 ```
8322
8323 The NIST FIPS 203 standard can be found at
8324 <https://csrc.nist.gov/pubs/fips/203/ipd>.
8325 */
8326 /**
8327 A monomorphic instance of
8328 libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types
8329 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
8330 - K= 3
8331 - N= 504
8332 */
8333 static KRML_MUSTINLINE bool
libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_89(uint8_t (* randomness)[504U],size_t * sampled_coefficients,int16_t (* out)[272U])8334 libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_89(
8335 uint8_t (*randomness)[504U], size_t *sampled_coefficients,
8336 int16_t (*out)[272U]) {
8337 for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) {
8338 size_t i1 = i0;
8339 for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) {
8340 size_t r = i;
8341 if (sampled_coefficients[i1] <
8342 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
8343 size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_b8(
8344 Eurydice_array_to_subslice3(randomness[i1], r * (size_t)24U,
8345 r * (size_t)24U + (size_t)24U,
8346 uint8_t *),
8347 Eurydice_array_to_subslice3(out[i1], sampled_coefficients[i1],
8348 sampled_coefficients[i1] + (size_t)16U,
8349 int16_t *));
8350 size_t uu____0 = i1;
8351 sampled_coefficients[uu____0] = sampled_coefficients[uu____0] + sampled;
8352 }
8353 }
8354 }
8355 bool done = true;
8356 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
8357 size_t i0 = i;
8358 if (sampled_coefficients[i0] >=
8359 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
8360 sampled_coefficients[i0] =
8361 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT;
8362 } else {
8363 done = false;
8364 }
8365 }
8366 return done;
8367 }
8368
8369 /**
8370 A monomorphic instance of
8371 libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const
8372 generics
8373 - K= 3
8374 */
8375 static inline void
libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_e0(libcrux_ml_kem_hash_functions_portable_PortableHash_88 * st,uint8_t ret[3U][168U])8376 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_e0(
8377 libcrux_ml_kem_hash_functions_portable_PortableHash_88 *st,
8378 uint8_t ret[3U][168U]) {
8379 uint8_t out[3U][168U] = {{0U}};
8380 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
8381 size_t i0 = i;
8382 libcrux_sha3_portable_incremental_shake128_squeeze_next_block(
8383 &st->shake128_state[i0],
8384 Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));
8385 }
8386 memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U]));
8387 }
8388
8389 /**
8390 This function found in impl {libcrux_ml_kem::hash_functions::Hash<K> for
8391 libcrux_ml_kem::hash_functions::portable::PortableHash<K>}
8392 */
8393 /**
8394 A monomorphic instance of
8395 libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_4a with const
8396 generics
8397 - K= 3
8398 */
8399 static inline void
libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_4a_e0(libcrux_ml_kem_hash_functions_portable_PortableHash_88 * self,uint8_t ret[3U][168U])8400 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_4a_e0(
8401 libcrux_ml_kem_hash_functions_portable_PortableHash_88 *self,
8402 uint8_t ret[3U][168U]) {
8403 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_e0(self,
8404 ret);
8405 }
8406
8407 /**
8408 If `bytes` contains a set of uniformly random bytes, this function
8409 uniformly samples a ring element `â` that is treated as being the NTT
8410 representation of the corresponding polynomial `a`.
8411
8412 Since rejection sampling is used, it is possible the supplied bytes are
8413 not enough to sample the element, in which case an `Err` is returned and the
8414 caller must try again with a fresh set of bytes.
8415
8416 This function <strong>partially</strong> implements <strong>Algorithm
8417 6</strong> of the NIST FIPS 203 standard, We say "partially" because this
8418 implementation only accepts a finite set of bytes as input and returns an error
8419 if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other
8420 hand samples from an infinite stream of bytes until the ring element is filled.
8421 Algorithm 6 is reproduced below:
8422
8423 ```plaintext
8424 Input: byte stream B ∈ ��*.
8425 Output: array â ∈ ℤ₂₅₆.
8426
8427 i ← 0
8428 j ← 0
8429 while j < 256 do
8430 d₁ ← B[i] + 256·(B[i+1] mod 16)
8431 d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2]
8432 if d₁ < q then
8433 â[j] ← d₁
8434 j ← j + 1
8435 end if
8436 if d₂ < q and j < 256 then
8437 â[j] ← d₂
8438 j ← j + 1
8439 end if
8440 i ← i + 3
8441 end while
8442 return â
8443 ```
8444
8445 The NIST FIPS 203 standard can be found at
8446 <https://csrc.nist.gov/pubs/fips/203/ipd>.
8447 */
8448 /**
8449 A monomorphic instance of
8450 libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types
8451 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
8452 - K= 3
8453 - N= 168
8454 */
8455 static KRML_MUSTINLINE bool
libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_890(uint8_t (* randomness)[168U],size_t * sampled_coefficients,int16_t (* out)[272U])8456 libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_890(
8457 uint8_t (*randomness)[168U], size_t *sampled_coefficients,
8458 int16_t (*out)[272U]) {
8459 for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) {
8460 size_t i1 = i0;
8461 for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) {
8462 size_t r = i;
8463 if (sampled_coefficients[i1] <
8464 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
8465 size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_b8(
8466 Eurydice_array_to_subslice3(randomness[i1], r * (size_t)24U,
8467 r * (size_t)24U + (size_t)24U,
8468 uint8_t *),
8469 Eurydice_array_to_subslice3(out[i1], sampled_coefficients[i1],
8470 sampled_coefficients[i1] + (size_t)16U,
8471 int16_t *));
8472 size_t uu____0 = i1;
8473 sampled_coefficients[uu____0] = sampled_coefficients[uu____0] + sampled;
8474 }
8475 }
8476 }
8477 bool done = true;
8478 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
8479 size_t i0 = i;
8480 if (sampled_coefficients[i0] >=
8481 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) {
8482 sampled_coefficients[i0] =
8483 LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT;
8484 } else {
8485 done = false;
8486 }
8487 }
8488 return done;
8489 }
8490
8491 /**
8492 A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array
8493 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8494 with const generics
8495
8496 */
8497 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_polynomial_from_i16_array_ea(Eurydice_slice a)8498 libcrux_ml_kem_polynomial_from_i16_array_ea(Eurydice_slice a) {
8499 libcrux_ml_kem_polynomial_PolynomialRingElement_1d result =
8500 libcrux_ml_kem_polynomial_ZERO_ea();
8501 for (size_t i = (size_t)0U;
8502 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
8503 size_t i0 = i;
8504 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
8505 libcrux_ml_kem_vector_portable_from_i16_array_b8(
8506 Eurydice_slice_subslice3(a, i0 * (size_t)16U,
8507 (i0 + (size_t)1U) * (size_t)16U,
8508 int16_t *));
8509 result.coefficients[i0] = uu____0;
8510 }
8511 return result;
8512 }
8513
8514 /**
8515 This function found in impl
8516 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
8517 TraitClause@1]}
8518 */
8519 /**
8520 A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_d6
8521 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8522 with const generics
8523
8524 */
8525 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_polynomial_from_i16_array_d6_ea(Eurydice_slice a)8526 libcrux_ml_kem_polynomial_from_i16_array_d6_ea(Eurydice_slice a) {
8527 return libcrux_ml_kem_polynomial_from_i16_array_ea(a);
8528 }
8529
8530 /**
8531 This function found in impl {core::ops::function::FnMut<(@Array<i16, 272usize>),
8532 libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
8533 TraitClause@2]> for libcrux_ml_kem::sampling::sample_from_xof::closure<Vector,
8534 Hasher, K>[TraitClause@0, TraitClause@1, TraitClause@2, TraitClause@3]}
8535 */
8536 /**
8537 A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.call_mut_e7
8538 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
8539 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
8540 generics
8541 - K= 3
8542 */
8543 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_sampling_sample_from_xof_call_mut_e7_2b(void ** _,int16_t tupled_args[272U])8544 libcrux_ml_kem_sampling_sample_from_xof_call_mut_e7_2b(
8545 void **_, int16_t tupled_args[272U]) {
8546 int16_t s[272U];
8547 memcpy(s, tupled_args, (size_t)272U * sizeof(int16_t));
8548 return libcrux_ml_kem_polynomial_from_i16_array_d6_ea(
8549 Eurydice_array_to_subslice3(s, (size_t)0U, (size_t)256U, int16_t *));
8550 }
8551
8552 /**
8553 A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof
8554 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
8555 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
8556 generics
8557 - K= 3
8558 */
libcrux_ml_kem_sampling_sample_from_xof_2b(uint8_t (* seeds)[34U],libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U])8559 static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b(
8560 uint8_t (*seeds)[34U],
8561 libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) {
8562 size_t sampled_coefficients[3U] = {0U};
8563 int16_t out[3U][272U] = {{0U}};
8564 libcrux_ml_kem_hash_functions_portable_PortableHash_88 xof_state =
8565 libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_4a_e0(
8566 seeds);
8567 uint8_t randomness0[3U][504U];
8568 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_4a_e0(
8569 &xof_state, randomness0);
8570 bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_89(
8571 randomness0, sampled_coefficients, out);
8572 while (true) {
8573 if (done) {
8574 break;
8575 } else {
8576 uint8_t randomness[3U][168U];
8577 libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_4a_e0(
8578 &xof_state, randomness);
8579 done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_890(
8580 randomness, sampled_coefficients, out);
8581 }
8582 }
8583 /* Passing arrays by value in Rust generates a copy in C */
8584 int16_t copy_of_out[3U][272U];
8585 memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U]));
8586 libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret0[3U];
8587 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
8588 /* original Rust expression is not an lvalue in C */
8589 void *lvalue = (void *)0U;
8590 ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_call_mut_e7_2b(
8591 &lvalue, copy_of_out[i]);
8592 }
8593 memcpy(
8594 ret, ret0,
8595 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
8596 }
8597
8598 /**
8599 A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A
8600 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
8601 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
8602 generics
8603 - K= 3
8604 */
libcrux_ml_kem_matrix_sample_matrix_A_2b(libcrux_ml_kem_polynomial_PolynomialRingElement_1d (* A_transpose)[3U],uint8_t * seed,bool transpose)8605 static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_2b(
8606 libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*A_transpose)[3U],
8607 uint8_t *seed, bool transpose) {
8608 for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) {
8609 size_t i1 = i0;
8610 uint8_t seeds[3U][34U];
8611 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
8612 core_array__core__clone__Clone_for__Array_T__N___clone(
8613 (size_t)34U, seed, seeds[i], uint8_t, void *);
8614 }
8615 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
8616 size_t j = i;
8617 seeds[j][32U] = (uint8_t)i1;
8618 seeds[j][33U] = (uint8_t)j;
8619 }
8620 libcrux_ml_kem_polynomial_PolynomialRingElement_1d sampled[3U];
8621 libcrux_ml_kem_sampling_sample_from_xof_2b(seeds, sampled);
8622 for (size_t i = (size_t)0U;
8623 i < Eurydice_slice_len(
8624 Eurydice_array_to_slice(
8625 (size_t)3U, sampled,
8626 libcrux_ml_kem_polynomial_PolynomialRingElement_1d),
8627 libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
8628 i++) {
8629 size_t j = i;
8630 libcrux_ml_kem_polynomial_PolynomialRingElement_1d sample = sampled[j];
8631 if (transpose) {
8632 A_transpose[j][i1] = sample;
8633 } else {
8634 A_transpose[i1][j] = sample;
8635 }
8636 }
8637 }
8638 }
8639
8640 /**
8641 A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key_mut
8642 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
8643 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
8644 generics
8645 - K= 3
8646 - T_AS_NTT_ENCODED_SIZE= 1152
8647 */
8648 static KRML_MUSTINLINE void
libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_3f(Eurydice_slice public_key,libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 * unpacked_public_key)8649 libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_3f(
8650 Eurydice_slice public_key,
8651 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0
8652 *unpacked_public_key) {
8653 Eurydice_slice uu____0 = Eurydice_slice_subslice_to(
8654 public_key, (size_t)1152U, uint8_t, size_t, uint8_t[]);
8655 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1b(
8656 uu____0, unpacked_public_key->t_as_ntt);
8657 Eurydice_slice seed = Eurydice_slice_subslice_from(
8658 public_key, (size_t)1152U, uint8_t, size_t, uint8_t[]);
8659 libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[3U] =
8660 unpacked_public_key->A;
8661 uint8_t ret[34U];
8662 libcrux_ml_kem_utils_into_padded_array_b6(seed, ret);
8663 libcrux_ml_kem_matrix_sample_matrix_A_2b(uu____1, ret, false);
8664 }
8665
8666 /**
8667 A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key
8668 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
8669 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
8670 generics
8671 - K= 3
8672 - T_AS_NTT_ENCODED_SIZE= 1152
8673 */
8674 static KRML_MUSTINLINE
8675 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0
libcrux_ml_kem_ind_cpa_build_unpacked_public_key_3f(Eurydice_slice public_key)8676 libcrux_ml_kem_ind_cpa_build_unpacked_public_key_3f(
8677 Eurydice_slice public_key) {
8678 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0
8679 unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8b_1b();
8680 libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_3f(public_key,
8681 &unpacked_public_key);
8682 return unpacked_public_key;
8683 }
8684
8685 /**
8686 A monomorphic instance of K.
8687 with types libcrux_ml_kem_polynomial_PolynomialRingElement
8688 libcrux_ml_kem_vector_portable_vector_type_PortableVector[3size_t],
8689 libcrux_ml_kem_polynomial_PolynomialRingElement
8690 libcrux_ml_kem_vector_portable_vector_type_PortableVector
8691
8692 */
8693 typedef struct tuple_ed_s {
8694 libcrux_ml_kem_polynomial_PolynomialRingElement_1d fst[3U];
8695 libcrux_ml_kem_polynomial_PolynomialRingElement_1d snd;
8696 } tuple_ed;
8697
8698 /**
8699 This function found in impl {core::ops::function::FnMut<(usize),
8700 libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
8701 TraitClause@2]> for libcrux_ml_kem::ind_cpa::encrypt_c1::closure<Vector, Hasher,
8702 K, C1_LEN, U_COMPRESSION_FACTOR, BLOCK_LEN, ETA1, ETA1_RANDOMNESS_SIZE, ETA2,
8703 ETA2_RANDOMNESS_SIZE>[TraitClause@0, TraitClause@1, TraitClause@2,
8704 TraitClause@3]}
8705 */
8706 /**
8707 A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_c1.call_mut_f1
8708 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
8709 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
8710 generics
8711 - K= 3
8712 - C1_LEN= 960
8713 - U_COMPRESSION_FACTOR= 10
8714 - BLOCK_LEN= 320
8715 - ETA1= 2
8716 - ETA1_RANDOMNESS_SIZE= 128
8717 - ETA2= 2
8718 - ETA2_RANDOMNESS_SIZE= 128
8719 */
8720 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_ind_cpa_encrypt_c1_call_mut_f1_85(void ** _,size_t tupled_args)8721 libcrux_ml_kem_ind_cpa_encrypt_c1_call_mut_f1_85(void **_, size_t tupled_args) {
8722 return libcrux_ml_kem_polynomial_ZERO_d6_ea();
8723 }
8724
8725 /**
8726 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN
8727 with const generics
8728 - K= 3
8729 - LEN= 128
8730 */
libcrux_ml_kem_hash_functions_portable_PRFxN_41(uint8_t (* input)[33U],uint8_t ret[3U][128U])8731 static inline void libcrux_ml_kem_hash_functions_portable_PRFxN_41(
8732 uint8_t (*input)[33U], uint8_t ret[3U][128U]) {
8733 uint8_t out[3U][128U] = {{0U}};
8734 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
8735 size_t i0 = i;
8736 libcrux_sha3_portable_shake256(
8737 Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t),
8738 Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));
8739 }
8740 memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U]));
8741 }
8742
8743 /**
8744 This function found in impl {libcrux_ml_kem::hash_functions::Hash<K> for
8745 libcrux_ml_kem::hash_functions::portable::PortableHash<K>}
8746 */
8747 /**
8748 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN_4a
8749 with const generics
8750 - K= 3
8751 - LEN= 128
8752 */
libcrux_ml_kem_hash_functions_portable_PRFxN_4a_41(uint8_t (* input)[33U],uint8_t ret[3U][128U])8753 static inline void libcrux_ml_kem_hash_functions_portable_PRFxN_4a_41(
8754 uint8_t (*input)[33U], uint8_t ret[3U][128U]) {
8755 libcrux_ml_kem_hash_functions_portable_PRFxN_41(input, ret);
8756 }
8757
8758 /**
8759 Given a series of uniformly random bytes in `randomness`, for some number
8760 `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring
8761 element from a binomial distribution centered at 0 that uses two sets of `eta`
8762 coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v`
8763 such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and:
8764
8765 ```plaintext
8766 - If v < 0, Pr[v] = Pr[-v]
8767 - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA)
8768 ```
8769
8770 The values `v < 0` are mapped to the appropriate `KyberFieldElement`.
8771
8772 The expected value is:
8773
8774 ```plaintext
8775 E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1]
8776 + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0.
