/* $OpenBSD: libcrux_mlkem768_sha3.h,v 1.4 2025/11/13 05:13:06 djm Exp $ */ /* Extracted from libcrux revision 026a87ab6d88ad3626b9fbbf3710d1e0483c1849 */ /* * MIT License * * Copyright (c) 2024 Cryspen * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in all * copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ #include "config.h" #include "libssh/mlkem_native.h" #include "libssh/priv.h" #if !defined(__GNUC__) || (__GNUC__ < 2) # define __attribute__(x) #endif #define KRML_MUSTINLINE inline #define KRML_NOINLINE __attribute__((noinline, unused)) #define KRML_HOST_EPRINTF(...) #define KRML_HOST_EXIT(x) do { \ SSH_LOG(SSH_LOG_WARNING, "internal error"); \ exit(x); \ } while (0) static inline void store64_le(uint8_t dst[8], uint64_t src) { dst[0] = src & 0xff; dst[1] = (src >> 8) & 0xff; dst[2] = (src >> 16) & 0xff; dst[3] = (src >> 24) & 0xff; dst[4] = (src >> 32) & 0xff; dst[5] = (src >> 40) & 0xff; dst[6] = (src >> 48) & 0xff; dst[7] = (src >> 56) & 0xff; } static inline uint64_t load64_le(uint8_t src[8]) { return (uint64_t)(src[0]) | ((uint64_t)(src[1]) << 8) | ((uint64_t)(src[2]) << 16) | ((uint64_t)(src[3]) << 24) | ((uint64_t)(src[4]) << 32) | ((uint64_t)(src[5]) << 40) | ((uint64_t)(src[6]) << 48) | ((uint64_t)(src[7]) << 56); } #ifdef MISSING_BUILTIN_POPCOUNT static inline unsigned int __builtin_popcount(unsigned int num) { const int v[16] = { 0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4 }; return v[num & 0xf] + v[(num >> 4) & 0xf]; } #endif /* from libcrux/libcrux-ml-kem/extracts/c_header_only/generated/eurydice_glue.h */ #ifdef _MSC_VER // For __popcnt #endif // C++ HELPERS #if defined(__cplusplus) #ifndef KRML_HOST_EPRINTF #define KRML_HOST_EPRINTF(...) fprintf(stderr, __VA_ARGS__) #endif #ifndef __cpp_lib_type_identity template struct type_identity { using type = T; }; template using type_identity_t = typename type_identity::type; #else using std::type_identity_t; #endif #define KRML_UNION_CONSTRUCTOR(T) \ template \ constexpr T(int t, V U::*m, type_identity_t v) : tag(t) { \ val.*m = std::move(v); \ } \ T() = default; #endif // GENERAL-PURPOSE STUFF #define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) #define EURYDICE_ASSERT(test, msg) \ do { \ if (!(test)) { \ fprintf(stderr, "assertion \"%s\" failed: file \"%s\", line %d\n", msg, \ __FILE__, __LINE__); \ exit(255); \ } \ } while (0) // SLICES, ARRAYS, ETC. // We represent a slice as a pair of an (untyped) pointer, along with the length // of the slice, i.e. the number of elements in the slice (this is NOT the // number of bytes). This design choice has two important consequences. // - if you need to use `ptr`, you MUST cast it to a proper type *before* // performing pointer arithmetic on it (remember that C desugars pointer // arithmetic based on the type of the address) // - if you need to use `len` for a C style function (e.g. memcpy, memcmp), you // need to multiply it by sizeof t, where t is the type of the elements. // // Empty slices have `len == 0` and `ptr` always needs to be a valid pointer // that is not NULL (otherwise the construction in EURYDICE_SLICE computes `NULL // + start`). typedef struct { void *ptr; size_t len; } Eurydice_slice; #if defined(__cplusplus) #define KRML_CLITERAL(type) type #else #define KRML_CLITERAL(type) (type) #endif #if defined(__cplusplus) && defined(__cpp_designated_initializers) || \ !(defined(__cplusplus)) #define EURYDICE_CFIELD(X) X #else #define EURYDICE_CFIELD(X) #endif // Helper macro to create a slice out of a pointer x, a start index in x // (included), and an end index in x (excluded). The argument x must be suitably // cast to something that can decay (see remark above about how pointer // arithmetic works in C), meaning either pointer or array type. #define EURYDICE_SLICE(x, start, end) \ (KRML_CLITERAL(Eurydice_slice){(void *)(x + start), end - start}) // Slice length #define EURYDICE_SLICE_LEN(s, _) (s).len #define Eurydice_slice_len(s, _) (s).len // This macro is a pain because in case the dereferenced element type is an // array, you cannot simply write `t x` as it would yield `int[4] x` instead, // which is NOT correct C syntax, so we add a dedicated phase in Eurydice that // adds an extra argument to this macro at the last minute so that we have the // correct type of *pointers* to elements. #define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i]) // The following functions get sub slices from a slice. #define Eurydice_slice_subslice(s, r, t, _0, _1) \ EURYDICE_SLICE((t *)s.ptr, r.start, r.end) // Variant for when the start and end indices are statically known (i.e., the // range argument `r` is a literal). #define Eurydice_slice_subslice2(s, start, end, t) \ EURYDICE_SLICE((t *)s.ptr, (start), (end)) // Previous version above does not work when t is an array type (as usual). Will // be deprecated soon. #define Eurydice_slice_subslice3(s, start, end, t_ptr) \ EURYDICE_SLICE((t_ptr)s.ptr, (start), (end)) #define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _0, _1) \ EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos) #define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _0, _1) \ EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len) #define Eurydice_array_to_slice(end, x, t) \ EURYDICE_SLICE(x, 0, \ end) /* x is already at an array type, no need for cast */ #define Eurydice_array_to_subslice(_arraylen, x, r, t, _0, _1) \ EURYDICE_SLICE((t *)x, r.start, r.end) // Same as above, variant for when start and end are statically known #define Eurydice_array_to_subslice2(x, start, end, t) \ EURYDICE_SLICE((t *)x, (start), (end)) // Same as above, variant for when start and end are statically known #define Eurydice_array_to_subslice3(x, start, end, t_ptr) \ EURYDICE_SLICE((t_ptr)x, (start), (end)) #define Eurydice_array_repeat(dst, len, init, t) \ ERROR "should've been desugared" // The following functions convert an array into a slice. #define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _0) \ EURYDICE_SLICE((t *)x, 0, r) #define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _0) \ EURYDICE_SLICE((t *)x, r, size) // Copy a slice with memcopy #define Eurydice_slice_copy(dst, src, t) \ memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) #define core_array___Array_T__N___as_slice(len_, ptr_, t, _ret_t) \ KRML_CLITERAL(Eurydice_slice) { ptr_, len_ } #define core_array__core__clone__Clone_for__Array_T__N___clone( \ len, src, dst, elem_type, _ret_t) \ (memcpy(dst, src, len * sizeof(elem_type))) #define TryFromSliceError uint8_t #define core_array_TryFromSliceError uint8_t #define Eurydice_array_eq(sz, a1, a2, t) (memcmp(a1, a2, sz * sizeof(t)) == 0) // core::cmp::PartialEq<&0 (@Slice)> for @Array #define Eurydice_array_eq_slice(sz, a1, s2, t, _) \ (memcmp(a1, (s2)->ptr, sz * sizeof(t)) == 0) #define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ sz, a1, a2, t, _, _ret_t) \ Eurydice_array_eq(sz, a1, a2, t, _) #define core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( \ sz, a1, a2, t, _, _ret_t) \ Eurydice_array_eq(sz, a1, ((a2)->ptr), t, _) #define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ KRML_CLITERAL(ret_t) { \ EURYDICE_CFIELD(.fst =) \ EURYDICE_SLICE((element_type *)(slice).ptr, 0, mid), \ EURYDICE_CFIELD(.snd =) \ EURYDICE_SLICE((element_type *)(slice).ptr, mid, (slice).len) \ } #define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \ KRML_CLITERAL(ret_t) { \ EURYDICE_CFIELD(.fst =) \ KRML_CLITERAL(Eurydice_slice){EURYDICE_CFIELD(.ptr =)(slice.ptr), \ EURYDICE_CFIELD(.len =) mid}, \ EURYDICE_CFIELD(.snd =) KRML_CLITERAL(Eurydice_slice) { \ EURYDICE_CFIELD(.ptr =) \ ((char *)slice.ptr + mid * sizeof(element_type)), \ EURYDICE_CFIELD(.len =)(slice.len - mid) \ } \ } // Conversion of slice to an array, rewritten (by Eurydice) to name the // destination array, since arrays are not values in C. // N.B.: see note in karamel/lib/Inlining.ml if you change this. #define Eurydice_slice_to_array2(dst, src, _0, t_arr, _1) \ Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ sizeof(t_arr)) static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, char *dst_ok, Eurydice_slice src, size_t sz) { *dst_tag = 0; memcpy(dst_ok, src.ptr, sz); } // SUPPORT FOR DSTs (Dynamically-Sized Types) // A DST is a fat pointer that keeps tracks of the size of it flexible array // member. Slices are a specific case of DSTs, where [T; N] implements // Unsize<[T]>, meaning an array of statically known size can be converted to a // fat pointer, i.e. a slice. // // Unlike slices, DSTs have a built-in definition that gets monomorphized, of // the form: // // typedef struct { // T *ptr; // size_t len; // number of elements // } Eurydice_dst; // // Furthermore, T = T0<[U0]> where `struct T0`, where the `U` is the // last field. This means that there are two monomorphizations of T0 in the // program. One is `T0<[V; N]>` // -- this is directly converted to a Eurydice_dst via suitable codegen (no // macro). The other is `T = T0<[U]>`, where `[U]` gets emitted to // `Eurydice_derefed_slice`, a type that only appears in that precise situation // and is thus defined to give rise to a flexible array member. typedef char Eurydice_derefed_slice[]; #define Eurydice_slice_of_dst(fam_ptr, len_, t, _) \ ((Eurydice_slice){.ptr = (void *)(fam_ptr), .len = len_}) #define Eurydice_slice_of_boxed_array(ptr_, len_, t, _) \ ((Eurydice_slice){.ptr = (void *)(ptr_), .len = len_}) // CORE STUFF (conversions, endianness, ...) // We slap extern "C" on declarations that intend to implement a prototype // generated by Eurydice, because Eurydice prototypes are always emitted within // an extern "C" block, UNLESS you use -fcxx17-compat, in which case, you must // pass -DKRML_CXX17_COMPAT="" to your C++ compiler. #if defined(__cplusplus) && !defined(KRML_CXX17_COMPAT) extern "C" { #endif static inline void core_num__u64__to_le_bytes(uint64_t v, uint8_t buf[8]) { store64_le(buf, v); } static inline uint64_t core_num__u64__from_le_bytes(uint8_t buf[8]) { return load64_le(buf); } // unsigned overflow wraparound semantics in C static inline uint16_t core_num__u16__wrapping_add(uint16_t x, uint16_t y) { return x + y; } static inline uint8_t core_num__u8__wrapping_sub(uint8_t x, uint8_t y) { return x - y; } static inline uint64_t core_num__u64__rotate_left(uint64_t x0, uint32_t x1) { return (x0 << x1 | x0 >> (64 - x1)); } #if defined(__cplusplus) && !defined(KRML_CXX17_COMPAT) } #endif // ITERATORS #define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ (((iter_ptr)->start >= (iter_ptr)->end) \ ? (KRML_CLITERAL(ret_t){EURYDICE_CFIELD(.tag =) 0, \ EURYDICE_CFIELD(.f0 =) 0}) \ : (KRML_CLITERAL(ret_t){EURYDICE_CFIELD(.tag =) 1, \ EURYDICE_CFIELD(.f0 =)(iter_ptr)->start++})) #define core_iter_range___core__iter__traits__iterator__Iterator_A__for_core__ops__range__Range_A__TraitClause_0___6__next \ Eurydice_range_iter_next // See note in karamel/lib/Inlining.ml if you change this #define Eurydice_into_iter(x, t, _ret_t, _) (x) #define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_Clause1_Item__I__for_I__1__into_iter \ Eurydice_into_iter typedef struct { Eurydice_slice s; size_t index; } Eurydice_slice_iterator; #define core_slice___Slice_T___iter(x, t, _ret_t) \ ((Eurydice_slice_iterator){.s = x, .index = 0}) #define core_slice_iter_Iter Eurydice_slice_iterator #define core_slice_iter__core__slice__iter__Iter__a__T__181__next(iter, t, \ ret_t) \ (((iter)->index == (iter)->s.len) \ ? (KRML_CLITERAL(ret_t){.tag = core_option_None}) \ : (KRML_CLITERAL(ret_t){ \ .tag = core_option_Some, \ .f0 = ((iter)->index++, \ &((t *)((iter)->s.ptr))[(iter)->index - 1])})) #define core_option__core__option__Option_T__TraitClause_0___is_some(X, _0, \ _1) \ ((X)->tag == 1) // STRINGS typedef const char *Prims_string; // MISC (UNTESTED) typedef void *core_fmt_Formatter; typedef void *core_fmt_Arguments; typedef void *core_fmt_rt_Argument; #define core_fmt_rt__core__fmt__rt__Argument__a__1__new_display(x1, x2, x3, \ x4) \ NULL // BOXES /* from libcrux/libcrux-ml-kem/extracts/c_header_only/generated/libcrux_mlkem_core.h */ /* * SPDX-FileCopyrightText: 2025 Cryspen Sarl * * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: * Charon: 667d2fc98984ff7f3df989c2367e6c1fa4a000e7 * Eurydice: 2381cbc416ef2ad0b561c362c500bc84f36b6785 * Karamel: 80f5435f2fc505973c469a4afcc8d875cddd0d8b * F*: 71d8221589d4d438af3706d89cb653cf53e18aab * Libcrux: 68dfed5a4a9e40277f62828471c029afed1ecdcc */ #ifndef libcrux_mlkem_core_H #define libcrux_mlkem_core_H #if defined(__cplusplus) extern "C" { #endif /** A monomorphic instance of core.ops.range.Range with types size_t */ typedef struct core_ops_range_Range_08_s { size_t start; size_t end; } core_ops_range_Range_08; static inline uint16_t core_num__u16__wrapping_add(uint16_t x0, uint16_t x1); static inline uint64_t core_num__u64__from_le_bytes(uint8_t x0[8U]); static inline uint64_t core_num__u64__rotate_left(uint64_t x0, uint32_t x1); static inline void core_num__u64__to_le_bytes(uint64_t x0, uint8_t x1[8U]); static inline uint8_t core_num__u8__wrapping_sub(uint8_t x0, uint8_t x1); #define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) #define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT ((size_t)12U) #define LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT ((size_t)256U) #define LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT \ (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)12U) #define LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT \ (LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) #define LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE ((size_t)32U) #define LIBCRUX_ML_KEM_CONSTANTS_G_DIGEST_SIZE ((size_t)64U) #define LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE ((size_t)32U) /** K * BITS_PER_RING_ELEMENT / 8 [eurydice] Note that we can't use const generics here because that breaks C extraction with eurydice. */ static inline size_t libcrux_ml_kem_constants_ranked_bytes_per_ring_element( size_t rank) { return rank * LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U; } /** This function found in impl {libcrux_secrets::traits::Classify for T} */ /** A monomorphic instance of libcrux_secrets.int.public_integers.classify_27 with types uint8_t */ static KRML_MUSTINLINE uint8_t libcrux_secrets_int_public_integers_classify_27_90(uint8_t self) { return self; } /** This function found in impl {libcrux_secrets::traits::Declassify for T} */ /** A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 with types int16_t */ static KRML_MUSTINLINE int16_t libcrux_secrets_int_public_integers_declassify_d8_39(int16_t self) { return self; } /** This function found in impl {libcrux_secrets::int::CastOps for i16} */ static KRML_MUSTINLINE uint8_t libcrux_secrets_int_as_u8_f5(int16_t self) { return libcrux_secrets_int_public_integers_classify_27_90( (uint8_t)libcrux_secrets_int_public_integers_declassify_d8_39(self)); } /** This function found in impl {libcrux_secrets::traits::Classify for T} */ /** A monomorphic instance of libcrux_secrets.int.public_integers.classify_27 with types int16_t */ static KRML_MUSTINLINE int16_t libcrux_secrets_int_public_integers_classify_27_39(int16_t self) { return self; } /** This function found in impl {libcrux_secrets::traits::Declassify for T} */ /** A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 with types uint8_t */ static KRML_MUSTINLINE uint8_t libcrux_secrets_int_public_integers_declassify_d8_90(uint8_t self) { return self; } /** This function found in impl {libcrux_secrets::int::CastOps for u8} */ static KRML_MUSTINLINE int16_t libcrux_secrets_int_as_i16_59(uint8_t self) { return libcrux_secrets_int_public_integers_classify_27_39( (int16_t)libcrux_secrets_int_public_integers_declassify_d8_90(self)); } /** This function found in impl {libcrux_secrets::traits::Classify for T} */ /** A monomorphic instance of libcrux_secrets.int.public_integers.classify_27 with types int32_t */ static KRML_MUSTINLINE int32_t