8777 ```
8778
8779 And the variance is:
8780
8781 ```plaintext
8782 Var(X) = E[(X - E[X])^2]
8783 = E[X^2]
8784 = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) /
8785 2^(2 * ETA)) = ETA / 2
8786 ```
8787
8788 This function implements <strong>Algorithm 7</strong> of the NIST FIPS 203
8789 standard, which is reproduced below:
8790
8791 ```plaintext
8792 Input: byte array B ∈ ��^{64η}.
8793 Output: array f ∈ ℤ₂₅₆.
8794
8795 b ← BytesToBits(B)
8796 for (i ← 0; i < 256; i++)
8797 x ← ∑(j=0 to η - 1) b[2iη + j]
8798 y ← ∑(j=0 to η - 1) b[2iη + η + j]
8799 f[i] ← x−y mod q
8800 end for
8801 return f
8802 ```
8803
8804 The NIST FIPS 203 standard can be found at
8805 <https://csrc.nist.gov/pubs/fips/203/ipd>.
8806 */
8807 /**
8808 A monomorphic instance of
8809 libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types
8810 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
8811
8812 */
8813 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ea(Eurydice_slice randomness)8814 libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ea(
8815 Eurydice_slice randomness) {
8816 int16_t sampled_i16s[256U] = {0U};
8817 for (size_t i0 = (size_t)0U;
8818 i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) {
8819 size_t chunk_number = i0;
8820 Eurydice_slice byte_chunk = Eurydice_slice_subslice3(
8821 randomness, chunk_number * (size_t)4U,
8822 chunk_number * (size_t)4U + (size_t)4U, uint8_t *);
8823 uint32_t random_bits_as_u32 =
8824 (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t,
8825 uint8_t *) |
8826 (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t,
8827 uint8_t *)
8828 << 8U) |
8829 (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t,
8830 uint8_t *)
8831 << 16U) |
8832 (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t,
8833 uint8_t *)
8834 << 24U;
8835 uint32_t even_bits = random_bits_as_u32 & 1431655765U;
8836 uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U;
8837 uint32_t coin_toss_outcomes = even_bits + odd_bits;
8838 for (uint32_t i = 0U; i < 32U / 4U; i++) {
8839 uint32_t outcome_set = i;
8840 uint32_t outcome_set0 = outcome_set * 4U;
8841 int16_t outcome_1 =
8842 (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U);
8843 int16_t outcome_2 =
8844 (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U);
8845 size_t offset = (size_t)(outcome_set0 >> 2U);
8846 sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2;
8847 }
8848 }
8849 return libcrux_ml_kem_polynomial_from_i16_array_d6_ea(
8850 Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t));
8851 }
8852
8853 /**
8854 A monomorphic instance of
8855 libcrux_ml_kem.sampling.sample_from_binomial_distribution with types
8856 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
8857 - ETA= 2
8858 */
8859 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_sampling_sample_from_binomial_distribution_a0(Eurydice_slice randomness)8860 libcrux_ml_kem_sampling_sample_from_binomial_distribution_a0(
8861 Eurydice_slice randomness) {
8862 return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ea(
8863 randomness);
8864 }
8865
8866 /**
8867 A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7
8868 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8869 with const generics
8870
8871 */
libcrux_ml_kem_ntt_ntt_at_layer_7_ea(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * re)8872 static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_ea(
8873 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
8874 size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U;
8875 for (size_t i = (size_t)0U; i < step; i++) {
8876 size_t j = i;
8877 libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
8878 libcrux_ml_kem_vector_portable_multiply_by_constant_b8(
8879 re->coefficients[j + step], (int16_t)-1600);
8880 re->coefficients[j + step] =
8881 libcrux_ml_kem_vector_portable_sub_b8(re->coefficients[j], &t);
8882 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 =
8883 libcrux_ml_kem_vector_portable_add_b8(re->coefficients[j], &t);
8884 re->coefficients[j] = uu____1;
8885 }
8886 }
8887
8888 /**
8889 A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element
8890 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
8891 with const generics
8892
8893 */
8894 static KRML_MUSTINLINE void
libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_ea(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * re)8895 libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_ea(
8896 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) {
8897 libcrux_ml_kem_ntt_ntt_at_layer_7_ea(re);
8898 size_t zeta_i = (size_t)1U;
8899 libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)6U,
8900 (size_t)11207U);
8901 libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)5U,
8902 (size_t)11207U + (size_t)3328U);
8903 libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea(
8904 &zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U);
8905 libcrux_ml_kem_ntt_ntt_at_layer_3_ea(
8906 &zeta_i, re, (size_t)11207U + (size_t)3U * (size_t)3328U);
8907 libcrux_ml_kem_ntt_ntt_at_layer_2_ea(
8908 &zeta_i, re, (size_t)11207U + (size_t)4U * (size_t)3328U);
8909 libcrux_ml_kem_ntt_ntt_at_layer_1_ea(
8910 &zeta_i, re, (size_t)11207U + (size_t)5U * (size_t)3328U);
8911 libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_ea(re);
8912 }
8913
8914 /**
8915 Sample a vector of ring elements from a centered binomial distribution and
8916 convert them into their NTT representations.
8917 */
8918 /**
8919 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt
8920 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
8921 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
8922 generics
8923 - K= 3
8924 - ETA= 2
8925 - ETA_RANDOMNESS_SIZE= 128
8926 */
8927 static KRML_MUSTINLINE uint8_t
libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * re_as_ntt,uint8_t * prf_input,uint8_t domain_separator)8928 libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b(
8929 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re_as_ntt,
8930 uint8_t *prf_input, uint8_t domain_separator) {
8931 uint8_t prf_inputs[3U][33U];
8932 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
8933 core_array__core__clone__Clone_for__Array_T__N___clone(
8934 (size_t)33U, prf_input, prf_inputs[i], uint8_t, void *);
8935 }
8936 domain_separator =
8937 libcrux_ml_kem_utils_prf_input_inc_e0(prf_inputs, domain_separator);
8938 uint8_t prf_outputs[3U][128U];
8939 libcrux_ml_kem_hash_functions_portable_PRFxN_4a_41(prf_inputs, prf_outputs);
8940 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
8941 size_t i0 = i;
8942 re_as_ntt[i0] =
8943 libcrux_ml_kem_sampling_sample_from_binomial_distribution_a0(
8944 Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
8945 libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_ea(&re_as_ntt[i0]);
8946 }
8947 return domain_separator;
8948 }
8949
8950 /**
8951 This function found in impl {core::ops::function::FnMut<(usize),
8952 libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
8953 TraitClause@2]> for libcrux_ml_kem::ind_cpa::encrypt_c1::closure#1<Vector,
8954 Hasher, K, C1_LEN, U_COMPRESSION_FACTOR, BLOCK_LEN, ETA1, ETA1_RANDOMNESS_SIZE,
8955 ETA2, ETA2_RANDOMNESS_SIZE>[TraitClause@0, TraitClause@1, TraitClause@2,
8956 TraitClause@3]}
8957 */
8958 /**
8959 A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_c1.call_mut_dd
8960 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
8961 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
8962 generics
8963 - K= 3
8964 - C1_LEN= 960
8965 - U_COMPRESSION_FACTOR= 10
8966 - BLOCK_LEN= 320
8967 - ETA1= 2
8968 - ETA1_RANDOMNESS_SIZE= 128
8969 - ETA2= 2
8970 - ETA2_RANDOMNESS_SIZE= 128
8971 */
8972 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_ind_cpa_encrypt_c1_call_mut_dd_85(void ** _,size_t tupled_args)8973 libcrux_ml_kem_ind_cpa_encrypt_c1_call_mut_dd_85(void **_, size_t tupled_args) {
8974 return libcrux_ml_kem_polynomial_ZERO_d6_ea();
8975 }
8976
8977 /**
8978 Sample a vector of ring elements from a centered binomial distribution.
8979 */
8980 /**
8981 A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd
8982 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
8983 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
8984 generics
8985 - K= 3
8986 - ETA2_RANDOMNESS_SIZE= 128
8987 - ETA2= 2
8988 */
8989 static KRML_MUSTINLINE uint8_t
libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_3b(uint8_t * prf_input,uint8_t domain_separator,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * error_1)8990 libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_3b(
8991 uint8_t *prf_input, uint8_t domain_separator,
8992 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_1) {
8993 uint8_t prf_inputs[3U][33U];
8994 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
8995 core_array__core__clone__Clone_for__Array_T__N___clone(
8996 (size_t)33U, prf_input, prf_inputs[i], uint8_t, void *);
8997 }
8998 domain_separator =
8999 libcrux_ml_kem_utils_prf_input_inc_e0(prf_inputs, domain_separator);
9000 uint8_t prf_outputs[3U][128U];
9001 libcrux_ml_kem_hash_functions_portable_PRFxN_4a_41(prf_inputs, prf_outputs);
9002 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9003 size_t i0 = i;
9004 libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
9005 libcrux_ml_kem_sampling_sample_from_binomial_distribution_a0(
9006 Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
9007 error_1[i0] = uu____0;
9008 }
9009 return domain_separator;
9010 }
9011
9012 /**
9013 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF
9014 with const generics
9015 - LEN= 128
9016 */
libcrux_ml_kem_hash_functions_portable_PRF_a6(Eurydice_slice input,uint8_t ret[128U])9017 static inline void libcrux_ml_kem_hash_functions_portable_PRF_a6(
9018 Eurydice_slice input, uint8_t ret[128U]) {
9019 uint8_t digest[128U] = {0U};
9020 libcrux_sha3_portable_shake256(
9021 Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input);
9022 memcpy(ret, digest, (size_t)128U * sizeof(uint8_t));
9023 }
9024
9025 /**
9026 This function found in impl {libcrux_ml_kem::hash_functions::Hash<K> for
9027 libcrux_ml_kem::hash_functions::portable::PortableHash<K>}
9028 */
9029 /**
9030 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF_4a
9031 with const generics
9032 - K= 3
9033 - LEN= 128
9034 */
libcrux_ml_kem_hash_functions_portable_PRF_4a_410(Eurydice_slice input,uint8_t ret[128U])9035 static inline void libcrux_ml_kem_hash_functions_portable_PRF_4a_410(
9036 Eurydice_slice input, uint8_t ret[128U]) {
9037 libcrux_ml_kem_hash_functions_portable_PRF_a6(input, ret);
9038 }
9039
9040 /**
9041 This function found in impl {core::ops::function::FnMut<(usize),
9042 libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
9043 TraitClause@1]> for libcrux_ml_kem::matrix::compute_vector_u::closure<Vector,
9044 K>[TraitClause@0, TraitClause@1]}
9045 */
9046 /**
9047 A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u.call_mut_a8
9048 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
9049 with const generics
9050 - K= 3
9051 */
9052 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_matrix_compute_vector_u_call_mut_a8_1b(void ** _,size_t tupled_args)9053 libcrux_ml_kem_matrix_compute_vector_u_call_mut_a8_1b(void **_,
9054 size_t tupled_args) {
9055 return libcrux_ml_kem_polynomial_ZERO_d6_ea();
9056 }
9057
9058 /**
9059 A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce
9060 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
9061 with const generics
9062
9063 */
libcrux_ml_kem_polynomial_add_error_reduce_ea(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * myself,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * error)9064 static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ea(
9065 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
9066 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
9067 for (size_t i = (size_t)0U;
9068 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
9069 size_t j = i;
9070 libcrux_ml_kem_vector_portable_vector_type_PortableVector
9071 coefficient_normal_form =
9072 libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8(
9073 myself->coefficients[j], (int16_t)1441);
9074 libcrux_ml_kem_vector_portable_vector_type_PortableVector sum =
9075 libcrux_ml_kem_vector_portable_add_b8(coefficient_normal_form,
9076 &error->coefficients[j]);
9077 libcrux_ml_kem_vector_portable_vector_type_PortableVector red =
9078 libcrux_ml_kem_vector_portable_barrett_reduce_b8(sum);
9079 myself->coefficients[j] = red;
9080 }
9081 }
9082
9083 /**
9084 This function found in impl
9085 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
9086 TraitClause@1]}
9087 */
9088 /**
9089 A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_d6
9090 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
9091 with const generics
9092
9093 */
libcrux_ml_kem_polynomial_add_error_reduce_d6_ea(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * self,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * error)9094 static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_ea(
9095 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
9096 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
9097 libcrux_ml_kem_polynomial_add_error_reduce_ea(self, error);
9098 }
9099
9100 /**
9101 Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁
9102 */
9103 /**
9104 A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u
9105 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
9106 with const generics
9107 - K= 3
9108 */
libcrux_ml_kem_matrix_compute_vector_u_1b(libcrux_ml_kem_polynomial_PolynomialRingElement_1d (* a_as_ntt)[3U],libcrux_ml_kem_polynomial_PolynomialRingElement_1d * r_as_ntt,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * error_1,libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U])9109 static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_1b(
9110 libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*a_as_ntt)[3U],
9111 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt,
9112 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_1,
9113 libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) {
9114 libcrux_ml_kem_polynomial_PolynomialRingElement_1d result[3U];
9115 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9116 /* original Rust expression is not an lvalue in C */
9117 void *lvalue = (void *)0U;
9118 result[i] =
9119 libcrux_ml_kem_matrix_compute_vector_u_call_mut_a8_1b(&lvalue, i);
9120 }
9121 for (size_t i0 = (size_t)0U;
9122 i0 < Eurydice_slice_len(
9123 Eurydice_array_to_slice(
9124 (size_t)3U, a_as_ntt,
9125 libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]),
9126 libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]);
9127 i0++) {
9128 size_t i1 = i0;
9129 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = a_as_ntt[i1];
9130 for (size_t i = (size_t)0U;
9131 i < Eurydice_slice_len(
9132 Eurydice_array_to_slice(
9133 (size_t)3U, row,
9134 libcrux_ml_kem_polynomial_PolynomialRingElement_1d),
9135 libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
9136 i++) {
9137 size_t j = i;
9138 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *a_element = &row[j];
9139 libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
9140 libcrux_ml_kem_polynomial_ntt_multiply_d6_ea(a_element, &r_as_ntt[j]);
9141 libcrux_ml_kem_polynomial_add_to_ring_element_d6_1b(&result[i1],
9142 &product);
9143 }
9144 libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b(&result[i1]);
9145 libcrux_ml_kem_polynomial_add_error_reduce_d6_ea(&result[i1], &error_1[i1]);
9146 }
9147 memcpy(
9148 ret, result,
9149 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
9150 }
9151
9152 /**
9153 A monomorphic instance of libcrux_ml_kem.vector.portable.compress.compress
9154 with const generics
9155 - COEFFICIENT_BITS= 10
9156 */
9157 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_compress_ef(libcrux_ml_kem_vector_portable_vector_type_PortableVector a)9158 libcrux_ml_kem_vector_portable_compress_compress_ef(
9159 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
9160 for (size_t i = (size_t)0U;
9161 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
9162 size_t i0 = i;
9163 int16_t uu____0 = libcrux_secrets_int_as_i16_f5(
9164 libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient(
9165 (uint8_t)(int32_t)10,
9166 libcrux_secrets_int_as_u16_f5(a.elements[i0])));
9167 a.elements[i0] = uu____0;
9168 }
9169 return a;
9170 }
9171
9172 /**
9173 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
9174 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
9175 */
9176 /**
9177 A monomorphic instance of libcrux_ml_kem.vector.portable.compress_b8
9178 with const generics
9179 - COEFFICIENT_BITS= 10
9180 */
9181 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_b8_ef(libcrux_ml_kem_vector_portable_vector_type_PortableVector a)9182 libcrux_ml_kem_vector_portable_compress_b8_ef(
9183 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
9184 return libcrux_ml_kem_vector_portable_compress_compress_ef(a);
9185 }
9186
9187 /**
9188 A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10
9189 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
9190 with const generics
9191 - OUT_LEN= 320
9192 */
9193 static KRML_MUSTINLINE void
libcrux_ml_kem_serialize_compress_then_serialize_10_ff(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * re,uint8_t ret[320U])9194 libcrux_ml_kem_serialize_compress_then_serialize_10_ff(
9195 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[320U]) {
9196 uint8_t serialized[320U] = {0U};
9197 for (size_t i = (size_t)0U;
9198 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
9199 size_t i0 = i;
9200 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
9201 libcrux_ml_kem_vector_portable_compress_b8_ef(
9202 libcrux_ml_kem_serialize_to_unsigned_field_modulus_ea(
9203 re->coefficients[i0]));
9204 uint8_t bytes[20U];
9205 libcrux_ml_kem_vector_portable_serialize_10_b8(coefficient, bytes);
9206 Eurydice_slice_copy(
9207 Eurydice_array_to_subslice3(serialized, (size_t)20U * i0,
9208 (size_t)20U * i0 + (size_t)20U, uint8_t *),
9209 Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t);
9210 }
9211 memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t));
9212 }
9213
9214 /**
9215 A monomorphic instance of
9216 libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types
9217 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
9218 - COMPRESSION_FACTOR= 10
9219 - OUT_LEN= 320
9220 */
9221 static KRML_MUSTINLINE void
libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_fe(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * re,uint8_t ret[320U])9222 libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_fe(
9223 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[320U]) {
9224 uint8_t uu____0[320U];
9225 libcrux_ml_kem_serialize_compress_then_serialize_10_ff(re, uu____0);
9226 memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t));