libcrux_secrets_int_public_integers_classify_27_a8(int32_t self) { return self; } /** This function found in impl {libcrux_secrets::int::CastOps for i16} */ static KRML_MUSTINLINE int32_t libcrux_secrets_int_as_i32_f5(int16_t self) { return libcrux_secrets_int_public_integers_classify_27_a8( (int32_t)libcrux_secrets_int_public_integers_declassify_d8_39(self)); } /** This function found in impl {libcrux_secrets::traits::Declassify for T} */ /** A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 with types int32_t */ static KRML_MUSTINLINE int32_t libcrux_secrets_int_public_integers_declassify_d8_a8(int32_t self) { return self; } /** This function found in impl {libcrux_secrets::int::CastOps for i32} */ static KRML_MUSTINLINE int16_t libcrux_secrets_int_as_i16_36(int32_t self) { return libcrux_secrets_int_public_integers_classify_27_39( (int16_t)libcrux_secrets_int_public_integers_declassify_d8_a8(self)); } /** This function found in impl {libcrux_secrets::traits::Declassify for T} */ /** A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 with types uint32_t */ static KRML_MUSTINLINE uint32_t libcrux_secrets_int_public_integers_declassify_d8_df(uint32_t self) { return self; } /** This function found in impl {libcrux_secrets::int::CastOps for u32} */ static KRML_MUSTINLINE int32_t libcrux_secrets_int_as_i32_b8(uint32_t self) { return libcrux_secrets_int_public_integers_classify_27_a8( (int32_t)libcrux_secrets_int_public_integers_declassify_d8_df(self)); } /** This function found in impl {libcrux_secrets::traits::Classify for T} */ /** A monomorphic instance of libcrux_secrets.int.public_integers.classify_27 with types uint16_t */ static KRML_MUSTINLINE uint16_t libcrux_secrets_int_public_integers_classify_27_de(uint16_t self) { return self; } /** This function found in impl {libcrux_secrets::int::CastOps for i16} */ static KRML_MUSTINLINE uint16_t libcrux_secrets_int_as_u16_f5(int16_t self) { return libcrux_secrets_int_public_integers_classify_27_de( (uint16_t)libcrux_secrets_int_public_integers_declassify_d8_39(self)); } /** This function found in impl {libcrux_secrets::traits::Declassify for T} */ /** A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 with types uint16_t */ static KRML_MUSTINLINE uint16_t libcrux_secrets_int_public_integers_declassify_d8_de(uint16_t self) { return self; } /** This function found in impl {libcrux_secrets::int::CastOps for u16} */ static KRML_MUSTINLINE int16_t libcrux_secrets_int_as_i16_ca(uint16_t self) { return libcrux_secrets_int_public_integers_classify_27_39( (int16_t)libcrux_secrets_int_public_integers_declassify_d8_de(self)); } /** This function found in impl {libcrux_secrets::traits::Classify for T} */ /** A monomorphic instance of libcrux_secrets.int.public_integers.classify_27 with types uint64_t */ static KRML_MUSTINLINE uint64_t libcrux_secrets_int_public_integers_classify_27_49(uint64_t self) { return self; } /** This function found in impl {libcrux_secrets::int::CastOps for u16} */ static KRML_MUSTINLINE uint64_t libcrux_secrets_int_as_u64_ca(uint16_t self) { return libcrux_secrets_int_public_integers_classify_27_49( (uint64_t)libcrux_secrets_int_public_integers_declassify_d8_de(self)); } /** This function found in impl {libcrux_secrets::traits::Classify for T} */ /** A monomorphic instance of libcrux_secrets.int.public_integers.classify_27 with types uint32_t */ static KRML_MUSTINLINE uint32_t libcrux_secrets_int_public_integers_classify_27_df(uint32_t self) { return self; } /** This function found in impl {libcrux_secrets::traits::Declassify for T} */ /** A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 with types uint64_t */ static KRML_MUSTINLINE uint64_t libcrux_secrets_int_public_integers_declassify_d8_49(uint64_t self) { return self; } /** This function found in impl {libcrux_secrets::int::CastOps for u64} */ static KRML_MUSTINLINE uint32_t libcrux_secrets_int_as_u32_a3(uint64_t self) { return libcrux_secrets_int_public_integers_classify_27_df( (uint32_t)libcrux_secrets_int_public_integers_declassify_d8_49(self)); } /** This function found in impl {libcrux_secrets::int::CastOps for u32} */ static KRML_MUSTINLINE int16_t libcrux_secrets_int_as_i16_b8(uint32_t self) { return libcrux_secrets_int_public_integers_classify_27_39( (int16_t)libcrux_secrets_int_public_integers_declassify_d8_df(self)); } /** This function found in impl {libcrux_secrets::int::CastOps for i16} */ static KRML_MUSTINLINE int16_t libcrux_secrets_int_as_i16_f5(int16_t self) { return libcrux_secrets_int_public_integers_classify_27_39( libcrux_secrets_int_public_integers_declassify_d8_39(self)); } typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { uint8_t fst[1152U]; uint8_t snd[1184U]; } libcrux_ml_kem_utils_extraction_helper_Keypair768; #define Ok 0 #define Err 1 typedef uint8_t Result_b2_tags; /** This function found in impl {core::convert::From<@Array> for libcrux_ml_kem::types::MlKemPublicKey} */ /** A monomorphic instance of libcrux_ml_kem.types.from_fd with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_30 libcrux_ml_kem_types_from_fd_d0(uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_30 lit; memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t)); return lit; } /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} */ /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_74(libcrux_ml_kem_types_MlKemPrivateKey_d9 sk, libcrux_ml_kem_types_MlKemPublicKey_30 pk) { return (KRML_CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); } /** This function found in impl {core::convert::From<@Array> for libcrux_ml_kem::types::MlKemPrivateKey} */ /** A monomorphic instance of libcrux_ml_kem.types.from_77 with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_d9 libcrux_ml_kem_types_from_77_28(uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_d9 lit; memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t)); return lit; } /** A monomorphic instance of core.result.Result with types uint8_t[32size_t], core_array_TryFromSliceError */ typedef struct Result_fb_s { Result_b2_tags tag; union { uint8_t case_Ok[32U]; TryFromSliceError case_Err; } val; } Result_fb; /** This function found in impl {core::result::Result[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of core.result.unwrap_26 with types uint8_t[32size_t], core_array_TryFromSliceError */ static inline void unwrap_26_b3(Result_fb self, uint8_t ret[32U]) { if (self.tag == Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); memcpy(ret, f0, (size_t)32U * sizeof(uint8_t)); } else { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); KRML_HOST_EXIT(255U); } } /** This function found in impl {core::convert::From<@Array> for libcrux_ml_kem::types::MlKemCiphertext} */ /** A monomorphic instance of libcrux_ml_kem.types.from_e0 with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_e0_80(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; memcpy(lit.value, copy_of_value, (size_t)1088U * sizeof(uint8_t)); return lit; } /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey} */ /** A monomorphic instance of libcrux_ml_kem.types.as_slice_e6 with const generics - SIZE= 1184 */ static inline uint8_t *libcrux_ml_kem_types_as_slice_e6_d0( libcrux_ml_kem_types_MlKemPublicKey_30 *self) { return self->value; } /** This function found in impl {libcrux_ml_kem::types::MlKemCiphertext} */ /** A monomorphic instance of libcrux_ml_kem.types.as_slice_a9 with const generics - SIZE= 1088 */ static inline uint8_t *libcrux_ml_kem_types_as_slice_a9_80( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } /** A monomorphic instance of libcrux_ml_kem.utils.prf_input_inc with const generics - K= 3 */ static KRML_MUSTINLINE uint8_t libcrux_ml_kem_utils_prf_input_inc_e0( uint8_t (*prf_inputs)[33U], uint8_t domain_separator) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U; } return domain_separator; } /** Pad the `slice` with `0`s at the end. */ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_c8( Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; Eurydice_slice_copy( Eurydice_array_to_subslice3( uu____0, (size_t)0U, Eurydice_slice_len(slice, uint8_t), uint8_t *), slice, uint8_t); memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } /** Pad the `slice` with `0`s at the end. */ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_b6( Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; Eurydice_slice_copy( Eurydice_array_to_subslice3( uu____0, (size_t)0U, Eurydice_slice_len(slice, uint8_t), uint8_t *), slice, uint8_t); memcpy(ret, out, (size_t)34U * sizeof(uint8_t)); } /** This function found in impl {core::convert::AsRef<@Slice> for libcrux_ml_kem::types::MlKemCiphertext} */ /** A monomorphic instance of libcrux_ml_kem.types.as_ref_d3 with const generics - SIZE= 1088 */ static inline Eurydice_slice libcrux_ml_kem_types_as_ref_d3_80( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } /** Pad the `slice` with `0`s at the end. */ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_15( Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; Eurydice_slice_copy( Eurydice_array_to_subslice3( uu____0, (size_t)0U, Eurydice_slice_len(slice, uint8_t), uint8_t *), slice, uint8_t); memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } /** Pad the `slice` with `0`s at the end. */ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_24( Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; Eurydice_slice_copy( Eurydice_array_to_subslice3( uu____0, (size_t)0U, Eurydice_slice_len(slice, uint8_t), uint8_t *), slice, uint8_t); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } typedef struct Eurydice_slice_uint8_t_x4_s { Eurydice_slice fst; Eurydice_slice snd; Eurydice_slice thd; Eurydice_slice f3; } Eurydice_slice_uint8_t_x4; typedef struct Eurydice_slice_uint8_t_x2_s { Eurydice_slice fst; Eurydice_slice snd; } Eurydice_slice_uint8_t_x2; /** Unpack an incoming private key into it's different parts. We have this here in types to extract into a common core for C. */ /** A monomorphic instance of libcrux_ml_kem.types.unpack_private_key with const generics - CPA_SECRET_KEY_SIZE= 1152 - PUBLIC_KEY_SIZE= 1184 */ static inline Eurydice_slice_uint8_t_x4 libcrux_ml_kem_types_unpack_private_key_b4(Eurydice_slice private_key) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( private_key, (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; return ( KRML_CLITERAL(Eurydice_slice_uint8_t_x4){.fst = ind_cpa_secret_key, .snd = ind_cpa_public_key, .thd = ind_cpa_public_key_hash, .f3 = implicit_rejection_value}); } /** This function found in impl {libcrux_secrets::traits::Declassify for T} */ /** A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 with types uint8_t[24size_t] */ static KRML_MUSTINLINE void libcrux_secrets_int_public_integers_declassify_d8_d2(uint8_t self[24U], uint8_t ret[24U]) { memcpy(ret, self, (size_t)24U * sizeof(uint8_t)); } /** This function found in impl {libcrux_secrets::traits::Declassify for T} */ /** A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 with types uint8_t[20size_t] */ static KRML_MUSTINLINE void libcrux_secrets_int_public_integers_declassify_d8_57(uint8_t self[20U], uint8_t ret[20U]) { memcpy(ret, self, (size_t)20U * sizeof(uint8_t)); } /** This function found in impl {libcrux_secrets::traits::Declassify for T} */ /** A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 with types uint8_t[8size_t] */ static KRML_MUSTINLINE void libcrux_secrets_int_public_integers_declassify_d8_76(uint8_t self[8U], uint8_t ret[8U]) { memcpy(ret, self, (size_t)8U * sizeof(uint8_t)); } /** This function found in impl {libcrux_secrets::traits::Declassify for T} */ /** A monomorphic instance of libcrux_secrets.int.public_integers.declassify_d8 with types uint8_t[2size_t] */ static KRML_MUSTINLINE void libcrux_secrets_int_public_integers_declassify_d8_d4(uint8_t self[2U], uint8_t ret[2U]) { memcpy(ret, self, (size_t)2U * sizeof(uint8_t)); } /** This function found in impl {libcrux_secrets::traits::Classify for T} */ /** A monomorphic instance of libcrux_secrets.int.public_integers.classify_27 with types int16_t[16size_t] */ static KRML_MUSTINLINE void libcrux_secrets_int_public_integers_classify_27_46( int16_t self[16U], int16_t ret[16U]) { memcpy(ret, self, (size_t)16U * sizeof(int16_t)); } /** This function found in impl {libcrux_secrets::traits::ClassifyRef<&'a (@Slice)> for &'a (@Slice)} */ /** A monomorphic instance of libcrux_secrets.int.classify_public.classify_ref_9b with types uint8_t */ static KRML_MUSTINLINE Eurydice_slice libcrux_secrets_int_classify_public_classify_ref_9b_90(Eurydice_slice self) { return self; } /** This function found in impl {libcrux_secrets::traits::ClassifyRef<&'a (@Slice)> for &'a (@Slice)} */ /** A monomorphic instance of libcrux_secrets.int.classify_public.classify_ref_9b with types int16_t */ static KRML_MUSTINLINE Eurydice_slice libcrux_secrets_int_classify_public_classify_ref_9b_39(Eurydice_slice self) { return self; } /** A monomorphic instance of core.result.Result with types int16_t[16size_t], core_array_TryFromSliceError */ typedef struct Result_0a_s { Result_b2_tags tag; union { int16_t case_Ok[16U]; TryFromSliceError case_Err; } val; } Result_0a; /** This function found in impl {core::result::Result[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of core.result.unwrap_26 with types int16_t[16size_t], core_array_TryFromSliceError */ static inline void unwrap_26_00(Result_0a self, int16_t ret[16U]) { if (self.tag == Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); memcpy(ret, f0, (size_t)16U * sizeof(int16_t)); } else { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); KRML_HOST_EXIT(255U); } } /** A monomorphic instance of core.result.Result with types uint8_t[8size_t], core_array_TryFromSliceError */ typedef struct Result_15_s { Result_b2_tags tag; union { uint8_t case_Ok[8U]; TryFromSliceError case_Err; } val; } Result_15; /** This function found in impl {core::result::Result[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of core.result.unwrap_26 with types uint8_t[8size_t], core_array_TryFromSliceError */ static inline void unwrap_26_68(Result_15 self, uint8_t ret[8U]) { if (self.tag == Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); memcpy(ret, f0, (size_t)8U * sizeof(uint8_t)); } else { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "unwrap not Ok"); KRML_HOST_EXIT(255U); } } #if defined(__cplusplus) } #endif #define libcrux_mlkem_core_H_DEFINED #endif /* libcrux_mlkem_core_H */ /* from libcrux/libcrux-ml-kem/extracts/c_header_only/generated/libcrux_ct_ops.h */ /* * SPDX-FileCopyrightText: 2025 Cryspen Sarl * * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: * Charon: 667d2fc98984ff7f3df989c2367e6c1fa4a000e7 * Eurydice: 2381cbc416ef2ad0b561c362c500bc84f36b6785 * Karamel: 80f5435f2fc505973c469a4afcc8d875cddd0d8b * F*: 71d8221589d4d438af3706d89cb653cf53e18aab * Libcrux: 68dfed5a4a9e40277f62828471c029afed1ecdcc */ #ifndef libcrux_ct_ops_H #define libcrux_ct_ops_H #if defined(__cplusplus) extern "C" { #endif /** Return 1 if `value` is not zero and 0 otherwise. */ static KRML_NOINLINE uint8_t libcrux_ml_kem_constant_time_ops_inz(uint8_t value) { uint16_t value0 = (uint16_t)value; uint8_t result = (uint8_t)((uint32_t)core_num__u16__wrapping_add(~value0, 1U) >> 8U); return (uint32_t)result & 1U; } static KRML_NOINLINE uint8_t libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value) { return libcrux_ml_kem_constant_time_ops_inz(value); } /** Return 1 if the bytes of `lhs` and `rhs` do not exactly match and 0 otherwise. */ static KRML_NOINLINE uint8_t libcrux_ml_kem_constant_time_ops_compare( Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t); i++) { size_t i0 = i; uint8_t nr = (uint32_t)r | ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) ^ (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *)); r = nr; } return libcrux_ml_kem_constant_time_ops_is_non_zero(r); } static KRML_NOINLINE uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( Eurydice_slice lhs, Eurydice_slice rhs) { return