9227 }
9228
9229 /**
9230 Call [`compress_then_serialize_ring_element_u`] on each ring element.
9231 */
9232 /**
9233 A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u
9234 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
9235 with const generics
9236 - K= 3
9237 - OUT_LEN= 960
9238 - COMPRESSION_FACTOR= 10
9239 - BLOCK_LEN= 320
9240 */
libcrux_ml_kem_ind_cpa_compress_then_serialize_u_43(libcrux_ml_kem_polynomial_PolynomialRingElement_1d input[3U],Eurydice_slice out)9241 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_43(
9242 libcrux_ml_kem_polynomial_PolynomialRingElement_1d input[3U],
9243 Eurydice_slice out) {
9244 for (size_t i = (size_t)0U;
9245 i < Eurydice_slice_len(
9246 Eurydice_array_to_slice(
9247 (size_t)3U, input,
9248 libcrux_ml_kem_polynomial_PolynomialRingElement_1d),
9249 libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
9250 i++) {
9251 size_t i0 = i;
9252 libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = input[i0];
9253 Eurydice_slice uu____0 = Eurydice_slice_subslice3(
9254 out, i0 * ((size_t)960U / (size_t)3U),
9255 (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t *);
9256 uint8_t ret[320U];
9257 libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_fe(&re,
9258 ret);
9259 Eurydice_slice_copy(
9260 uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t);
9261 }
9262 }
9263
9264 /**
9265 A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_c1
9266 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
9267 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
9268 generics
9269 - K= 3
9270 - C1_LEN= 960
9271 - U_COMPRESSION_FACTOR= 10
9272 - BLOCK_LEN= 320
9273 - ETA1= 2
9274 - ETA1_RANDOMNESS_SIZE= 128
9275 - ETA2= 2
9276 - ETA2_RANDOMNESS_SIZE= 128
9277 */
libcrux_ml_kem_ind_cpa_encrypt_c1_85(Eurydice_slice randomness,libcrux_ml_kem_polynomial_PolynomialRingElement_1d (* matrix)[3U],Eurydice_slice ciphertext)9278 static KRML_MUSTINLINE tuple_ed libcrux_ml_kem_ind_cpa_encrypt_c1_85(
9279 Eurydice_slice randomness,
9280 libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*matrix)[3U],
9281 Eurydice_slice ciphertext) {
9282 uint8_t prf_input[33U];
9283 libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input);
9284 libcrux_ml_kem_polynomial_PolynomialRingElement_1d r_as_ntt[3U];
9285 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9286 /* original Rust expression is not an lvalue in C */
9287 void *lvalue = (void *)0U;
9288 r_as_ntt[i] = libcrux_ml_kem_ind_cpa_encrypt_c1_call_mut_f1_85(&lvalue, i);
9289 }
9290 uint8_t domain_separator0 =
9291 libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b(r_as_ntt, prf_input,
9292 0U);
9293 libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_1[3U];
9294 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9295 /* original Rust expression is not an lvalue in C */
9296 void *lvalue = (void *)0U;
9297 error_1[i] = libcrux_ml_kem_ind_cpa_encrypt_c1_call_mut_dd_85(&lvalue, i);
9298 }
9299 uint8_t domain_separator = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_3b(
9300 prf_input, domain_separator0, error_1);
9301 prf_input[32U] = domain_separator;
9302 uint8_t prf_output[128U];
9303 libcrux_ml_kem_hash_functions_portable_PRF_4a_410(
9304 Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output);
9305 libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_2 =
9306 libcrux_ml_kem_sampling_sample_from_binomial_distribution_a0(
9307 Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
9308 libcrux_ml_kem_polynomial_PolynomialRingElement_1d u[3U];
9309 libcrux_ml_kem_matrix_compute_vector_u_1b(matrix, r_as_ntt, error_1, u);
9310 libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[3U];
9311 memcpy(
9312 uu____0, u,
9313 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
9314 libcrux_ml_kem_ind_cpa_compress_then_serialize_u_43(uu____0, ciphertext);
9315 /* Passing arrays by value in Rust generates a copy in C */
9316 libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_r_as_ntt[3U];
9317 memcpy(
9318 copy_of_r_as_ntt, r_as_ntt,
9319 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
9320 tuple_ed lit;
9321 memcpy(
9322 lit.fst, copy_of_r_as_ntt,
9323 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
9324 lit.snd = error_2;
9325 return lit;
9326 }
9327
9328 /**
9329 A monomorphic instance of
9330 libcrux_ml_kem.serialize.deserialize_then_decompress_message with types
9331 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
9332
9333 */
9334 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_serialize_deserialize_then_decompress_message_ea(uint8_t * serialized)9335 libcrux_ml_kem_serialize_deserialize_then_decompress_message_ea(
9336 uint8_t *serialized) {
9337 libcrux_ml_kem_polynomial_PolynomialRingElement_1d re =
9338 libcrux_ml_kem_polynomial_ZERO_d6_ea();
9339 for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
9340 size_t i0 = i;
9341 libcrux_ml_kem_vector_portable_vector_type_PortableVector
9342 coefficient_compressed =
9343 libcrux_ml_kem_vector_portable_deserialize_1_b8(
9344 Eurydice_array_to_subslice3(serialized, (size_t)2U * i0,
9345 (size_t)2U * i0 + (size_t)2U,
9346 uint8_t *));
9347 libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
9348 libcrux_ml_kem_vector_portable_decompress_1_b8(coefficient_compressed);
9349 re.coefficients[i0] = uu____0;
9350 }
9351 return re;
9352 }
9353
9354 /**
9355 A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce
9356 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
9357 with const generics
9358
9359 */
9360 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_polynomial_add_message_error_reduce_ea(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * myself,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * message,libcrux_ml_kem_polynomial_PolynomialRingElement_1d result)9361 libcrux_ml_kem_polynomial_add_message_error_reduce_ea(
9362 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
9363 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message,
9364 libcrux_ml_kem_polynomial_PolynomialRingElement_1d result) {
9365 for (size_t i = (size_t)0U;
9366 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
9367 size_t i0 = i;
9368 libcrux_ml_kem_vector_portable_vector_type_PortableVector
9369 coefficient_normal_form =
9370 libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8(
9371 result.coefficients[i0], (int16_t)1441);
9372 libcrux_ml_kem_vector_portable_vector_type_PortableVector sum1 =
9373 libcrux_ml_kem_vector_portable_add_b8(myself->coefficients[i0],
9374 &message->coefficients[i0]);
9375 libcrux_ml_kem_vector_portable_vector_type_PortableVector sum2 =
9376 libcrux_ml_kem_vector_portable_add_b8(coefficient_normal_form, &sum1);
9377 libcrux_ml_kem_vector_portable_vector_type_PortableVector red =
9378 libcrux_ml_kem_vector_portable_barrett_reduce_b8(sum2);
9379 result.coefficients[i0] = red;
9380 }
9381 return result;
9382 }
9383
9384 /**
9385 This function found in impl
9386 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
9387 TraitClause@1]}
9388 */
9389 /**
9390 A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_d6
9391 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
9392 with const generics
9393
9394 */
9395 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_polynomial_add_message_error_reduce_d6_ea(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * self,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * message,libcrux_ml_kem_polynomial_PolynomialRingElement_1d result)9396 libcrux_ml_kem_polynomial_add_message_error_reduce_d6_ea(
9397 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
9398 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message,
9399 libcrux_ml_kem_polynomial_PolynomialRingElement_1d result) {
9400 return libcrux_ml_kem_polynomial_add_message_error_reduce_ea(self, message,
9401 result);
9402 }
9403
9404 /**
9405 Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message
9406 */
9407 /**
9408 A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v
9409 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
9410 with const generics
9411 - K= 3
9412 */
9413 static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_matrix_compute_ring_element_v_1b(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * t_as_ntt,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * r_as_ntt,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * error_2,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * message)9414 libcrux_ml_kem_matrix_compute_ring_element_v_1b(
9415 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt,
9416 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt,
9417 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_2,
9418 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message) {
9419 libcrux_ml_kem_polynomial_PolynomialRingElement_1d result =
9420 libcrux_ml_kem_polynomial_ZERO_d6_ea();
9421 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9422 size_t i0 = i;
9423 libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
9424 libcrux_ml_kem_polynomial_ntt_multiply_d6_ea(&t_as_ntt[i0],
9425 &r_as_ntt[i0]);
9426 libcrux_ml_kem_polynomial_add_to_ring_element_d6_1b(&result, &product);
9427 }
9428 libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b(&result);
9429 return libcrux_ml_kem_polynomial_add_message_error_reduce_d6_ea(
9430 error_2, message, result);
9431 }
9432
9433 /**
9434 A monomorphic instance of libcrux_ml_kem.vector.portable.compress.compress
9435 with const generics
9436 - COEFFICIENT_BITS= 4
9437 */
9438 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_compress_d1(libcrux_ml_kem_vector_portable_vector_type_PortableVector a)9439 libcrux_ml_kem_vector_portable_compress_compress_d1(
9440 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
9441 for (size_t i = (size_t)0U;
9442 i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
9443 size_t i0 = i;
9444 int16_t uu____0 = libcrux_secrets_int_as_i16_f5(
9445 libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient(
9446 (uint8_t)(int32_t)4,
9447 libcrux_secrets_int_as_u16_f5(a.elements[i0])));
9448 a.elements[i0] = uu____0;
9449 }
9450 return a;
9451 }
9452
9453 /**
9454 This function found in impl {libcrux_ml_kem::vector::traits::Operations for
9455 libcrux_ml_kem::vector::portable::vector_type::PortableVector}
9456 */
9457 /**
9458 A monomorphic instance of libcrux_ml_kem.vector.portable.compress_b8
9459 with const generics
9460 - COEFFICIENT_BITS= 4
9461 */
9462 static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_compress_b8_d1(libcrux_ml_kem_vector_portable_vector_type_PortableVector a)9463 libcrux_ml_kem_vector_portable_compress_b8_d1(
9464 libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
9465 return libcrux_ml_kem_vector_portable_compress_compress_d1(a);
9466 }
9467
9468 /**
9469 A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4
9470 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
9471 with const generics
9472
9473 */
9474 static KRML_MUSTINLINE void
libcrux_ml_kem_serialize_compress_then_serialize_4_ea(libcrux_ml_kem_polynomial_PolynomialRingElement_1d re,Eurydice_slice serialized)9475 libcrux_ml_kem_serialize_compress_then_serialize_4_ea(
9476 libcrux_ml_kem_polynomial_PolynomialRingElement_1d re,
9477 Eurydice_slice serialized) {
9478 for (size_t i = (size_t)0U;
9479 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
9480 size_t i0 = i;
9481 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
9482 libcrux_ml_kem_vector_portable_compress_b8_d1(
9483 libcrux_ml_kem_serialize_to_unsigned_field_modulus_ea(
9484 re.coefficients[i0]));
9485 uint8_t bytes[8U];
9486 libcrux_ml_kem_vector_portable_serialize_4_b8(coefficient, bytes);
9487 Eurydice_slice_copy(
9488 Eurydice_slice_subslice3(serialized, (size_t)8U * i0,
9489 (size_t)8U * i0 + (size_t)8U, uint8_t *),
9490 Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t);
9491 }
9492 }
9493
9494 /**
9495 A monomorphic instance of
9496 libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types
9497 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
9498 - K= 3
9499 - COMPRESSION_FACTOR= 4
9500 - OUT_LEN= 128
9501 */
9502 static KRML_MUSTINLINE void
libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6c(libcrux_ml_kem_polynomial_PolynomialRingElement_1d re,Eurydice_slice out)9503 libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6c(
9504 libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, Eurydice_slice out) {
9505 libcrux_ml_kem_serialize_compress_then_serialize_4_ea(re, out);
9506 }
9507
9508 /**
9509 A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_c2
9510 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
9511 with const generics
9512 - K= 3
9513 - V_COMPRESSION_FACTOR= 4
9514 - C2_LEN= 128
9515 */
libcrux_ml_kem_ind_cpa_encrypt_c2_6c(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * t_as_ntt,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * r_as_ntt,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * error_2,uint8_t * message,Eurydice_slice ciphertext)9516 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_c2_6c(
9517 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt,
9518 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt,
9519 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_2,
9520 uint8_t *message, Eurydice_slice ciphertext) {
9521 libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element =
9522 libcrux_ml_kem_serialize_deserialize_then_decompress_message_ea(message);
9523 libcrux_ml_kem_polynomial_PolynomialRingElement_1d v =
9524 libcrux_ml_kem_matrix_compute_ring_element_v_1b(
9525 t_as_ntt, r_as_ntt, error_2, &message_as_ring_element);
9526 libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6c(
9527 v, ciphertext);
9528 }
9529
9530 /**
9531 This function implements <strong>Algorithm 13</strong> of the
9532 NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm.
9533
9534 Algorithm 13 is reproduced below:
9535
9536 ```plaintext
9537 Input: encryption key ekₚₖₑ ∈ ��^{384k+32}.
9538 Input: message m ∈ ��^{32}.
9539 Input: encryption randomness r ∈ ��^{32}.
9540 Output: ciphertext c ∈ ��^{32(dᵤk + dᵥ)}.
9541
9542 N ← 0
9543 t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k])
9544 ρ ← ekₚₖₑ[384k: 384k + 32]
9545 for (i ← 0; i < k; i++)
9546 for(j ← 0; j < k; j++)
9547 Â[i,j] ← SampleNTT(XOF(ρ, i, j))
9548 end for
9549 end for
9550 for(i ← 0; i < k; i++)
9551 r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N))
9552 N ← N + 1
9553 end for
9554 for(i ← 0; i < k; i++)
9555 e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N))
9556 N ← N + 1
9557 end for
9558 e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N))
9559 r̂ ← NTT(r)
9560 u ← NTT-¹(Âᵀ ◦ r̂) + e₁
9561 μ ← Decompress₁(ByteDecode₁(m)))
9562 v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ
9563 c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u))
9564 c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v))
9565 return c ← (c₁ ‖ c₂)
9566 ```
9567
9568 The NIST FIPS 203 standard can be found at
9569 <https://csrc.nist.gov/pubs/fips/203/ipd>.
9570 */
9571 /**
9572 A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked
9573 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
9574 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
9575 generics
9576 - K= 3
9577 - CIPHERTEXT_SIZE= 1088
9578 - T_AS_NTT_ENCODED_SIZE= 1152
9579 - C1_LEN= 960
9580 - C2_LEN= 128
9581 - U_COMPRESSION_FACTOR= 10
9582 - V_COMPRESSION_FACTOR= 4
9583 - BLOCK_LEN= 320
9584 - ETA1= 2
9585 - ETA1_RANDOMNESS_SIZE= 128
9586 - ETA2= 2
9587 - ETA2_RANDOMNESS_SIZE= 128
9588 */
libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 * public_key,uint8_t * message,Eurydice_slice randomness,uint8_t ret[1088U])9589 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(
9590 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key,
9591 uint8_t *message, Eurydice_slice randomness, uint8_t ret[1088U]) {
9592 uint8_t ciphertext[1088U] = {0U};
9593 tuple_ed uu____0 = libcrux_ml_kem_ind_cpa_encrypt_c1_85(
9594 randomness, public_key->A,
9595 Eurydice_array_to_subslice3(ciphertext, (size_t)0U, (size_t)960U,
9596 uint8_t *));
9597 libcrux_ml_kem_polynomial_PolynomialRingElement_1d r_as_ntt[3U];
9598 memcpy(
9599 r_as_ntt, uu____0.fst,
9600 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
9601 libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_2 = uu____0.snd;
9602 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____1 =
9603 public_key->t_as_ntt;
9604 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____2 = r_as_ntt;
9605 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____3 = &error_2;
9606 uint8_t *uu____4 = message;
9607 libcrux_ml_kem_ind_cpa_encrypt_c2_6c(
9608 uu____1, uu____2, uu____3, uu____4,
9609 Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U,
9610 uint8_t, size_t, uint8_t[]));
9611 memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t));
9612 }
9613
9614 /**
9615 A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt
9616 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
9617 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
9618 generics
9619 - K= 3
9620 - CIPHERTEXT_SIZE= 1088
9621 - T_AS_NTT_ENCODED_SIZE= 1152
9622 - C1_LEN= 960
9623 - C2_LEN= 128
9624 - U_COMPRESSION_FACTOR= 10
9625 - V_COMPRESSION_FACTOR= 4
9626 - BLOCK_LEN= 320
9627 - ETA1= 2
9628 - ETA1_RANDOMNESS_SIZE= 128
9629 - ETA2= 2
9630 - ETA2_RANDOMNESS_SIZE= 128
9631 */
libcrux_ml_kem_ind_cpa_encrypt_2a(Eurydice_slice public_key,uint8_t * message,Eurydice_slice randomness,uint8_t ret[1088U])9632 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_2a(
9633 Eurydice_slice public_key, uint8_t *message, Eurydice_slice randomness,
9634 uint8_t ret[1088U]) {
9635 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0
9636 unpacked_public_key =
9637 libcrux_ml_kem_ind_cpa_build_unpacked_public_key_3f(public_key);
9638 uint8_t ret0[1088U];
9639 libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(&unpacked_public_key, message,
9640 randomness, ret0);
9641 memcpy(ret, ret0, (size_t)1088U * sizeof(uint8_t));
9642 }
9643
9644 /**
9645 This function found in impl {libcrux_ml_kem::variant::Variant for
9646 libcrux_ml_kem::variant::MlKem}
9647 */
9648 /**
9649 A monomorphic instance of libcrux_ml_kem.variant.kdf_39
9650 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
9651 with const generics
9652 - K= 3
9653 - CIPHERTEXT_SIZE= 1088
9654 */
libcrux_ml_kem_variant_kdf_39_d6(Eurydice_slice shared_secret,uint8_t * _,uint8_t ret[32U])9655 static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_39_d6(
9656 Eurydice_slice shared_secret, uint8_t *_, uint8_t ret[32U]) {
9657 uint8_t out[32U] = {0U};
9658 Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
9659 shared_secret, uint8_t);
9660 memcpy(ret, out, (size_t)32U * sizeof(uint8_t));
9661 }
9662
9663 /**
9664 This code verifies on some machines, runs out of memory on others
9665 */
9666 /**
9667 A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate
9668 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
9669 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
9670 libcrux_ml_kem_variant_MlKem with const generics
9671 - K= 3
9672 - SECRET_KEY_SIZE= 2400
9673 - CPA_SECRET_KEY_SIZE= 1152
9674 - PUBLIC_KEY_SIZE= 1184
9675 - CIPHERTEXT_SIZE= 1088
9676 - T_AS_NTT_ENCODED_SIZE= 1152
9677 - C1_SIZE= 960
9678 - C2_SIZE= 128
9679 - VECTOR_U_COMPRESSION_FACTOR= 10
9680 - VECTOR_V_COMPRESSION_FACTOR= 4
9681 - C1_BLOCK_SIZE= 320
9682 - ETA1= 2
9683 - ETA1_RANDOMNESS_SIZE= 128
9684 - ETA2= 2
9685 - ETA2_RANDOMNESS_SIZE= 128
9686 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
9687 */
libcrux_ml_kem_ind_cca_decapsulate_62(libcrux_ml_kem_types_MlKemPrivateKey_d9 * private_key,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * ciphertext,uint8_t ret[32U])9688 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_decapsulate_62(
9689 libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
9690 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
9691 Eurydice_slice_uint8_t_x4 uu____0 =
9692 libcrux_ml_kem_types_unpack_private_key_b4(
9693 Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t));
9694 Eurydice_slice ind_cpa_secret_key = uu____0.fst;
9695 Eurydice_slice ind_cpa_public_key = uu____0.snd;
9696 Eurydice_slice ind_cpa_public_key_hash = uu____0.thd;
9697 Eurydice_slice implicit_rejection_value = uu____0.f3;
9698 uint8_t decrypted[32U];
9699 libcrux_ml_kem_ind_cpa_decrypt_42(ind_cpa_secret_key, ciphertext->value,
9700 decrypted);
9701 uint8_t to_hash0[64U];
9702 libcrux_ml_kem_utils_into_padded_array_24(
9703 Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
9704 Eurydice_slice_copy(
9705 Eurydice_array_to_subslice_from(
9706 (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
9707 uint8_t, size_t, uint8_t[]),
9708 ind_cpa_public_key_hash, uint8_t);
9709 uint8_t hashed[64U];
9710 libcrux_ml_kem_hash_functions_portable_G_4a_e0(
9711 Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
9712 Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
9713 Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
9714 LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
9715 Eurydice_slice_uint8_t_x2);
9716 Eurydice_slice shared_secret0 = uu____1.fst;
9717 Eurydice_slice pseudorandomness = uu____1.snd;
9718 uint8_t to_hash[1120U];
9719 libcrux_ml_kem_utils_into_padded_array_15(implicit_rejection_value, to_hash);
9720 Eurydice_slice uu____2 = Eurydice_array_to_subslice_from(
9721 (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
9722 uint8_t, size_t, uint8_t[]);
9723 Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_d3_80(ciphertext),
9724 uint8_t);
9725 uint8_t implicit_rejection_shared_secret0[32U];
9726 libcrux_ml_kem_hash_functions_portable_PRF_4a_41(
9727 Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t),
9728 implicit_rejection_shared_secret0);
9729 uint8_t expected_ciphertext[1088U];
9730 libcrux_ml_kem_ind_cpa_encrypt_2a(ind_cpa_public_key, decrypted,
9731 pseudorandomness, expected_ciphertext);
9732 uint8_t implicit_rejection_shared_secret[32U];
9733 libcrux_ml_kem_variant_kdf_39_d6(
9734 Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0,
9735 uint8_t),
9736 libcrux_ml_kem_types_as_slice_a9_80(ciphertext),
9737 implicit_rejection_shared_secret);
9738 uint8_t shared_secret[32U];
9739 libcrux_ml_kem_variant_kdf_39_d6(
9740 shared_secret0, libcrux_ml_kem_types_as_slice_a9_80(ciphertext),
9741 shared_secret);
9742 uint8_t ret0[32U];
9743 libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
9744 libcrux_ml_kem_types_as_ref_d3_80(ciphertext),
9745 Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
9746 Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t),
9747 Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
9748 uint8_t),
9749 ret0);
9750 memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
9751 }
9752
9753 /**
9754 Portable decapsulate
9755 */
9756 /**
9757 A monomorphic instance of
9758 libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics
9759 - K= 3
9760 - SECRET_KEY_SIZE= 2400
9761 - CPA_SECRET_KEY_SIZE= 1152
9762 - PUBLIC_KEY_SIZE= 1184
9763 - CIPHERTEXT_SIZE= 1088
9764 - T_AS_NTT_ENCODED_SIZE= 1152
9765 - C1_SIZE= 960
9766 - C2_SIZE= 128
9767 - VECTOR_U_COMPRESSION_FACTOR= 10
9768 - VECTOR_V_COMPRESSION_FACTOR= 4
9769 - C1_BLOCK_SIZE= 320
9770 - ETA1= 2
9771 - ETA1_RANDOMNESS_SIZE= 128
9772 - ETA2= 2
9773 - ETA2_RANDOMNESS_SIZE= 128
9774 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
9775 */
9776 static inline void
libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_35(libcrux_ml_kem_types_MlKemPrivateKey_d9 * private_key,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * ciphertext,uint8_t ret[32U])9777 libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_35(
9778 libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
9779 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
9780 libcrux_ml_kem_ind_cca_decapsulate_62(private_key, ciphertext, ret);
9781 }
9782
9783 /**
9784 Decapsulate ML-KEM 768
9785
9786 Generates an [`MlKemSharedSecret`].
9787 The input is a reference to an [`MlKem768PrivateKey`] and an
9788 [`MlKem768Ciphertext`].
9789 */
libcrux_ml_kem_mlkem768_portable_decapsulate(libcrux_ml_kem_types_MlKemPrivateKey_d9 * private_key,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * ciphertext,uint8_t ret[32U])9790 static inline void libcrux_ml_kem_mlkem768_portable_decapsulate(
9791 libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
9792 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
9793 libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_35(
9794 private_key, ciphertext, ret);
9795 }
9796
9797 /**
9798 This function found in impl {libcrux_ml_kem::variant::Variant for
9799 libcrux_ml_kem::variant::MlKem}
9800 */
9801 /**
9802 A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_39
9803 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
9804 with const generics
9805 - K= 3
9806 */
libcrux_ml_kem_variant_entropy_preprocess_39_9c(Eurydice_slice randomness,uint8_t ret[32U])9807 static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_39_9c(
9808 Eurydice_slice randomness, uint8_t ret[32U]) {
9809 uint8_t out[32U] = {0U};
9810 Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
9811 randomness, uint8_t);
9812 memcpy(ret, out, (size_t)32U * sizeof(uint8_t));
9813 }
9814
9815 /**
9816 This function found in impl {libcrux_ml_kem::hash_functions::Hash<K> for
9817 libcrux_ml_kem::hash_functions::portable::PortableHash<K>}
9818 */
9819 /**
9820 A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_4a
9821 with const generics
9822 - K= 3
9823 */
libcrux_ml_kem_hash_functions_portable_H_4a_e0(Eurydice_slice input,uint8_t ret[32U])9824 static inline void libcrux_ml_kem_hash_functions_portable_H_4a_e0(
9825 Eurydice_slice input, uint8_t ret[32U]) {
9826 libcrux_ml_kem_hash_functions_portable_H(input, ret);
9827 }
9828
9829 /**
9830 A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate
9831 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
9832 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
9833 libcrux_ml_kem_variant_MlKem with const generics
9834 - K= 3
9835 - CIPHERTEXT_SIZE= 1088
9836 - PUBLIC_KEY_SIZE= 1184
9837 - T_AS_NTT_ENCODED_SIZE= 1152
9838 - C1_SIZE= 960
9839 - C2_SIZE= 128
9840 - VECTOR_U_COMPRESSION_FACTOR= 10
9841 - VECTOR_V_COMPRESSION_FACTOR= 4
9842 - C1_BLOCK_SIZE= 320
9843 - ETA1= 2
9844 - ETA1_RANDOMNESS_SIZE= 128
9845 - ETA2= 2
9846 - ETA2_RANDOMNESS_SIZE= 128
9847 */
libcrux_ml_kem_ind_cca_encapsulate_ca(libcrux_ml_kem_types_MlKemPublicKey_30 * public_key,uint8_t * randomness)9848 static KRML_MUSTINLINE tuple_c2 libcrux_ml_kem_ind_cca_encapsulate_ca(
9849 libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, uint8_t *randomness) {
9850 uint8_t randomness0[32U];
9851 libcrux_ml_kem_variant_entropy_preprocess_39_9c(
9852 Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
9853 uint8_t to_hash[64U];
9854 libcrux_ml_kem_utils_into_padded_array_24(
9855 Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash);
9856 Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
9857 (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t,
9858 size_t, uint8_t[]);
9859 uint8_t ret0[32U];
9860 libcrux_ml_kem_hash_functions_portable_H_4a_e0(
9861 Eurydice_array_to_slice((size_t)1184U,
9862 libcrux_ml_kem_types_as_slice_e6_d0(public_key),
9863 uint8_t),
9864 ret0);
9865 Eurydice_slice_copy(
9866 uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t);
9867 uint8_t hashed[64U];
9868 libcrux_ml_kem_hash_functions_portable_G_4a_e0(
9869 Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed);
9870 Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
9871 Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
9872 LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
9873 Eurydice_slice_uint8_t_x2);
9874 Eurydice_slice shared_secret = uu____1.fst;
9875 Eurydice_slice pseudorandomness = uu____1.snd;
9876 uint8_t ciphertext[1088U];
9877 libcrux_ml_kem_ind_cpa_encrypt_2a(
9878 Eurydice_array_to_slice((size_t)1184U,
9879 libcrux_ml_kem_types_as_slice_e6_d0(public_key),
9880 uint8_t),
9881 randomness0, pseudorandomness, ciphertext);
9882 /* Passing arrays by value in Rust generates a copy in C */
9883 uint8_t copy_of_ciphertext[1088U];
9884 memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
9885 tuple_c2 lit;
9886 lit.fst = libcrux_ml_kem_types_from_e0_80(copy_of_ciphertext);
9887 uint8_t ret[32U];
9888 libcrux_ml_kem_variant_kdf_39_d6(shared_secret, ciphertext, ret);
9889 memcpy(lit.snd, ret, (size_t)32U * sizeof(uint8_t));
9890 return lit;
9891 }
9892
9893 /**
9894 A monomorphic instance of
9895 libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics
9896 - K= 3
9897 - CIPHERTEXT_SIZE= 1088
9898 - PUBLIC_KEY_SIZE= 1184
9899 - T_AS_NTT_ENCODED_SIZE= 1152
9900 - C1_SIZE= 960
9901 - C2_SIZE= 128
9902 - VECTOR_U_COMPRESSION_FACTOR= 10
9903 - VECTOR_V_COMPRESSION_FACTOR= 4
9904 - C1_BLOCK_SIZE= 320
9905 - ETA1= 2
9906 - ETA1_RANDOMNESS_SIZE= 128
9907 - ETA2= 2
9908 - ETA2_RANDOMNESS_SIZE= 128
9909 */
9910 static inline tuple_c2
libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_cd(libcrux_ml_kem_types_MlKemPublicKey_30 * public_key,uint8_t * randomness)9911 libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_cd(
9912 libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, uint8_t *randomness) {
9913 return libcrux_ml_kem_ind_cca_encapsulate_ca(public_key, randomness);
9914 }
9915
9916 /**
9917 Encapsulate ML-KEM 768
9918
9919 Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple.
9920 The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`]
9921 bytes of `randomness`.
9922 */
libcrux_ml_kem_mlkem768_portable_encapsulate(libcrux_ml_kem_types_MlKemPublicKey_30 * public_key,uint8_t randomness[32U])9923 static inline tuple_c2 libcrux_ml_kem_mlkem768_portable_encapsulate(
9924 libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
9925 uint8_t randomness[32U]) {
9926 return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_cd(
9927 public_key, randomness);
9928 }
9929
9930 /**
9931 This function found in impl {core::default::Default for
9932 libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked<Vector,
9933 K>[TraitClause@0, TraitClause@1]}
9934 */
9935 /**
9936 A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_70
9937 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
9938 with const generics
9939 - K= 3
9940 */
9941 static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0
libcrux_ml_kem_ind_cpa_unpacked_default_70_1b(void)9942 libcrux_ml_kem_ind_cpa_unpacked_default_70_1b(void) {
9943 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 lit;
9944 libcrux_ml_kem_polynomial_PolynomialRingElement_1d repeat_expression[3U];
9945 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
9946 repeat_expression[i] = libcrux_ml_kem_polynomial_ZERO_d6_ea();
9947 }
9948 memcpy(
9949 lit.secret_as_ntt, repeat_expression,
9950 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
9951 return lit;
9952 }
9953
9954 /**
9955 This function found in impl {libcrux_ml_kem::variant::Variant for
9956 libcrux_ml_kem::variant::MlKem}
9957 */
9958 /**
9959 A monomorphic instance of libcrux_ml_kem.variant.cpa_keygen_seed_39
9960 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
9961 with const generics
9962 - K= 3
9963 */
libcrux_ml_kem_variant_cpa_keygen_seed_39_9c(Eurydice_slice key_generation_seed,uint8_t ret[64U])9964 static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_39_9c(
9965 Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
9966 uint8_t seed[33U] = {0U};
9967 Eurydice_slice_copy(
9968 Eurydice_array_to_subslice3(
9969 seed, (size_t)0U,
9970 LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t *),
9971 key_generation_seed, uint8_t);
9972 seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] =
9973 (uint8_t)(size_t)3U;
9974 uint8_t ret0[64U];
9975 libcrux_ml_kem_hash_functions_portable_G_4a_e0(
9976 Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0);
9977 memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t));
9978 }
9979
9980 /**
9981 This function found in impl {core::ops::function::FnMut<(usize),
9982 libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
9983 TraitClause@3]> for
9984 libcrux_ml_kem::ind_cpa::generate_keypair_unpacked::closure<Vector, Hasher,
9985 Scheme, K, ETA1, ETA1_RANDOMNESS_SIZE>[TraitClause@0, TraitClause@1,
9986 TraitClause@2, TraitClause@3, TraitClause@4, TraitClause@5]}
9987 */
9988 /**
9989 A monomorphic instance of
9990 libcrux_ml_kem.ind_cpa.generate_keypair_unpacked.call_mut_73 with types
9991 libcrux_ml_kem_vector_portable_vector_type_PortableVector,
9992 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
9993 libcrux_ml_kem_variant_MlKem with const generics
9994 - K= 3
9995 - ETA1= 2
9996 - ETA1_RANDOMNESS_SIZE= 128
9997 */
9998 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_call_mut_73_1c(void ** _,size_t tupled_args)9999 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_call_mut_73_1c(
10000 void **_, size_t tupled_args) {
10001 return libcrux_ml_kem_polynomial_ZERO_d6_ea();
10002 }
10003
10004 /**
10005 A monomorphic instance of libcrux_ml_kem.polynomial.to_standard_domain
10006 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10007 with const generics
10008
10009 */
10010 static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_polynomial_to_standard_domain_ea(libcrux_ml_kem_vector_portable_vector_type_PortableVector vector)10011 libcrux_ml_kem_polynomial_to_standard_domain_ea(
10012 libcrux_ml_kem_vector_portable_vector_type_PortableVector vector) {
10013 return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8(
10014 vector,
10015 LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS);
10016 }
10017
10018 /**
10019 A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce
10020 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10021 with const generics
10022
10023 */
10024 static KRML_MUSTINLINE void
libcrux_ml_kem_polynomial_add_standard_error_reduce_ea(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * myself,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * error)10025 libcrux_ml_kem_polynomial_add_standard_error_reduce_ea(
10026 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself,
10027 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
10028 for (size_t i = (size_t)0U;
10029 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
10030 size_t j = i;
10031 libcrux_ml_kem_vector_portable_vector_type_PortableVector
10032 coefficient_normal_form =
10033 libcrux_ml_kem_polynomial_to_standard_domain_ea(
10034 myself->coefficients[j]);
10035 libcrux_ml_kem_vector_portable_vector_type_PortableVector sum =
10036 libcrux_ml_kem_vector_portable_add_b8(coefficient_normal_form,
10037 &error->coefficients[j]);
10038 libcrux_ml_kem_vector_portable_vector_type_PortableVector red =
10039 libcrux_ml_kem_vector_portable_barrett_reduce_b8(sum);
10040 myself->coefficients[j] = red;
10041 }
10042 }
10043
10044 /**
10045 This function found in impl
10046 {libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
10047 TraitClause@1]}
10048 */
10049 /**
10050 A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_d6
10051 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10052 with const generics
10053
10054 */
10055 static KRML_MUSTINLINE void
libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_ea(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * self,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * error)10056 libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_ea(
10057 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self,
10058 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) {
10059 libcrux_ml_kem_polynomial_add_standard_error_reduce_ea(self, error);
10060 }
10061
10062 /**
10063 Compute  ◦ ŝ + ê
10064 */
10065 /**
10066 A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e
10067 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10068 with const generics
10069 - K= 3
10070 */
libcrux_ml_kem_matrix_compute_As_plus_e_1b(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * t_as_ntt,libcrux_ml_kem_polynomial_PolynomialRingElement_1d (* matrix_A)[3U],libcrux_ml_kem_polynomial_PolynomialRingElement_1d * s_as_ntt,libcrux_ml_kem_polynomial_PolynomialRingElement_1d * error_as_ntt)10071 static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_1b(
10072 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt,
10073 libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*matrix_A)[3U],
10074 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *s_as_ntt,
10075 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_as_ntt) {
10076 for (size_t i = (size_t)0U;
10077 i < Eurydice_slice_len(
10078 Eurydice_array_to_slice(
10079 (size_t)3U, matrix_A,
10080 libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]),
10081 libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]);
10082 i++) {
10083 size_t i0 = i;
10084 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0];
10085 libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
10086 libcrux_ml_kem_polynomial_ZERO_d6_ea();
10087 t_as_ntt[i0] = uu____0;
10088 for (size_t i1 = (size_t)0U;
10089 i1 < Eurydice_slice_len(
10090 Eurydice_array_to_slice(
10091 (size_t)3U, row,
10092 libcrux_ml_kem_polynomial_PolynomialRingElement_1d),
10093 libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
10094 i1++) {
10095 size_t j = i1;
10096 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *matrix_element =
10097 &row[j];
10098 libcrux_ml_kem_polynomial_PolynomialRingElement_1d product =
10099 libcrux_ml_kem_polynomial_ntt_multiply_d6_ea(matrix_element,
10100 &s_as_ntt[j]);
10101 libcrux_ml_kem_polynomial_add_to_ring_element_d6_1b(&t_as_ntt[i0],
10102 &product);
10103 }
10104 libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_ea(
10105 &t_as_ntt[i0], &error_as_ntt[i0]);
10106 }
10107 }
10108
10109 /**
10110 This function implements most of <strong>Algorithm 12</strong> of the
10111 NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation
10112 algorithm.