libcrux_ml_kem_constant_time_ops_compare(lhs, rhs); } /** If `selector` is not zero, return the bytes in `rhs`; return the bytes in `lhs` otherwise. */ static KRML_NOINLINE void libcrux_ml_kem_constant_time_ops_select_ct( Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]) { uint8_t mask = core_num__u8__wrapping_sub( libcrux_ml_kem_constant_time_ops_is_non_zero(selector), 1U); uint8_t out[32U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) { size_t i0 = i; uint8_t outi = ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) & (uint32_t)mask) | ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *) & (uint32_t)~mask); out[i0] = outi; } memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } static KRML_NOINLINE void libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]) { libcrux_ml_kem_constant_time_ops_select_ct(lhs, rhs, selector, ret); } static KRML_NOINLINE void libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( Eurydice_slice lhs_c, Eurydice_slice rhs_c, Eurydice_slice lhs_s, Eurydice_slice rhs_s, uint8_t ret[32U]) { uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( lhs_c, rhs_c); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( lhs_s, rhs_s, selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } #if defined(__cplusplus) } #endif #define libcrux_ct_ops_H_DEFINED #endif /* libcrux_ct_ops_H */ /* from libcrux/libcrux-ml-kem/extracts/c_header_only/generated/libcrux_sha3_portable.h */ /* * SPDX-FileCopyrightText: 2025 Cryspen Sarl * * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: * Charon: 667d2fc98984ff7f3df989c2367e6c1fa4a000e7 * Eurydice: 2381cbc416ef2ad0b561c362c500bc84f36b6785 * Karamel: 80f5435f2fc505973c469a4afcc8d875cddd0d8b * F*: 71d8221589d4d438af3706d89cb653cf53e18aab * Libcrux: 68dfed5a4a9e40277f62828471c029afed1ecdcc */ #ifndef libcrux_sha3_portable_H #define libcrux_sha3_portable_H #if defined(__cplusplus) extern "C" { #endif /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_zero_d2(void) { return 0ULL; } static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__veor5q_u64( uint64_t a, uint64_t b, uint64_t c, uint64_t d, uint64_t e) { return (((a ^ b) ^ c) ^ d) ^ e; } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor5_d2( uint64_t a, uint64_t b, uint64_t c, uint64_t d, uint64_t e) { return libcrux_sha3_simd_portable__veor5q_u64(a, b, c, d, e); } /** A monomorphic instance of libcrux_sha3.simd.portable.rotate_left with const generics - LEFT= 1 - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_rotate_left_76(uint64_t x) { return core_num__u64__rotate_left(x, (uint32_t)(int32_t)1); } static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; return uu____0 ^ libcrux_sha3_simd_portable_rotate_left_76(b); } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_rotate_left1_and_xor_d2(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable__vrax1q_u64(a, b); } static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__vbcaxq_u64(uint64_t a, uint64_t b, uint64_t c) { return a ^ (b & ~c); } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_and_not_xor_d2(uint64_t a, uint64_t b, uint64_t c) { return libcrux_sha3_simd_portable__vbcaxq_u64(a, b, c); } static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__veorq_n_u64(uint64_t a, uint64_t c) { return a ^ c; } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_constant_d2(uint64_t a, uint64_t c) { return libcrux_sha3_simd_portable__veorq_n_u64(a, c); } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_d2(uint64_t a, uint64_t b) { return a ^ b; } static const uint64_t libcrux_sha3_generic_keccak_constants_ROUNDCONSTANTS[24U] = { 1ULL, 32898ULL, 9223372036854808714ULL, 9223372039002292224ULL, 32907ULL, 2147483649ULL, 9223372039002292353ULL, 9223372036854808585ULL, 138ULL, 136ULL, 2147516425ULL, 2147483658ULL, 2147516555ULL, 9223372036854775947ULL, 9223372036854808713ULL, 9223372036854808579ULL, 9223372036854808578ULL, 9223372036854775936ULL, 32778ULL, 9223372039002259466ULL, 9223372039002292353ULL, 9223372036854808704ULL, 2147483649ULL, 9223372039002292232ULL}; typedef struct size_t_x2_s { size_t fst; size_t snd; } size_t_x2; /** A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState with types uint64_t with const generics - $1size_t */ typedef struct libcrux_sha3_generic_keccak_KeccakState_17_s { uint64_t st[25U]; } libcrux_sha3_generic_keccak_KeccakState_17; /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_sha3.generic_keccak.new_80 with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_17 libcrux_sha3_generic_keccak_new_80_04(void) { libcrux_sha3_generic_keccak_KeccakState_17 lit; uint64_t repeat_expression[25U]; for (size_t i = (size_t)0U; i < (size_t)25U; i++) { repeat_expression[i] = libcrux_sha3_simd_portable_zero_d2(); } memcpy(lit.st, repeat_expression, (size_t)25U * sizeof(uint64_t)); return lit; } /** A monomorphic instance of libcrux_sha3.traits.get_ij with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE uint64_t *libcrux_sha3_traits_get_ij_04(uint64_t *arr, size_t i, size_t j) { return &arr[(size_t)5U * j + i]; } /** A monomorphic instance of libcrux_sha3.traits.set_ij with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE void libcrux_sha3_traits_set_ij_04(uint64_t *arr, size_t i, size_t j, uint64_t value) { arr[(size_t)5U * j + i] = value; } /** A monomorphic instance of libcrux_sha3.simd.portable.load_block with const generics - RATE= 72 */ static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_block_f8( uint64_t *state, Eurydice_slice blocks, size_t start) { uint64_t state_flat[25U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; size_t offset = start + (size_t)8U * i0; uint8_t uu____0[8U]; Result_15 dst; Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice3(blocks, offset, offset + (size_t)8U, uint8_t *), Eurydice_slice, uint8_t[8U], TryFromSliceError); unwrap_26_68(dst, uu____0); state_flat[i0] = core_num__u64__from_le_bytes(uu____0); } for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; libcrux_sha3_traits_set_ij_04( state, i0 / (size_t)5U, i0 % (size_t)5U, libcrux_sha3_traits_get_ij_04(state, i0 / (size_t)5U, i0 % (size_t)5U)[0U] ^ state_flat[i0]); } } /** This function found in impl {libcrux_sha3::traits::Absorb<1usize> for libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for u64}]} */ /** A monomorphic instance of libcrux_sha3.simd.portable.load_block_a1 with const generics - RATE= 72 */ static inline void libcrux_sha3_simd_portable_load_block_a1_f8( libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input, size_t start) { libcrux_sha3_simd_portable_load_block_f8(self->st, input[0U], start); } /** This function found in impl {core::ops::index::Index<(usize, usize), T> for libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_sha3.generic_keccak.index_c2 with types uint64_t with const generics - N= 1 */ static inline uint64_t *libcrux_sha3_generic_keccak_index_c2_04( libcrux_sha3_generic_keccak_KeccakState_17 *self, size_t_x2 index) { return libcrux_sha3_traits_get_ij_04(self->st, index.fst, index.snd); } /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_sha3.generic_keccak.theta_80 with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_80_04( libcrux_sha3_generic_keccak_KeccakState_17 *self, uint64_t ret[5U]) { uint64_t