10113
10114 We say "most of" since Algorithm 12 samples the required randomness within
10115 the function itself, whereas this implementation expects it to be provided
10116 through the `key_generation_seed` parameter.
10117
10118 Algorithm 12 is reproduced below:
10119
10120 ```plaintext
10121 Output: encryption key ekₚₖₑ ∈ ��^{384k+32}.
10122 Output: decryption key dkₚₖₑ ∈ ��^{384k}.
10123
10124 d ←$ B
10125 (ρ,σ) ← G(d)
10126 N ← 0
10127 for (i ← 0; i < k; i++)
10128 for(j ← 0; j < k; j++)
10129 Â[i,j] ← SampleNTT(XOF(ρ, i, j))
10130 end for
10131 end for
10132 for(i ← 0; i < k; i++)
10133 s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N))
10134 N ← N + 1
10135 end for
10136 for(i ← 0; i < k; i++)
10137 e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N))
10138 N ← N + 1
10139 end for
10140 ŝ ← NTT(s)
10141 ê ← NTT(e)
10142 t̂ ← Â◦ŝ + ê
10143 ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ
10144 dkₚₖₑ ← ByteEncode₁₂(ŝ)
10145 ```
10146
10147 The NIST FIPS 203 standard can be found at
10148 <https://csrc.nist.gov/pubs/fips/203/ipd>.
10149 */
10150 /**
10151 A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked
10152 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
10153 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
10154 libcrux_ml_kem_variant_MlKem with const generics
10155 - K= 3
10156 - ETA1= 2
10157 - ETA1_RANDOMNESS_SIZE= 128
10158 */
libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c(Eurydice_slice key_generation_seed,libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 * private_key,libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 * public_key)10159 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c(
10160 Eurydice_slice key_generation_seed,
10161 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key,
10162 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) {
10163 uint8_t hashed[64U];
10164 libcrux_ml_kem_variant_cpa_keygen_seed_39_9c(key_generation_seed, hashed);
10165 Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
10166 Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
10167 uint8_t, Eurydice_slice_uint8_t_x2);
10168 Eurydice_slice seed_for_A = uu____0.fst;
10169 Eurydice_slice seed_for_secret_and_error = uu____0.snd;
10170 libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[3U] =
10171 public_key->A;
10172 uint8_t ret[34U];
10173 libcrux_ml_kem_utils_into_padded_array_b6(seed_for_A, ret);
10174 libcrux_ml_kem_matrix_sample_matrix_A_2b(uu____1, ret, true);
10175 uint8_t prf_input[33U];
10176 libcrux_ml_kem_utils_into_padded_array_c8(seed_for_secret_and_error,
10177 prf_input);
10178 uint8_t domain_separator =
10179 libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b(
10180 private_key->secret_as_ntt, prf_input, 0U);
10181 libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_as_ntt[3U];
10182 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
10183 /* original Rust expression is not an lvalue in C */
10184 void *lvalue = (void *)0U;
10185 error_as_ntt[i] =
10186 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_call_mut_73_1c(&lvalue,
10187 i);
10188 }
10189 libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b(error_as_ntt, prf_input,
10190 domain_separator);
10191 libcrux_ml_kem_matrix_compute_As_plus_e_1b(
10192 public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
10193 error_as_ntt);
10194 uint8_t uu____2[32U];
10195 Result_fb dst;
10196 Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U],
10197 TryFromSliceError);
10198 unwrap_26_b3(dst, uu____2);
10199 memcpy(public_key->seed_for_A, uu____2, (size_t)32U * sizeof(uint8_t));
10200 }
10201
10202 /**
10203 A monomorphic instance of
10204 libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types
10205 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
10206
10207 */
10208 static KRML_MUSTINLINE void
libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_ea(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * re,uint8_t ret[384U])10209 libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_ea(
10210 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[384U]) {
10211 uint8_t serialized[384U] = {0U};
10212 for (size_t i = (size_t)0U;
10213 i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
10214 size_t i0 = i;
10215 libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
10216 libcrux_ml_kem_serialize_to_unsigned_field_modulus_ea(
10217 re->coefficients[i0]);
10218 uint8_t bytes[24U];
10219 libcrux_ml_kem_vector_portable_serialize_12_b8(coefficient, bytes);
10220 Eurydice_slice_copy(
10221 Eurydice_array_to_subslice3(serialized, (size_t)24U * i0,
10222 (size_t)24U * i0 + (size_t)24U, uint8_t *),
10223 Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t);
10224 }
10225 memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t));
10226 }
10227
10228 /**
10229 Call [`serialize_uncompressed_ring_element`] for each ring element.
10230 */
10231 /**
10232 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_vector
10233 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10234 with const generics
10235 - K= 3
10236 */
libcrux_ml_kem_ind_cpa_serialize_vector_1b(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * key,Eurydice_slice out)10237 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_vector_1b(
10238 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *key,
10239 Eurydice_slice out) {
10240 for (size_t i = (size_t)0U;
10241 i < Eurydice_slice_len(
10242 Eurydice_array_to_slice(
10243 (size_t)3U, key,
10244 libcrux_ml_kem_polynomial_PolynomialRingElement_1d),
10245 libcrux_ml_kem_polynomial_PolynomialRingElement_1d);
10246 i++) {
10247 size_t i0 = i;
10248 libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = key[i0];
10249 Eurydice_slice uu____0 = Eurydice_slice_subslice3(
10250 out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
10251 (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
10252 uint8_t *);
10253 uint8_t ret[384U];
10254 libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_ea(&re, ret);
10255 Eurydice_slice_copy(
10256 uu____0, Eurydice_array_to_slice((size_t)384U, ret, uint8_t), uint8_t);
10257 }
10258 }
10259
10260 /**
10261 Concatenate `t` and `ρ` into the public key.
10262 */
10263 /**
10264 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut
10265 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10266 with const generics
10267 - K= 3
10268 - PUBLIC_KEY_SIZE= 1184
10269 */
libcrux_ml_kem_ind_cpa_serialize_public_key_mut_89(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * t_as_ntt,Eurydice_slice seed_for_a,uint8_t * serialized)10270 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_89(
10271 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt,
10272 Eurydice_slice seed_for_a, uint8_t *serialized) {
10273 libcrux_ml_kem_ind_cpa_serialize_vector_1b(
10274 t_as_ntt,
10275 Eurydice_array_to_subslice3(
10276 serialized, (size_t)0U,
10277 libcrux_ml_kem_constants_ranked_bytes_per_ring_element((size_t)3U),
10278 uint8_t *));
10279 Eurydice_slice_copy(
10280 Eurydice_array_to_subslice_from(
10281 (size_t)1184U, serialized,
10282 libcrux_ml_kem_constants_ranked_bytes_per_ring_element((size_t)3U),
10283 uint8_t, size_t, uint8_t[]),
10284 seed_for_a, uint8_t);
10285 }
10286
10287 /**
10288 Concatenate `t` and `ρ` into the public key.
10289 */
10290 /**
10291 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key
10292 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10293 with const generics
10294 - K= 3
10295 - PUBLIC_KEY_SIZE= 1184
10296 */
libcrux_ml_kem_ind_cpa_serialize_public_key_89(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * t_as_ntt,Eurydice_slice seed_for_a,uint8_t ret[1184U])10297 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_89(
10298 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt,
10299 Eurydice_slice seed_for_a, uint8_t ret[1184U]) {
10300 uint8_t public_key_serialized[1184U] = {0U};
10301 libcrux_ml_kem_ind_cpa_serialize_public_key_mut_89(t_as_ntt, seed_for_a,
10302 public_key_serialized);
10303 memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
10304 }
10305
10306 /**
10307 Serialize the secret key from the unpacked key pair generation.
10308 */
10309 /**
10310 A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_unpacked_secret_key
10311 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10312 with const generics
10313 - K= 3
10314 - PRIVATE_KEY_SIZE= 1152
10315 - PUBLIC_KEY_SIZE= 1184
10316 */
10317 static inline libcrux_ml_kem_utils_extraction_helper_Keypair768
libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_6c(libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 * public_key,libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 * private_key)10318 libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_6c(
10319 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key,
10320 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key) {
10321 uint8_t public_key_serialized[1184U];
10322 libcrux_ml_kem_ind_cpa_serialize_public_key_89(
10323 public_key->t_as_ntt,
10324 Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t),
10325 public_key_serialized);
10326 uint8_t secret_key_serialized[1152U] = {0U};
10327 libcrux_ml_kem_ind_cpa_serialize_vector_1b(
10328 private_key->secret_as_ntt,
10329 Eurydice_array_to_slice((size_t)1152U, secret_key_serialized, uint8_t));
10330 /* Passing arrays by value in Rust generates a copy in C */
10331 uint8_t copy_of_secret_key_serialized[1152U];
10332 memcpy(copy_of_secret_key_serialized, secret_key_serialized,
10333 (size_t)1152U * sizeof(uint8_t));
10334 /* Passing arrays by value in Rust generates a copy in C */
10335 uint8_t copy_of_public_key_serialized[1184U];
10336 memcpy(copy_of_public_key_serialized, public_key_serialized,
10337 (size_t)1184U * sizeof(uint8_t));
10338 libcrux_ml_kem_utils_extraction_helper_Keypair768 lit;
10339 memcpy(lit.fst, copy_of_secret_key_serialized,
10340 (size_t)1152U * sizeof(uint8_t));
10341 memcpy(lit.snd, copy_of_public_key_serialized,
10342 (size_t)1184U * sizeof(uint8_t));
10343 return lit;
10344 }
10345
10346 /**
10347 A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair
10348 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
10349 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
10350 libcrux_ml_kem_variant_MlKem with const generics
10351 - K= 3
10352 - PRIVATE_KEY_SIZE= 1152
10353 - PUBLIC_KEY_SIZE= 1184
10354 - ETA1= 2
10355 - ETA1_RANDOMNESS_SIZE= 128
10356 */
10357 static KRML_MUSTINLINE libcrux_ml_kem_utils_extraction_helper_Keypair768
libcrux_ml_kem_ind_cpa_generate_keypair_ea(Eurydice_slice key_generation_seed)10358 libcrux_ml_kem_ind_cpa_generate_keypair_ea(Eurydice_slice key_generation_seed) {
10359 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key =
10360 libcrux_ml_kem_ind_cpa_unpacked_default_70_1b();
10361 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key =
10362 libcrux_ml_kem_ind_cpa_unpacked_default_8b_1b();
10363 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c(
10364 key_generation_seed, &private_key, &public_key);
10365 return libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_6c(&public_key,
10366 &private_key);
10367 }
10368
10369 /**
10370 Serialize the secret key.
10371 */
10372 /**
10373 A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key_mut
10374 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
10375 with const generics
10376 - K= 3
10377 - SERIALIZED_KEY_LEN= 2400
10378 */
10379 static KRML_MUSTINLINE void
libcrux_ml_kem_ind_cca_serialize_kem_secret_key_mut_d6(Eurydice_slice private_key,Eurydice_slice public_key,Eurydice_slice implicit_rejection_value,uint8_t * serialized)10380 libcrux_ml_kem_ind_cca_serialize_kem_secret_key_mut_d6(
10381 Eurydice_slice private_key, Eurydice_slice public_key,
10382 Eurydice_slice implicit_rejection_value, uint8_t *serialized) {
10383 size_t pointer = (size_t)0U;
10384 uint8_t *uu____0 = serialized;
10385 size_t uu____1 = pointer;
10386 size_t uu____2 = pointer;
10387 Eurydice_slice_copy(
10388 Eurydice_array_to_subslice3(
10389 uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t),
10390 uint8_t *),
10391 private_key, uint8_t);
10392 pointer = pointer + Eurydice_slice_len(private_key, uint8_t);
10393 uint8_t *uu____3 = serialized;
10394 size_t uu____4 = pointer;
10395 size_t uu____5 = pointer;
10396 Eurydice_slice_copy(
10397 Eurydice_array_to_subslice3(
10398 uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t),
10399 uint8_t *),
10400 public_key, uint8_t);
10401 pointer = pointer + Eurydice_slice_len(public_key, uint8_t);
10402 Eurydice_slice uu____6 = Eurydice_array_to_subslice3(
10403 serialized, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE,
10404 uint8_t *);
10405 uint8_t ret[32U];
10406 libcrux_ml_kem_hash_functions_portable_H_4a_e0(public_key, ret);
10407 Eurydice_slice_copy(
10408 uu____6, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t);
10409 pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE;
10410 uint8_t *uu____7 = serialized;
10411 size_t uu____8 = pointer;
10412 size_t uu____9 = pointer;
10413 Eurydice_slice_copy(
10414 Eurydice_array_to_subslice3(
10415 uu____7, uu____8,
10416 uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t),
10417 uint8_t *),
10418 implicit_rejection_value, uint8_t);
10419 }
10420
10421 /**
10422 A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key
10423 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
10424 with const generics
10425 - K= 3
10426 - SERIALIZED_KEY_LEN= 2400
10427 */
libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d6(Eurydice_slice private_key,Eurydice_slice public_key,Eurydice_slice implicit_rejection_value,uint8_t ret[2400U])10428 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d6(
10429 Eurydice_slice private_key, Eurydice_slice public_key,
10430 Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) {
10431 uint8_t out[2400U] = {0U};
10432 libcrux_ml_kem_ind_cca_serialize_kem_secret_key_mut_d6(
10433 private_key, public_key, implicit_rejection_value, out);
10434 memcpy(ret, out, (size_t)2400U * sizeof(uint8_t));
10435 }
10436
10437 /**
10438 Packed API
10439
10440 Generate a key pair.
10441
10442 Depending on the `Vector` and `Hasher` used, this requires different hardware
10443 features
10444 */
10445 /**
10446 A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair
10447 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
10448 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
10449 libcrux_ml_kem_variant_MlKem with const generics
10450 - K= 3
10451 - CPA_PRIVATE_KEY_SIZE= 1152
10452 - PRIVATE_KEY_SIZE= 2400
10453 - PUBLIC_KEY_SIZE= 1184
10454 - ETA1= 2
10455 - ETA1_RANDOMNESS_SIZE= 128
10456 */
10457 static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_MlKem768KeyPair
libcrux_ml_kem_ind_cca_generate_keypair_15(uint8_t * randomness)10458 libcrux_ml_kem_ind_cca_generate_keypair_15(uint8_t *randomness) {
10459 Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice3(
10460 randomness, (size_t)0U,
10461 LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t *);
10462 Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from(
10463 (size_t)64U, randomness,
10464 LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
10465 size_t, uint8_t[]);
10466 libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 =
10467 libcrux_ml_kem_ind_cpa_generate_keypair_ea(ind_cpa_keypair_randomness);
10468 uint8_t ind_cpa_private_key[1152U];
10469 memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t));
10470 uint8_t public_key[1184U];
10471 memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
10472 uint8_t secret_key_serialized[2400U];
10473 libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d6(
10474 Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
10475 Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
10476 implicit_rejection_value, secret_key_serialized);
10477 /* Passing arrays by value in Rust generates a copy in C */
10478 uint8_t copy_of_secret_key_serialized[2400U];
10479 memcpy(copy_of_secret_key_serialized, secret_key_serialized,
10480 (size_t)2400U * sizeof(uint8_t));
10481 libcrux_ml_kem_types_MlKemPrivateKey_d9 private_key =
10482 libcrux_ml_kem_types_from_77_28(copy_of_secret_key_serialized);
10483 libcrux_ml_kem_types_MlKemPrivateKey_d9 uu____2 = private_key;
10484 /* Passing arrays by value in Rust generates a copy in C */
10485 uint8_t copy_of_public_key[1184U];
10486 memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
10487 return libcrux_ml_kem_types_from_17_74(
10488 uu____2, libcrux_ml_kem_types_from_fd_d0(copy_of_public_key));
10489 }
10490
10491 /**
10492 Portable generate key pair.
10493 */
10494 /**
10495 A monomorphic instance of
10496 libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const
10497 generics
10498 - K= 3
10499 - CPA_PRIVATE_KEY_SIZE= 1152
10500 - PRIVATE_KEY_SIZE= 2400
10501 - PUBLIC_KEY_SIZE= 1184
10502 - ETA1= 2
10503 - ETA1_RANDOMNESS_SIZE= 128
10504 */
10505 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ce(uint8_t * randomness)10506 libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ce(
10507 uint8_t *randomness) {
10508 return libcrux_ml_kem_ind_cca_generate_keypair_15(randomness);
10509 }
10510
10511 /**
10512 Generate ML-KEM 768 Key Pair
10513 */
10514 static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U])10515 libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) {
10516 return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ce(
10517 randomness);
10518 }
10519
10520 /**
10521 Validate an ML-KEM private key.
10522
10523 This implements the Hash check in 7.3 3.
10524 */
10525 /**
10526 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key_only
10527 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
10528 with const generics
10529 - K= 3
10530 - SECRET_KEY_SIZE= 2400
10531 */
libcrux_ml_kem_ind_cca_validate_private_key_only_d6(libcrux_ml_kem_types_MlKemPrivateKey_d9 * private_key)10532 static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_only_d6(
10533 libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
10534 uint8_t t[32U];
10535 libcrux_ml_kem_hash_functions_portable_H_4a_e0(
10536 Eurydice_array_to_subslice3(private_key->value, (size_t)384U * (size_t)3U,
10537 (size_t)768U * (size_t)3U + (size_t)32U,
10538 uint8_t *),
10539 t);
10540 Eurydice_slice expected = Eurydice_array_to_subslice3(
10541 private_key->value, (size_t)768U * (size_t)3U + (size_t)32U,
10542 (size_t)768U * (size_t)3U + (size_t)64U, uint8_t *);
10543 return Eurydice_array_eq_slice((size_t)32U, t, &expected, uint8_t, bool);
10544 }
10545
10546 /**
10547 Validate an ML-KEM private key.
10548
10549 This implements the Hash check in 7.3 3.
10550 Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE`
10551 and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types.
10552 */
10553 /**
10554 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
10555 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
10556 with const generics
10557 - K= 3
10558 - SECRET_KEY_SIZE= 2400
10559 - CIPHERTEXT_SIZE= 1088
10560 */
libcrux_ml_kem_ind_cca_validate_private_key_37(libcrux_ml_kem_types_MlKemPrivateKey_d9 * private_key,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * _ciphertext)10561 static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_37(
10562 libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
10563 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) {
10564 return libcrux_ml_kem_ind_cca_validate_private_key_only_d6(private_key);
10565 }
10566
10567 /**
10568 Private key validation
10569 */
10570 /**
10571 A monomorphic instance of
10572 libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key with const
10573 generics
10574 - K= 3
10575 - SECRET_KEY_SIZE= 2400
10576 - CIPHERTEXT_SIZE= 1088
10577 */
10578 static KRML_MUSTINLINE bool
libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_31(libcrux_ml_kem_types_MlKemPrivateKey_d9 * private_key,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * ciphertext)10579 libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_31(
10580 libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
10581 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
10582 return libcrux_ml_kem_ind_cca_validate_private_key_37(private_key,
10583 ciphertext);
10584 }
10585
10586 /**
10587 Validate a private key.
10588
10589 Returns `true` if valid, and `false` otherwise.
10590 */
libcrux_ml_kem_mlkem768_portable_validate_private_key(libcrux_ml_kem_types_MlKemPrivateKey_d9 * private_key,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * ciphertext)10591 static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key(
10592 libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
10593 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
10594 return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_31(
10595 private_key, ciphertext);
10596 }
10597
10598 /**
10599 Private key validation
10600 */
10601 /**
10602 A monomorphic instance of
10603 libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key_only with
10604 const generics
10605 - K= 3
10606 - SECRET_KEY_SIZE= 2400
10607 */
10608 static KRML_MUSTINLINE bool
libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_only_41(libcrux_ml_kem_types_MlKemPrivateKey_d9 * private_key)10609 libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_only_41(
10610 libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
10611 return libcrux_ml_kem_ind_cca_validate_private_key_only_d6(private_key);
10612 }
10613
10614 /**
10615 Validate the private key only.
10616
10617 Returns `true` if valid, and `false` otherwise.
10618 */
libcrux_ml_kem_mlkem768_portable_validate_private_key_only(libcrux_ml_kem_types_MlKemPrivateKey_d9 * private_key)10619 static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key_only(
10620 libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key) {
10621 return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_only_41(
10622 private_key);
10623 }
10624
10625 /**
10626 This function found in impl {core::ops::function::FnMut<(usize),
10627 libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
10628 TraitClause@1]> for
10629 libcrux_ml_kem::serialize::deserialize_ring_elements_reduced_out::closure<Vector,
10630 K>[TraitClause@0, TraitClause@1]}
10631 */
10632 /**
10633 A monomorphic instance of
10634 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out.call_mut_0b with
10635 types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const
10636 generics
10637 - K= 3
10638 */
10639 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_call_mut_0b_1b(void ** _,size_t tupled_args)10640 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_call_mut_0b_1b(
10641 void **_, size_t tupled_args) {
10642 return libcrux_ml_kem_polynomial_ZERO_d6_ea();
10643 }
10644
10645 /**
10646 This function deserializes ring elements and reduces the result by the field
10647 modulus.
10648
10649 This function MUST NOT be used on secret inputs.
10650 */
10651 /**
10652 A monomorphic instance of
10653 libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
10654 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
10655 - K= 3
10656 */
10657 static KRML_MUSTINLINE void
libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_1b(Eurydice_slice public_key,libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U])10658 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_1b(
10659 Eurydice_slice public_key,
10660 libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) {
10661 libcrux_ml_kem_polynomial_PolynomialRingElement_1d deserialized_pk[3U];
10662 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
10663 /* original Rust expression is not an lvalue in C */
10664 void *lvalue = (void *)0U;
10665 deserialized_pk[i] =
10666 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_call_mut_0b_1b(
10667 &lvalue, i);
10668 }
10669 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1b(
10670 public_key, deserialized_pk);
10671 memcpy(
10672 ret, deserialized_pk,
10673 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
10674 }
10675
10676 /**
10677 Validate an ML-KEM public key.
10678
10679 This implements the Modulus check in 7.2 2.
10680 Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the
10681 `public_key` type.
10682 */
10683 /**
10684 A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key
10685 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10686 with const generics
10687 - K= 3
10688 - PUBLIC_KEY_SIZE= 1184
10689 */
libcrux_ml_kem_ind_cca_validate_public_key_89(uint8_t * public_key)10690 static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_89(
10691 uint8_t *public_key) {
10692 libcrux_ml_kem_polynomial_PolynomialRingElement_1d deserialized_pk[3U];
10693 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_1b(
10694 Eurydice_array_to_subslice_to(
10695 (size_t)1184U, public_key,
10696 libcrux_ml_kem_constants_ranked_bytes_per_ring_element((size_t)3U),
10697 uint8_t, size_t, uint8_t[]),
10698 deserialized_pk);
10699 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____0 = deserialized_pk;
10700 uint8_t public_key_serialized[1184U];
10701 libcrux_ml_kem_ind_cpa_serialize_public_key_89(
10702 uu____0,
10703 Eurydice_array_to_subslice_from(
10704 (size_t)1184U, public_key,
10705 libcrux_ml_kem_constants_ranked_bytes_per_ring_element((size_t)3U),
10706 uint8_t, size_t, uint8_t[]),
10707 public_key_serialized);
10708 return Eurydice_array_eq((size_t)1184U, public_key, public_key_serialized,
10709 uint8_t);
10710 }
10711
10712 /**
10713 Public key validation
10714 */
10715 /**
10716 A monomorphic instance of
10717 libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const
10718 generics
10719 - K= 3
10720 - PUBLIC_KEY_SIZE= 1184
10721 */
10722 static KRML_MUSTINLINE bool
libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_41(uint8_t * public_key)10723 libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_41(
10724 uint8_t *public_key) {
10725 return libcrux_ml_kem_ind_cca_validate_public_key_89(public_key);
10726 }
10727
10728 /**
10729 Validate a public key.
10730
10731 Returns `true` if valid, and `false` otherwise.
10732 */
libcrux_ml_kem_mlkem768_portable_validate_public_key(libcrux_ml_kem_types_MlKemPublicKey_30 * public_key)10733 static inline bool libcrux_ml_kem_mlkem768_portable_validate_public_key(
10734 libcrux_ml_kem_types_MlKemPublicKey_30 *public_key) {
10735 return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_41(
10736 public_key->value);
10737 }
10738
10739 /**
10740 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked
10741 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
10742 with const generics
10743 - $3size_t
10744 */
10745 typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s {
10746 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key;
10747 uint8_t public_key_hash[32U];
10748 } libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0;
10749
10750 typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
10751 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768PublicKeyUnpacked;
10752
10753 /**
10754 A monomorphic instance of
10755 libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types
10756 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
10757 - $3size_t
10758 */
10759 typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s {
10760 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0
10761 ind_cpa_private_key;
10762 uint8_t implicit_rejection_value[32U];
10763 } libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0;
10764
10765 typedef struct
10766 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked_s {
10767 libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key;
10768 libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key;
10769 } libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked;
10770
10771 /**
10772 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate
10773 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
10774 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
10775 generics
10776 - K= 3
10777 - SECRET_KEY_SIZE= 2400
10778 - CPA_SECRET_KEY_SIZE= 1152
10779 - PUBLIC_KEY_SIZE= 1184
10780 - CIPHERTEXT_SIZE= 1088
10781 - T_AS_NTT_ENCODED_SIZE= 1152
10782 - C1_SIZE= 960
10783 - C2_SIZE= 128
10784 - VECTOR_U_COMPRESSION_FACTOR= 10
10785 - VECTOR_V_COMPRESSION_FACTOR= 4
10786 - C1_BLOCK_SIZE= 320
10787 - ETA1= 2
10788 - ETA1_RANDOMNESS_SIZE= 128
10789 - ETA2= 2
10790 - ETA2_RANDOMNESS_SIZE= 128
10791 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
10792 */
libcrux_ml_kem_ind_cca_unpacked_decapsulate_51(libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked * key_pair,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * ciphertext,uint8_t ret[32U])10793 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_unpacked_decapsulate_51(
10794 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair,
10795 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
10796 uint8_t decrypted[32U];
10797 libcrux_ml_kem_ind_cpa_decrypt_unpacked_42(
10798 &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted);
10799 uint8_t to_hash0[64U];
10800 libcrux_ml_kem_utils_into_padded_array_24(
10801 Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
10802 Eurydice_slice uu____0 = Eurydice_array_to_subslice_from(
10803 (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
10804 uint8_t, size_t, uint8_t[]);
10805 Eurydice_slice_copy(
10806 uu____0,
10807 Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash,
10808 uint8_t),
10809 uint8_t);
10810 uint8_t hashed[64U];
10811 libcrux_ml_kem_hash_functions_portable_G_4a_e0(
10812 Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed);
10813 Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at(
10814 Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
10815 LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
10816 Eurydice_slice_uint8_t_x2);
10817 Eurydice_slice shared_secret = uu____1.fst;
10818 Eurydice_slice pseudorandomness = uu____1.snd;
10819 uint8_t to_hash[1120U];
10820 libcrux_ml_kem_utils_into_padded_array_15(
10821 Eurydice_array_to_slice(
10822 (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t),
10823 to_hash);
10824 Eurydice_slice uu____2 = Eurydice_array_to_subslice_from(
10825 (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
10826 uint8_t, size_t, uint8_t[]);
10827 Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_d3_80(ciphertext),
10828 uint8_t);
10829 uint8_t implicit_rejection_shared_secret[32U];
10830 libcrux_ml_kem_hash_functions_portable_PRF_4a_41(
10831 Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t),
10832 implicit_rejection_shared_secret);
10833 uint8_t expected_ciphertext[1088U];
10834 libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(
10835 &key_pair->public_key.ind_cpa_public_key, decrypted, pseudorandomness,
10836 expected_ciphertext);
10837 uint8_t selector =
10838 libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time(
10839 libcrux_ml_kem_types_as_ref_d3_80(ciphertext),
10840 Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t));
10841 uint8_t ret0[32U];
10842 libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(
10843 shared_secret,
10844 Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
10845 uint8_t),
10846 selector, ret0);
10847 memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
10848 }
10849
10850 /**
10851 Unpacked decapsulate
10852 */
10853 /**
10854 A monomorphic instance of
10855 libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.decapsulate with const
10856 generics
10857 - K= 3
10858 - SECRET_KEY_SIZE= 2400
10859 - CPA_SECRET_KEY_SIZE= 1152
10860 - PUBLIC_KEY_SIZE= 1184
10861 - CIPHERTEXT_SIZE= 1088
10862 - T_AS_NTT_ENCODED_SIZE= 1152
10863 - C1_SIZE= 960
10864 - C2_SIZE= 128
10865 - VECTOR_U_COMPRESSION_FACTOR= 10
10866 - VECTOR_V_COMPRESSION_FACTOR= 4
10867 - C1_BLOCK_SIZE= 320
10868 - ETA1= 2
10869 - ETA1_RANDOMNESS_SIZE= 128
10870 - ETA2= 2
10871 - ETA2_RANDOMNESS_SIZE= 128
10872 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
10873 */
10874 static KRML_MUSTINLINE void
libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_35(libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked * key_pair,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * ciphertext,uint8_t ret[32U])10875 libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_35(
10876 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair,
10877 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
10878 libcrux_ml_kem_ind_cca_unpacked_decapsulate_51(key_pair, ciphertext, ret);
10879 }
10880
10881 /**
10882 Decapsulate ML-KEM 768 (unpacked)
10883
10884 Generates an [`MlKemSharedSecret`].
10885 The input is a reference to an unpacked key pair of type
10886 [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`].
10887 */
libcrux_ml_kem_mlkem768_portable_unpacked_decapsulate(libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked * private_key,libcrux_ml_kem_mlkem768_MlKem768Ciphertext * ciphertext,uint8_t ret[32U])10888 static inline void libcrux_ml_kem_mlkem768_portable_unpacked_decapsulate(
10889 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
10890 *private_key,
10891 libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
10892 libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_35(
10893 private_key, ciphertext, ret);
10894 }
10895
10896 /**
10897 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encaps_prepare
10898 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
10899 with const generics
10900 - K= 3
10901 */
libcrux_ml_kem_ind_cca_unpacked_encaps_prepare_9c(Eurydice_slice randomness,Eurydice_slice pk_hash,uint8_t ret[64U])10902 static inline void libcrux_ml_kem_ind_cca_unpacked_encaps_prepare_9c(
10903 Eurydice_slice randomness, Eurydice_slice pk_hash, uint8_t ret[64U]) {
10904 uint8_t to_hash[64U];
10905 libcrux_ml_kem_utils_into_padded_array_24(randomness, to_hash);
10906 Eurydice_slice_copy(
10907 Eurydice_array_to_subslice_from((size_t)64U, to_hash,
10908 LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE,
10909 uint8_t, size_t, uint8_t[]),
10910 pk_hash, uint8_t);
10911 uint8_t ret0[64U];
10912 libcrux_ml_kem_hash_functions_portable_G_4a_e0(
10913 Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), ret0);
10914 memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t));
10915 }
10916
10917 /**
10918 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate
10919 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
10920 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const
10921 generics
10922 - K= 3
10923 - CIPHERTEXT_SIZE= 1088
10924 - PUBLIC_KEY_SIZE= 1184
10925 - T_AS_NTT_ENCODED_SIZE= 1152
10926 - C1_SIZE= 960
10927 - C2_SIZE= 128
10928 - VECTOR_U_COMPRESSION_FACTOR= 10
10929 - VECTOR_V_COMPRESSION_FACTOR= 4
10930 - VECTOR_U_BLOCK_LEN= 320
10931 - ETA1= 2
10932 - ETA1_RANDOMNESS_SIZE= 128
10933 - ETA2= 2
10934 - ETA2_RANDOMNESS_SIZE= 128
10935 */
libcrux_ml_kem_ind_cca_unpacked_encapsulate_0c(libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * public_key,uint8_t * randomness)10936 static KRML_MUSTINLINE tuple_c2 libcrux_ml_kem_ind_cca_unpacked_encapsulate_0c(
10937 libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key,
10938 uint8_t *randomness) {
10939 uint8_t hashed[64U];
10940 libcrux_ml_kem_ind_cca_unpacked_encaps_prepare_9c(
10941 Eurydice_array_to_slice((size_t)32U, randomness, uint8_t),
10942 Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash,
10943 uint8_t),
10944 hashed);
10945 Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
10946 Eurydice_array_to_slice((size_t)64U, hashed, uint8_t),
10947 LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t,
10948 Eurydice_slice_uint8_t_x2);
10949 Eurydice_slice shared_secret = uu____0.fst;
10950 Eurydice_slice pseudorandomness = uu____0.snd;
10951 uint8_t ciphertext[1088U];
10952 libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(&public_key->ind_cpa_public_key,
10953 randomness, pseudorandomness,
10954 ciphertext);
10955 uint8_t shared_secret_array[32U] = {0U};
10956 Eurydice_slice_copy(
10957 Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t),
10958 shared_secret, uint8_t);
10959 /* Passing arrays by value in Rust generates a copy in C */
10960 uint8_t copy_of_ciphertext[1088U];
10961 memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
10962 libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____2 =
10963 libcrux_ml_kem_types_from_e0_80(copy_of_ciphertext);
10964 /* Passing arrays by value in Rust generates a copy in C */
10965 uint8_t copy_of_shared_secret_array[32U];
10966 memcpy(copy_of_shared_secret_array, shared_secret_array,
10967 (size_t)32U * sizeof(uint8_t));
10968 tuple_c2 lit;
10969 lit.fst = uu____2;
10970 memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t));
10971 return lit;
10972 }
10973
10974 /**
10975 Unpacked encapsulate
10976 */
10977 /**
10978 A monomorphic instance of
10979 libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.encapsulate with const
10980 generics
10981 - K= 3
10982 - CIPHERTEXT_SIZE= 1088
10983 - PUBLIC_KEY_SIZE= 1184
10984 - T_AS_NTT_ENCODED_SIZE= 1152
10985 - C1_SIZE= 960
10986 - C2_SIZE= 128
10987 - VECTOR_U_COMPRESSION_FACTOR= 10
10988 - VECTOR_V_COMPRESSION_FACTOR= 4
10989 - VECTOR_U_BLOCK_LEN= 320
10990 - ETA1= 2
10991 - ETA1_RANDOMNESS_SIZE= 128
10992 - ETA2= 2
10993 - ETA2_RANDOMNESS_SIZE= 128
10994 */
10995 static KRML_MUSTINLINE tuple_c2
libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_cd(libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * public_key,uint8_t * randomness)10996 libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_cd(
10997 libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key,
10998 uint8_t *randomness) {
10999 return libcrux_ml_kem_ind_cca_unpacked_encapsulate_0c(public_key, randomness);
11000 }
11001
11002 /**
11003 Encapsulate ML-KEM 768 (unpacked)
11004
11005 Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple.
11006 The input is a reference to an unpacked public key of type
11007 [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and
11008 [`SHARED_SECRET_SIZE`] bytes of `randomness`.
11009 */
libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate(libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * public_key,uint8_t randomness[32U])11010 static inline tuple_c2 libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate(
11011 libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key,
11012 uint8_t randomness[32U]) {
11013 return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_cd(
11014 public_key, randomness);
11015 }
11016
11017 /**
11018 This function found in impl {core::ops::function::FnMut<(usize),
11019 libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
11020 TraitClause@1]> for
11021 libcrux_ml_kem::ind_cca::unpacked::transpose_a::closure::closure<Vector,
11022 K>[TraitClause@0, TraitClause@1]}
11023 */
11024 /**
11025 A monomorphic instance of
11026 libcrux_ml_kem.ind_cca.unpacked.transpose_a.closure.call_mut_b4 with types
11027 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
11028 - K= 3
11029 */
11030 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_ind_cca_unpacked_transpose_a_closure_call_mut_b4_1b(void ** _,size_t tupled_args)11031 libcrux_ml_kem_ind_cca_unpacked_transpose_a_closure_call_mut_b4_1b(
11032 void **_, size_t tupled_args) {
11033 return libcrux_ml_kem_polynomial_ZERO_d6_ea();
11034 }
11035
11036 /**
11037 This function found in impl {core::ops::function::FnMut<(usize),
11038 @Array<libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
11039 TraitClause@1], K>> for
11040 libcrux_ml_kem::ind_cca::unpacked::transpose_a::closure<Vector,
11041 K>[TraitClause@0, TraitClause@1]}
11042 */
11043 /**
11044 A monomorphic instance of
11045 libcrux_ml_kem.ind_cca.unpacked.transpose_a.call_mut_7b with types
11046 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
11047 - K= 3
11048 */
libcrux_ml_kem_ind_cca_unpacked_transpose_a_call_mut_7b_1b(void ** _,size_t tupled_args,libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U])11049 static inline void libcrux_ml_kem_ind_cca_unpacked_transpose_a_call_mut_7b_1b(
11050 void **_, size_t tupled_args,
11051 libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) {
11052 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
11053 /* original Rust expression is not an lvalue in C */
11054 void *lvalue = (void *)0U;
11055 ret[i] = libcrux_ml_kem_ind_cca_unpacked_transpose_a_closure_call_mut_b4_1b(
11056 &lvalue, i);
11057 }
11058 }
11059
11060 /**
11061 This function found in impl {core::clone::Clone for
11062 libcrux_ml_kem::polynomial::PolynomialRingElement<Vector>[TraitClause@0,
11063 TraitClause@2]}
11064 */
11065 /**
11066 A monomorphic instance of libcrux_ml_kem.polynomial.clone_c1
11067 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
11068 with const generics
11069
11070 */
11071 static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d
libcrux_ml_kem_polynomial_clone_c1_ea(libcrux_ml_kem_polynomial_PolynomialRingElement_1d * self)11072 libcrux_ml_kem_polynomial_clone_c1_ea(
11073 libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self) {
11074 libcrux_ml_kem_polynomial_PolynomialRingElement_1d lit;
11075 libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U];
11076 core_array__core__clone__Clone_for__Array_T__N___clone(
11077 (size_t)16U, self->coefficients, ret,
11078 libcrux_ml_kem_vector_portable_vector_type_PortableVector, void *);
11079 memcpy(lit.coefficients, ret,
11080 (size_t)16U *
11081 sizeof(libcrux_ml_kem_vector_portable_vector_type_PortableVector));
11082 return lit;
11083 }
11084
11085 /**
11086 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.transpose_a
11087 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
11088 with const generics
11089 - K= 3
11090 */
libcrux_ml_kem_ind_cca_unpacked_transpose_a_1b(libcrux_ml_kem_polynomial_PolynomialRingElement_1d ind_cpa_a[3U][3U],libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U][3U])11091 static inline void libcrux_ml_kem_ind_cca_unpacked_transpose_a_1b(
11092 libcrux_ml_kem_polynomial_PolynomialRingElement_1d ind_cpa_a[3U][3U],
11093 libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U][3U]) {
11094 libcrux_ml_kem_polynomial_PolynomialRingElement_1d A[3U][3U];
11095 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
11096 /* original Rust expression is not an lvalue in C */
11097 void *lvalue = (void *)0U;
11098 libcrux_ml_kem_ind_cca_unpacked_transpose_a_call_mut_7b_1b(&lvalue, i,
11099 A[i]);
11100 }
11101 for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
11102 size_t i0 = i;
11103 libcrux_ml_kem_polynomial_PolynomialRingElement_1d _a_i[3U][3U];
11104 memcpy(_a_i, A,
11105 (size_t)3U *
11106 sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]));
11107 for (size_t i1 = (size_t)0U; i1 < (size_t)3U; i1++) {
11108 size_t j = i1;
11109 libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 =
11110 libcrux_ml_kem_polynomial_clone_c1_ea(&ind_cpa_a[j][i0]);
11111 A[i0][j] = uu____0;
11112 }
11113 }
11114 memcpy(ret, A,
11115 (size_t)3U *
11116 sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]));
11117 }
11118
11119 /**
11120 Generate Unpacked Keys
11121 */
11122 /**
11123 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.generate_keypair
11124 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector,
11125 libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
11126 libcrux_ml_kem_variant_MlKem with const generics
11127 - K= 3
11128 - CPA_PRIVATE_KEY_SIZE= 1152
11129 - PRIVATE_KEY_SIZE= 2400
11130 - PUBLIC_KEY_SIZE= 1184
11131 - ETA1= 2
11132 - ETA1_RANDOMNESS_SIZE= 128
11133 */
libcrux_ml_kem_ind_cca_unpacked_generate_keypair_15(uint8_t randomness[64U],libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked * out)11134 static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_15(
11135 uint8_t randomness[64U],
11136 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) {
11137 Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice3(
11138 randomness, (size_t)0U,
11139 LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t *);
11140 Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from(
11141 (size_t)64U, randomness,
11142 LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
11143 size_t, uint8_t[]);
11144 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c(
11145 ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key,
11146 &out->public_key.ind_cpa_public_key);
11147 libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[3U][3U];
11148 memcpy(uu____0, out->public_key.ind_cpa_public_key.A,
11149 (size_t)3U *
11150 sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]));
11151 libcrux_ml_kem_polynomial_PolynomialRingElement_1d A[3U][3U];
11152 libcrux_ml_kem_ind_cca_unpacked_transpose_a_1b(uu____0, A);
11153 libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____1[3U][3U];
11154 memcpy(uu____1, A,
11155 (size_t)3U *
11156 sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]));
11157 memcpy(out->public_key.ind_cpa_public_key.A, uu____1,
11158 (size_t)3U *
11159 sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]));
11160 uint8_t pk_serialized[1184U];
11161 libcrux_ml_kem_ind_cpa_serialize_public_key_89(
11162 out->public_key.ind_cpa_public_key.t_as_ntt,
11163 Eurydice_array_to_slice(
11164 (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t),
11165 pk_serialized);
11166 uint8_t uu____2[32U];
11167 libcrux_ml_kem_hash_functions_portable_H_4a_e0(
11168 Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), uu____2);
11169 memcpy(out->public_key.public_key_hash, uu____2,
11170 (size_t)32U * sizeof(uint8_t));
11171 uint8_t uu____3[32U];
11172 Result_fb dst;
11173 Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice,
11174 uint8_t[32U], TryFromSliceError);
11175 unwrap_26_b3(dst, uu____3);
11176 memcpy(out->private_key.implicit_rejection_value, uu____3,
11177 (size_t)32U * sizeof(uint8_t));
11178 }
11179
11180 /**
11181 Generate a key pair
11182 */
11183 /**
11184 A monomorphic instance of
11185 libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.generate_keypair with
11186 const generics
11187 - K= 3
11188 - CPA_PRIVATE_KEY_SIZE= 1152
11189 - PRIVATE_KEY_SIZE= 2400
11190 - PUBLIC_KEY_SIZE= 1184
11191 - ETA1= 2
11192 - ETA1_RANDOMNESS_SIZE= 128
11193 */
11194 static KRML_MUSTINLINE void
libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_ce(uint8_t randomness[64U],libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked * out)11195 libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_ce(
11196 uint8_t randomness[64U],
11197 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) {
11198 /* Passing arrays by value in Rust generates a copy in C */
11199 uint8_t copy_of_randomness[64U];
11200 memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
11201 libcrux_ml_kem_ind_cca_unpacked_generate_keypair_15(copy_of_randomness, out);
11202 }
11203
11204 /**
11205 Generate ML-KEM 768 Key Pair in "unpacked" form.
11206 */
11207 static inline void
libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair_mut(uint8_t randomness[64U],libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked * key_pair)11208 libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair_mut(
11209 uint8_t randomness[64U],
11210 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
11211 *key_pair) {
11212 /* Passing arrays by value in Rust generates a copy in C */
11213 uint8_t copy_of_randomness[64U];
11214 memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
11215 libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_ce(
11216 copy_of_randomness, key_pair);
11217 }
11218
11219 /**
11220 This function found in impl {core::default::Default for
11221 libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked<Vector,
11222 K>[TraitClause@0, TraitClause@1]}
11223 */
11224 /**
11225 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_30
11226 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
11227 with const generics
11228 - K= 3
11229 */
11230 static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
libcrux_ml_kem_ind_cca_unpacked_default_30_1b(void)11231 libcrux_ml_kem_ind_cca_unpacked_default_30_1b(void) {
11232 return (
11233 KRML_CLITERAL(libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0){
11234 .ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8b_1b(),
11235 .public_key_hash = {0U}});
11236 }
11237
11238 /**
11239 This function found in impl {core::default::Default for
11240 libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked<Vector,
11241 K>[TraitClause@0, TraitClause@1]}
11242 */
11243 /**
11244 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_7b
11245 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
11246 with const generics
11247 - K= 3
11248 */
11249 static KRML_MUSTINLINE
11250 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
libcrux_ml_kem_ind_cca_unpacked_default_7b_1b(void)11251 libcrux_ml_kem_ind_cca_unpacked_default_7b_1b(void) {
11252 libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____0 = {
11253 .ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_70_1b(),
11254 .implicit_rejection_value = {0U}};
11255 return (KRML_CLITERAL(
11256 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked){
11257 .private_key = uu____0,
11258 .public_key = libcrux_ml_kem_ind_cca_unpacked_default_30_1b()});
11259 }
11260
11261 /**
11262 Generate ML-KEM 768 Key Pair in "unpacked" form.
11263 */
11264 static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(uint8_t randomness[64U])11265 libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(
11266 uint8_t randomness[64U]) {
11267 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked key_pair =
11268 libcrux_ml_kem_ind_cca_unpacked_default_7b_1b();
11269 uint8_t uu____0[64U];
11270 memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t));
11271 libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair_mut(uu____0,
11272 &key_pair);
11273 return key_pair;
11274 }
11275
11276 /**
11277 Create a new, empty unpacked key.
11278 */
11279 static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void)11280 libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) {
11281 return libcrux_ml_kem_ind_cca_unpacked_default_7b_1b();
11282 }
11283
11284 /**
11285 Create a new, empty unpacked public key.
11286 */
11287 static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void)11288 libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) {
11289 return libcrux_ml_kem_ind_cca_unpacked_default_30_1b();
11290 }
11291
11292 /**
11293 Take a serialized private key and generate an unpacked key pair from it.
11294 */
11295 /**
11296 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.keys_from_private_key
11297 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
11298 with const generics
11299 - K= 3
11300 - SECRET_KEY_SIZE= 2400
11301 - CPA_SECRET_KEY_SIZE= 1152
11302 - PUBLIC_KEY_SIZE= 1184
11303 - T_AS_NTT_ENCODED_SIZE= 1152
11304 */
11305 static KRML_MUSTINLINE void
libcrux_ml_kem_ind_cca_unpacked_keys_from_private_key_42(libcrux_ml_kem_types_MlKemPrivateKey_d9 * private_key,libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked * key_pair)11306 libcrux_ml_kem_ind_cca_unpacked_keys_from_private_key_42(
11307 libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
11308 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
11309 *key_pair) {
11310 Eurydice_slice_uint8_t_x4 uu____0 =
11311 libcrux_ml_kem_types_unpack_private_key_b4(
11312 Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t));
11313 Eurydice_slice ind_cpa_secret_key = uu____0.fst;
11314 Eurydice_slice ind_cpa_public_key = uu____0.snd;
11315 Eurydice_slice ind_cpa_public_key_hash = uu____0.thd;
11316 Eurydice_slice implicit_rejection_value = uu____0.f3;
11317 libcrux_ml_kem_ind_cpa_deserialize_vector_1b(
11318 ind_cpa_secret_key,
11319 key_pair->private_key.ind_cpa_private_key.secret_as_ntt);
11320 libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_3f(
11321 ind_cpa_public_key, &key_pair->public_key.ind_cpa_public_key);
11322 Eurydice_slice_copy(
11323 Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash,
11324 uint8_t),
11325 ind_cpa_public_key_hash, uint8_t);
11326 Eurydice_slice_copy(
11327 Eurydice_array_to_slice(
11328 (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t),
11329 implicit_rejection_value, uint8_t);
11330 Eurydice_slice_copy(
11331 Eurydice_array_to_slice(
11332 (size_t)32U, key_pair->public_key.ind_cpa_public_key.seed_for_A,
11333 uint8_t),
11334 Eurydice_slice_subslice_from(ind_cpa_public_key, (size_t)1152U, uint8_t,
11335 size_t, uint8_t[]),
11336 uint8_t);
11337 }
11338
11339 /**
11340 Take a serialized private key and generate an unpacked key pair from it.
11341 */
11342 /**
11343 A monomorphic instance of
11344 libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.keypair_from_private_key
11345 with const generics
11346 - K= 3
11347 - SECRET_KEY_SIZE= 2400
11348 - CPA_SECRET_KEY_SIZE= 1152
11349 - PUBLIC_KEY_SIZE= 1184
11350 - T_AS_NTT_ENCODED_SIZE= 1152
11351 */
11352 static KRML_MUSTINLINE void
libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_keypair_from_private_key_fd(libcrux_ml_kem_types_MlKemPrivateKey_d9 * private_key,libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked * key_pair)11353 libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_keypair_from_private_key_fd(
11354 libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
11355 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
11356 *key_pair) {
11357 libcrux_ml_kem_ind_cca_unpacked_keys_from_private_key_42(private_key,
11358 key_pair);
11359 }
11360
11361 /**
11362 Get an unpacked key from a private key.
11363 */
11364 static inline void
libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_from_private_mut(libcrux_ml_kem_types_MlKemPrivateKey_d9 * private_key,libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked * key_pair)11365 libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_from_private_mut(
11366 libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key,
11367 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
11368 *key_pair) {
11369 libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_keypair_from_private_key_fd(
11370 private_key, key_pair);
11371 }
11372
11373 /**
11374 This function found in impl
11375 {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked<Vector,
11376 K>[TraitClause@0, TraitClause@1]}
11377 */
11378 /**
11379 A monomorphic instance of
11380 libcrux_ml_kem.ind_cca.unpacked.serialized_private_key_mut_11 with types
11381 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
11382 - K= 3
11383 - CPA_PRIVATE_KEY_SIZE= 1152
11384 - PRIVATE_KEY_SIZE= 2400
11385 - PUBLIC_KEY_SIZE= 1184
11386 */
11387 static KRML_MUSTINLINE void
libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_11_43(libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked * self,libcrux_ml_kem_types_MlKemPrivateKey_d9 * serialized)11388 libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_11_43(
11389 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self,
11390 libcrux_ml_kem_types_MlKemPrivateKey_d9 *serialized) {
11391 libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 =
11392 libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_6c(
11393 &self->public_key.ind_cpa_public_key,
11394 &self->private_key.ind_cpa_private_key);
11395 uint8_t ind_cpa_private_key[1152U];
11396 memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t));
11397 uint8_t ind_cpa_public_key[1184U];
11398 memcpy(ind_cpa_public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
11399 libcrux_ml_kem_ind_cca_serialize_kem_secret_key_mut_d6(
11400 Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
11401 Eurydice_array_to_slice((size_t)1184U, ind_cpa_public_key, uint8_t),
11402 Eurydice_array_to_slice(
11403 (size_t)32U, self->private_key.implicit_rejection_value, uint8_t),
11404 serialized->value);
11405 }
11406
11407 /**
11408 This function found in impl
11409 {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked<Vector,
11410 K>[TraitClause@0, TraitClause@1]}
11411 */
11412 /**
11413 A monomorphic instance of
11414 libcrux_ml_kem.ind_cca.unpacked.serialized_private_key_11 with types
11415 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
11416 - K= 3
11417 - CPA_PRIVATE_KEY_SIZE= 1152
11418 - PRIVATE_KEY_SIZE= 2400
11419 - PUBLIC_KEY_SIZE= 1184
11420 */
11421 static KRML_MUSTINLINE libcrux_ml_kem_types_MlKemPrivateKey_d9
libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_11_43(libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked * self)11422 libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_11_43(
11423 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) {
11424 libcrux_ml_kem_types_MlKemPrivateKey_d9 sk =
11425 libcrux_ml_kem_types_default_d3_28();
11426 libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_11_43(self, &sk);
11427 return sk;
11428 }
11429
11430 /**
11431 Get the serialized private key.
11432 */
11433 static inline libcrux_ml_kem_types_MlKemPrivateKey_d9
libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_private_key(libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked * key_pair)11434 libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_private_key(
11435 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
11436 *key_pair) {
11437 return libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_11_43(key_pair);
11438 }
11439
11440 /**
11441 Get the serialized private key.
11442 */
11443 static inline void
libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_private_key_mut(libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked * key_pair,libcrux_ml_kem_types_MlKemPrivateKey_d9 * serialized)11444 libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_private_key_mut(
11445 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair,
11446 libcrux_ml_kem_types_MlKemPrivateKey_d9 *serialized) {
11447 libcrux_ml_kem_ind_cca_unpacked_serialized_private_key_mut_11_43(key_pair,
11448 serialized);
11449 }
11450
11451 /**
11452 This function found in impl
11453 {libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked<Vector,
11454 K>[TraitClause@0, TraitClause@1]}
11455 */
11456 /**
11457 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.serialized_dd
11458 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
11459 with const generics
11460 - K= 3
11461 - PUBLIC_KEY_SIZE= 1184
11462 */
11463 static KRML_MUSTINLINE libcrux_ml_kem_types_MlKemPublicKey_30
libcrux_ml_kem_ind_cca_unpacked_serialized_dd_89(libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * self)11464 libcrux_ml_kem_ind_cca_unpacked_serialized_dd_89(
11465 libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) {
11466 uint8_t ret[1184U];
11467 libcrux_ml_kem_ind_cpa_serialize_public_key_89(
11468 self->ind_cpa_public_key.t_as_ntt,
11469 Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A,
11470 uint8_t),
11471 ret);
11472 return libcrux_ml_kem_types_from_fd_d0(ret);
11473 }
11474
11475 /**
11476 This function found in impl
11477 {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked<Vector,
11478 K>[TraitClause@0, TraitClause@1]}
11479 */
11480 /**
11481 A monomorphic instance of
11482 libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_11 with types
11483 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
11484 - K= 3
11485 - PUBLIC_KEY_SIZE= 1184
11486 */
11487 static KRML_MUSTINLINE libcrux_ml_kem_types_MlKemPublicKey_30
libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_11_89(libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked * self)11488 libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_11_89(
11489 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) {
11490 return libcrux_ml_kem_ind_cca_unpacked_serialized_dd_89(&self->public_key);
11491 }
11492
11493 /**
11494 Get the serialized public key.
11495 */
11496 static inline libcrux_ml_kem_types_MlKemPublicKey_30
libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key(libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked * key_pair)11497 libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key(
11498 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
11499 *key_pair) {
11500 return libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_11_89(key_pair);
11501 }
11502
11503 /**
11504 This function found in impl
11505 {libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked<Vector,
11506 K>[TraitClause@0, TraitClause@1]}
11507 */
11508 /**
11509 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.serialized_mut_dd
11510 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
11511 with const generics
11512 - K= 3
11513 - PUBLIC_KEY_SIZE= 1184
11514 */
11515 static KRML_MUSTINLINE void
libcrux_ml_kem_ind_cca_unpacked_serialized_mut_dd_89(libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * self,libcrux_ml_kem_types_MlKemPublicKey_30 * serialized)11516 libcrux_ml_kem_ind_cca_unpacked_serialized_mut_dd_89(
11517 libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self,
11518 libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
11519 libcrux_ml_kem_ind_cpa_serialize_public_key_mut_89(
11520 self->ind_cpa_public_key.t_as_ntt,
11521 Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A,
11522 uint8_t),
11523 serialized->value);
11524 }
11525
11526 /**
11527 This function found in impl
11528 {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked<Vector,
11529 K>[TraitClause@0, TraitClause@1]}
11530 */
11531 /**
11532 A monomorphic instance of
11533 libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_11 with types
11534 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
11535 - K= 3
11536 - PUBLIC_KEY_SIZE= 1184
11537 */
11538 static KRML_MUSTINLINE void
libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_11_89(libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked * self,libcrux_ml_kem_types_MlKemPublicKey_30 * serialized)11539 libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_11_89(
11540 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self,
11541 libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
11542 libcrux_ml_kem_ind_cca_unpacked_serialized_mut_dd_89(&self->public_key,
11543 serialized);
11544 }
11545
11546 /**
11547 Get the serialized public key.
11548 */
11549 static inline void
libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key_mut(libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked * key_pair,libcrux_ml_kem_types_MlKemPublicKey_30 * serialized)11550 libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key_mut(
11551 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair,
11552 libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
11553 libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_11_89(key_pair,
11554 serialized);
11555 }
11556
11557 /**
11558 This function found in impl {core::clone::Clone for
11559 libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked<Vector,
11560 K>[TraitClause@0, TraitClause@2]}
11561 */
11562 /**
11563 A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_91
11564 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
11565 with const generics
11566 - K= 3
11567 */
11568 static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0
libcrux_ml_kem_ind_cpa_unpacked_clone_91_1b(libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 * self)11569 libcrux_ml_kem_ind_cpa_unpacked_clone_91_1b(
11570 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) {
11571 libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[3U];
11572 core_array__core__clone__Clone_for__Array_T__N___clone(
11573 (size_t)3U, self->t_as_ntt, uu____0,
11574 libcrux_ml_kem_polynomial_PolynomialRingElement_1d, void *);
11575 uint8_t uu____1[32U];
11576 core_array__core__clone__Clone_for__Array_T__N___clone(
11577 (size_t)32U, self->seed_for_A, uu____1, uint8_t, void *);
11578 libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit;
11579 memcpy(
11580 lit.t_as_ntt, uu____0,
11581 (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d));
11582 memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t));
11583 libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U][3U];
11584 core_array__core__clone__Clone_for__Array_T__N___clone(
11585 (size_t)3U, self->A, ret,
11586 libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U], void *);
11587 memcpy(lit.A, ret,
11588 (size_t)3U *
11589 sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]));
11590 return lit;
11591 }
11592
11593 /**
11594 This function found in impl {core::clone::Clone for
11595 libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked<Vector,
11596 K>[TraitClause@0, TraitClause@2]}
11597 */
11598 /**
11599 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_d7
11600 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
11601 with const generics
11602 - K= 3
11603 */
11604 static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
libcrux_ml_kem_ind_cca_unpacked_clone_d7_1b(libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * self)11605 libcrux_ml_kem_ind_cca_unpacked_clone_d7_1b(
11606 libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) {
11607 libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit;
11608 lit.ind_cpa_public_key =
11609 libcrux_ml_kem_ind_cpa_unpacked_clone_91_1b(&self->ind_cpa_public_key);
11610 uint8_t ret[32U];
11611 core_array__core__clone__Clone_for__Array_T__N___clone(
11612 (size_t)32U, self->public_key_hash, ret, uint8_t, void *);
11613 memcpy(lit.public_key_hash, ret, (size_t)32U * sizeof(uint8_t));
11614 return lit;
11615 }
11616
11617 /**
11618 This function found in impl
11619 {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked<Vector,
11620 K>[TraitClause@0, TraitClause@1]}
11621 */
11622 /**
11623 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_11
11624 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
11625 with const generics
11626 - K= 3
11627 */
11628 static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *
libcrux_ml_kem_ind_cca_unpacked_public_key_11_1b(libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked * self)11629 libcrux_ml_kem_ind_cca_unpacked_public_key_11_1b(
11630 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) {
11631 return &self->public_key;
11632 }
11633
11634 /**
11635 Get the unpacked public key.
11636 */
libcrux_ml_kem_mlkem768_portable_unpacked_public_key(libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked * key_pair,libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * pk)11637 static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key(
11638 libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair,
11639 libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *pk) {
11640 libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 uu____0 =
11641 libcrux_ml_kem_ind_cca_unpacked_clone_d7_1b(
11642 libcrux_ml_kem_ind_cca_unpacked_public_key_11_1b(key_pair));
11643 pk[0U] = uu____0;
11644 }
11645
11646 /**
11647 Get the serialized public key.
11648 */
11649 static inline void
libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key(libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * public_key,libcrux_ml_kem_types_MlKemPublicKey_30 * serialized)11650 libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key(
11651 libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key,
11652 libcrux_ml_kem_types_MlKemPublicKey_30 *serialized) {
11653 libcrux_ml_kem_ind_cca_unpacked_serialized_mut_dd_89(public_key, serialized);
11654 }
11655
11656 /**
11657 Generate an unpacked key from a serialized key.
11658 */
11659 /**
11660 A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.unpack_public_key
11661 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]],
11662 libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
11663 - K= 3
11664 - T_AS_NTT_ENCODED_SIZE= 1152
11665 - PUBLIC_KEY_SIZE= 1184
11666 */
11667 static KRML_MUSTINLINE void
libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_0a(libcrux_ml_kem_types_MlKemPublicKey_30 * public_key,libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * unpacked_public_key)11668 libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_0a(
11669 libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
11670 libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
11671 *unpacked_public_key) {
11672 Eurydice_slice uu____0 =
11673 Eurydice_array_to_subslice_to((size_t)1184U, public_key->value,
11674 (size_t)1152U, uint8_t, size_t, uint8_t[]);
11675 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1b(
11676 uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt);
11677 uint8_t uu____1[32U];
11678 libcrux_ml_kem_utils_into_padded_array_9e(
11679 Eurydice_array_to_subslice_from((size_t)1184U, public_key->value,
11680 (size_t)1152U, uint8_t, size_t,
11681 uint8_t[]),
11682 uu____1);
11683 memcpy(unpacked_public_key->ind_cpa_public_key.seed_for_A, uu____1,
11684 (size_t)32U * sizeof(uint8_t));
11685 libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____2)[3U] =
11686 unpacked_public_key->ind_cpa_public_key.A;
11687 uint8_t ret[34U];
11688 libcrux_ml_kem_utils_into_padded_array_b6(
11689 Eurydice_array_to_subslice_from((size_t)1184U, public_key->value,
11690 (size_t)1152U, uint8_t, size_t,
11691 uint8_t[]),
11692 ret);
11693 libcrux_ml_kem_matrix_sample_matrix_A_2b(uu____2, ret, false);
11694 uint8_t uu____3[32U];
11695 libcrux_ml_kem_hash_functions_portable_H_4a_e0(
11696 Eurydice_array_to_slice((size_t)1184U,
11697 libcrux_ml_kem_types_as_slice_e6_d0(public_key),
11698 uint8_t),
11699 uu____3);
11700 memcpy(unpacked_public_key->public_key_hash, uu____3,
11701 (size_t)32U * sizeof(uint8_t));
11702 }
11703
11704 /**
11705 Get the unpacked public key.
11706 */
11707 /**
11708 A monomorphic instance of
11709 libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.unpack_public_key with
11710 const generics
11711 - K= 3
11712 - T_AS_NTT_ENCODED_SIZE= 1152
11713 - PUBLIC_KEY_SIZE= 1184
11714 */
11715 static KRML_MUSTINLINE void
libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_31(libcrux_ml_kem_types_MlKemPublicKey_30 * public_key,libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * unpacked_public_key)11716 libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_31(
11717 libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
11718 libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
11719 *unpacked_public_key) {
11720 libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_0a(public_key,
11721 unpacked_public_key);
11722 }
11723
11724 /**
11725 Get the unpacked public key.
11726 */
11727 static inline void
libcrux_ml_kem_mlkem768_portable_unpacked_unpacked_public_key(libcrux_ml_kem_types_MlKemPublicKey_30 * public_key,libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * unpacked_public_key)11728 libcrux_ml_kem_mlkem768_portable_unpacked_unpacked_public_key(
11729 libcrux_ml_kem_types_MlKemPublicKey_30 *public_key,
11730 libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
11731 *unpacked_public_key) {
11732 libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_31(
11733 public_key, unpacked_public_key);
11734 }
11735
11736 #if defined(__cplusplus)
11737 }
11738 #endif
11739
11740 #define libcrux_mlkem768_portable_H_DEFINED
11741 #endif /* libcrux_mlkem768_portable_H */
11742
11743
11744 /* rename some types to be a bit more ergonomic */
11745 #define libcrux_mlkem768_keypair libcrux_ml_kem_mlkem768_MlKem768KeyPair_s
11746 #define libcrux_mlkem768_pk libcrux_ml_kem_types_MlKemPublicKey_30_s
11747 #define libcrux_mlkem768_sk libcrux_ml_kem_types_MlKemPrivateKey_d9_s
11748 #define libcrux_mlkem768_ciphertext libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s
11749 #define libcrux_mlkem768_enc_result tuple_c2_s
11750 /* defines for PRNG inputs */
11751 #define LIBCRUX_ML_KEM_KEY_PAIR_PRNG_LEN 64U
11752 #define LIBCRUX_ML_KEM_ENC_PRNG_LEN 32
11753