c[5U] = { libcrux_sha3_simd_portable_xor5_d2( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)0U}))[0U], libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)0U}))[0U], libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)0U}))[0U], libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)0U}))[0U], libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)0U}))[0U]), libcrux_sha3_simd_portable_xor5_d2( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)1U}))[0U], libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)1U}))[0U], libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)1U}))[0U], libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)1U}))[0U], libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)1U}))[0U]), libcrux_sha3_simd_portable_xor5_d2( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)2U}))[0U], libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)2U}))[0U], libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)2U}))[0U], libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)2U}))[0U], libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)2U}))[0U]), libcrux_sha3_simd_portable_xor5_d2( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)3U}))[0U], libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)3U}))[0U], libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)3U}))[0U], libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)3U}))[0U], libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)3U}))[0U]), libcrux_sha3_simd_portable_xor5_d2( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)4U}))[0U], libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)4U}))[0U], libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)4U}))[0U], libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)4U}))[0U], libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)4U}))[0U])}; uint64_t uu____0 = libcrux_sha3_simd_portable_rotate_left1_and_xor_d2( c[((size_t)0U + (size_t)4U) % (size_t)5U], c[((size_t)0U + (size_t)1U) % (size_t)5U]); uint64_t uu____1 = libcrux_sha3_simd_portable_rotate_left1_and_xor_d2( c[((size_t)1U + (size_t)4U) % (size_t)5U], c[((size_t)1U + (size_t)1U) % (size_t)5U]); uint64_t uu____2 = libcrux_sha3_simd_portable_rotate_left1_and_xor_d2( c[((size_t)2U + (size_t)4U) % (size_t)5U], c[((size_t)2U + (size_t)1U) % (size_t)5U]); uint64_t uu____3 = libcrux_sha3_simd_portable_rotate_left1_and_xor_d2( c[((size_t)3U + (size_t)4U) % (size_t)5U], c[((size_t)3U + (size_t)1U) % (size_t)5U]); ret[0U] = uu____0; ret[1U] = uu____1; ret[2U] = uu____2; ret[3U] = uu____3; ret[4U] = libcrux_sha3_simd_portable_rotate_left1_and_xor_d2( c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U]); } /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_sha3.generic_keccak.set_80 with types uint64_t with const generics - N= 1 */ static inline void libcrux_sha3_generic_keccak_set_80_04( libcrux_sha3_generic_keccak_KeccakState_17 *self, size_t i, size_t j, uint64_t v) { libcrux_sha3_traits_set_ij_04(self->st, i, j, v); } /** A monomorphic instance of libcrux_sha3.simd.portable.rotate_left with const generics - LEFT= 36 - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_rotate_left_02(uint64_t x) { return core_num__u64__rotate_left(x, (uint32_t)(int32_t)36); } /** A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 with const generics - LEFT= 36 - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__vxarq_u64_02(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable_rotate_left_02(a ^ b); } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ /** A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 with const generics - LEFT= 36 - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_and_rotate_d2_02(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable__vxarq_u64_02(a, b); } /** A monomorphic instance of libcrux_sha3.simd.portable.rotate_left with const generics - LEFT= 3 - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_rotate_left_ac(uint64_t x) { return core_num__u64__rotate_left(x, (uint32_t)(int32_t)3); } /** A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 with const generics - LEFT= 3 - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__vxarq_u64_ac(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable_rotate_left_ac(a ^ b); } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ /** A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 with const generics - LEFT= 3 - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_and_rotate_d2_ac(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable__vxarq_u64_ac(a, b); } /** A monomorphic instance of libcrux_sha3.simd.portable.rotate_left with const generics - LEFT= 41 - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_rotate_left_020(uint64_t x) { return core_num__u64__rotate_left(x, (uint32_t)(int32_t)41); } /** A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 with const generics - LEFT= 41 - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__vxarq_u64_020(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable_rotate_left_020(a ^ b); } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ /** A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 with const generics - LEFT= 41 - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_and_rotate_d2_020(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable__vxarq_u64_020(a, b); } /** A monomorphic instance of libcrux_sha3.simd.portable.rotate_left with const generics - LEFT= 18 - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_rotate_left_a9(uint64_t x) { return core_num__u64__rotate_left(x, (uint32_t)(int32_t)18); } /** A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 with const generics - LEFT= 18 - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__vxarq_u64_a9(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable_rotate_left_a9(a ^ b); } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ /** A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 with const generics - LEFT= 18 - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_and_rotate_d2_a9(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable__vxarq_u64_a9(a, b); } /** A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 with const generics - LEFT= 1 - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__vxarq_u64_76(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable_rotate_left_76(a ^ b); } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ /** A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 with const generics - LEFT= 1 - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_and_rotate_d2_76(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable__vxarq_u64_76(a, b); } /** A monomorphic instance of libcrux_sha3.simd.portable.rotate_left with const generics - LEFT= 44 - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_rotate_left_58(uint64_t x) { return core_num__u64__rotate_left(x, (uint32_t)(int32_t)44); } /** A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 with const generics - LEFT= 44 - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__vxarq_u64_58(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable_rotate_left_58(a ^ b); } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ /** A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 with const generics - LEFT= 44 - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_and_rotate_d2_58(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable__vxarq_u64_58(a, b); } /** A monomorphic instance of libcrux_sha3.simd.portable.rotate_left with const generics - LEFT= 10 - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_rotate_left_e0(uint64_t x) { return core_num__u64__rotate_left(x, (uint32_t)(int32_t)10); } /** A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 with const generics - LEFT= 10 - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__vxarq_u64_e0(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable_rotate_left_e0(a ^ b); } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ /** A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 with const generics - LEFT= 10 - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_and_rotate_d2_e0(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable__vxarq_u64_e0(a, b); } /** A monomorphic instance of libcrux_sha3.simd.portable.rotate_left with const generics - LEFT= 45 - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_rotate_left_63(uint64_t x) { return core_num__u64__rotate_left(x, (uint32_t)(int32_t)45); } /** A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 with const generics - LEFT= 45 - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__vxarq_u64_63(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable_rotate_left_63(a ^ b); } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ /** A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 with const generics - LEFT= 45 - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_and_rotate_d2_63(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable__vxarq_u64_63(a, b); } /** A monomorphic instance of libcrux_sha3.simd.portable.rotate_left with const generics - LEFT= 2 - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_rotate_left_6a(uint64_t x) { return core_num__u64__rotate_left(x, (uint32_t)(int32_t)2); } /** A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 with const generics - LEFT= 2 - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__vxarq_u64_6a(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable_rotate_left_6a(a ^ b); } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ /** A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 with const generics - LEFT= 2 - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_and_rotate_d2_6a(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable__vxarq_u64_6a(a, b); } /** A monomorphic instance of libcrux_sha3.simd.portable.rotate_left with const generics - LEFT= 62 - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_rotate_left_ab(uint64_t x) { return core_num__u64__rotate_left(x, (uint32_t)(int32_t)62); } /** A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 with const generics - LEFT= 62 - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__vxarq_u64_ab(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable_rotate_left_ab(a ^ b); } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ /** A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 with const generics - LEFT= 62 - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_and_rotate_d2_ab(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable__vxarq_u64_ab(a, b); } /** A monomorphic instance of libcrux_sha3.simd.portable.rotate_left with const generics - LEFT= 6 - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_rotate_left_5b(uint64_t x) { return core_num__u64__rotate_left(x, (uint32_t)(int32_t)6); } /** A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 with const generics - LEFT= 6 - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__vxarq_u64_5b(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable_rotate_left_5b(a ^ b); } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ /** A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 with const generics - LEFT= 6 - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_and_rotate_d2_5b(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable__vxarq_u64_5b(a, b); } /** A monomorphic instance of libcrux_sha3.simd.portable.rotate_left with const generics - LEFT= 43 - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_rotate_left_6f(uint64_t x) { return core_num__u64__rotate_left(x, (uint32_t)(int32_t)43); } /** A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 with const generics - LEFT= 43 - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__vxarq_u64_6f(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable_rotate_left_6f(a ^ b); } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ /** A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 with const generics - LEFT= 43 - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_and_rotate_d2_6f(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable__vxarq_u64_6f(a, b); } /** A monomorphic instance of libcrux_sha3.simd.portable.rotate_left with const generics - LEFT= 15 - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_rotate_left_62(uint64_t x) { return core_num__u64__rotate_left(x, (uint32_t)(int32_t)15); } /** A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 with const generics - LEFT= 15 - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__vxarq_u64_62(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable_rotate_left_62(a ^ b); } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ /** A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 with const generics - LEFT= 15 - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_and_rotate_d2_62(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable__vxarq_u64_62(a, b); } /** A monomorphic instance of libcrux_sha3.simd.portable.rotate_left with const generics - LEFT= 61 - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_rotate_left_23(uint64_t x) { return core_num__u64__rotate_left(x, (uint32_t)(int32_t)61); } /** A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 with const generics - LEFT= 61 - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__vxarq_u64_23(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable_rotate_left_23(a ^ b); } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ /** A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 with const generics - LEFT= 61 - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_and_rotate_d2_23(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable__vxarq_u64_23(a, b); } /** A monomorphic instance of libcrux_sha3.simd.portable.rotate_left with const generics - LEFT= 28 - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_rotate_left_37(uint64_t x) { return core_num__u64__rotate_left(x, (uint32_t)(int32_t)28); } /** A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 with const generics - LEFT= 28 - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__vxarq_u64_37(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable_rotate_left_37(a ^ b); } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ /** A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 with const generics - LEFT= 28 - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_and_rotate_d2_37(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable__vxarq_u64_37(a, b); } /** A monomorphic instance of libcrux_sha3.simd.portable.rotate_left with const generics - LEFT= 55 - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_rotate_left_bb(uint64_t x) { return core_num__u64__rotate_left(x, (uint32_t)(int32_t)55); } /** A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 with const generics - LEFT= 55 - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__vxarq_u64_bb(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable_rotate_left_bb(a ^ b); } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ /** A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 with const generics - LEFT= 55 - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_and_rotate_d2_bb(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable__vxarq_u64_bb(a, b); } /** A monomorphic instance of libcrux_sha3.simd.portable.rotate_left with const generics - LEFT= 25 - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_rotate_left_b9(uint64_t x) { return core_num__u64__rotate_left(x, (uint32_t)(int32_t)25); } /** A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 with const generics - LEFT= 25 - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__vxarq_u64_b9(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable_rotate_left_b9(a ^ b); } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ /** A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 with const generics - LEFT= 25 - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_and_rotate_d2_b9(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable__vxarq_u64_b9(a, b); } /** A monomorphic instance of libcrux_sha3.simd.portable.rotate_left with const generics - LEFT= 21 - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_rotate_left_54(uint64_t x) { return core_num__u64__rotate_left(x, (uint32_t)(int32_t)21); } /** A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 with const generics - LEFT= 21 - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__vxarq_u64_54(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable_rotate_left_54(a ^ b); } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ /** A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 with const generics - LEFT= 21 - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_and_rotate_d2_54(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable__vxarq_u64_54(a, b); } /** A monomorphic instance of libcrux_sha3.simd.portable.rotate_left with const generics - LEFT= 56 - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_rotate_left_4c(uint64_t x) { return core_num__u64__rotate_left(x, (uint32_t)(int32_t)56); } /** A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 with const generics - LEFT= 56 - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__vxarq_u64_4c(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable_rotate_left_4c(a ^ b); } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ /** A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 with const generics - LEFT= 56 - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_and_rotate_d2_4c(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable__vxarq_u64_4c(a, b); } /** A monomorphic instance of libcrux_sha3.simd.portable.rotate_left with const generics - LEFT= 27 - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_rotate_left_ce(uint64_t x) { return core_num__u64__rotate_left(x, (uint32_t)(int32_t)27); } /** A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 with const generics - LEFT= 27 - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__vxarq_u64_ce(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable_rotate_left_ce(a ^ b); } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ /** A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 with const generics - LEFT= 27 - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_and_rotate_d2_ce(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable__vxarq_u64_ce(a, b); } /** A monomorphic instance of libcrux_sha3.simd.portable.rotate_left with const generics - LEFT= 20 - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_rotate_left_77(uint64_t x) { return core_num__u64__rotate_left(x, (uint32_t)(int32_t)20); } /** A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 with const generics - LEFT= 20 - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__vxarq_u64_77(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable_rotate_left_77(a ^ b); } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ /** A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 with const generics - LEFT= 20 - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_and_rotate_d2_77(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable__vxarq_u64_77(a, b); } /** A monomorphic instance of libcrux_sha3.simd.portable.rotate_left with const generics - LEFT= 39 - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_rotate_left_25(uint64_t x) { return core_num__u64__rotate_left(x, (uint32_t)(int32_t)39); } /** A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 with const generics - LEFT= 39 - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__vxarq_u64_25(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable_rotate_left_25(a ^ b); } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ /** A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 with const generics - LEFT= 39 - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_and_rotate_d2_25(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable__vxarq_u64_25(a, b); } /** A monomorphic instance of libcrux_sha3.simd.portable.rotate_left with const generics - LEFT= 8 - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_rotate_left_af(uint64_t x) { return core_num__u64__rotate_left(x, (uint32_t)(int32_t)8); } /** A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 with const generics - LEFT= 8 - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__vxarq_u64_af(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable_rotate_left_af(a ^ b); } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ /** A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 with const generics - LEFT= 8 - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_and_rotate_d2_af(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable__vxarq_u64_af(a, b); } /** A monomorphic instance of libcrux_sha3.simd.portable.rotate_left with const generics - LEFT= 14 - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_rotate_left_fd(uint64_t x) { return core_num__u64__rotate_left(x, (uint32_t)(int32_t)14); } /** A monomorphic instance of libcrux_sha3.simd.portable._vxarq_u64 with const generics - LEFT= 14 - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable__vxarq_u64_fd(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable_rotate_left_fd(a ^ b); } /** This function found in impl {libcrux_sha3::traits::KeccakItem<1usize> for u64} */ /** A monomorphic instance of libcrux_sha3.simd.portable.xor_and_rotate_d2 with const generics - LEFT= 14 - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t libcrux_sha3_simd_portable_xor_and_rotate_d2_fd(uint64_t a, uint64_t b) { return libcrux_sha3_simd_portable__vxarq_u64_fd(a, b); } /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_sha3.generic_keccak.rho_80 with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_rho_80_04( libcrux_sha3_generic_keccak_KeccakState_17 *self, uint64_t t[5U]) { libcrux_sha3_generic_keccak_set_80_04( self, (size_t)0U, (size_t)0U, libcrux_sha3_simd_portable_xor_d2( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)0U}))[0U], t[0U])); libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = self; libcrux_sha3_generic_keccak_set_80_04( uu____0, (size_t)1U, (size_t)0U, libcrux_sha3_simd_portable_xor_and_rotate_d2_02( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)0U}))[0U], t[0U])); libcrux_sha3_generic_keccak_KeccakState_17 *uu____1 = self; libcrux_sha3_generic_keccak_set_80_04( uu____1, (size_t)2U, (size_t)0U, libcrux_sha3_simd_portable_xor_and_rotate_d2_ac( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)0U}))[0U], t[0U])); libcrux_sha3_generic_keccak_KeccakState_17 *uu____2 = self; libcrux_sha3_generic_keccak_set_80_04( uu____2, (size_t)3U, (size_t)0U, libcrux_sha3_simd_portable_xor_and_rotate_d2_020( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)0U}))[0U], t[0U])); libcrux_sha3_generic_keccak_KeccakState_17 *uu____3 = self; libcrux_sha3_generic_keccak_set_80_04( uu____3, (size_t)4U, (size_t)0U, libcrux_sha3_simd_portable_xor_and_rotate_d2_a9( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)0U}))[0U], t[0U])); libcrux_sha3_generic_keccak_KeccakState_17 *uu____4 = self; libcrux_sha3_generic_keccak_set_80_04( uu____4, (size_t)0U, (size_t)1U, libcrux_sha3_simd_portable_xor_and_rotate_d2_76( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)1U}))[0U], t[1U])); libcrux_sha3_generic_keccak_KeccakState_17 *uu____5 = self; libcrux_sha3_generic_keccak_set_80_04( uu____5, (size_t)1U, (size_t)1U, libcrux_sha3_simd_portable_xor_and_rotate_d2_58( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)1U}))[0U], t[1U])); libcrux_sha3_generic_keccak_KeccakState_17 *uu____6 = self; libcrux_sha3_generic_keccak_set_80_04( uu____6, (size_t)2U, (size_t)1U, libcrux_sha3_simd_portable_xor_and_rotate_d2_e0( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)1U}))[0U], t[1U])); libcrux_sha3_generic_keccak_KeccakState_17 *uu____7 = self; libcrux_sha3_generic_keccak_set_80_04( uu____7, (size_t)3U, (size_t)1U, libcrux_sha3_simd_portable_xor_and_rotate_d2_63( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)1U}))[0U], t[1U])); libcrux_sha3_generic_keccak_KeccakState_17 *uu____8 = self; libcrux_sha3_generic_keccak_set_80_04( uu____8, (size_t)4U, (size_t)1U, libcrux_sha3_simd_portable_xor_and_rotate_d2_6a( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)1U}))[0U], t[1U])); libcrux_sha3_generic_keccak_KeccakState_17 *uu____9 = self; libcrux_sha3_generic_keccak_set_80_04( uu____9, (size_t)0U, (size_t)2U, libcrux_sha3_simd_portable_xor_and_rotate_d2_ab( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)2U}))[0U], t[2U])); libcrux_sha3_generic_keccak_KeccakState_17 *uu____10 = self; libcrux_sha3_generic_keccak_set_80_04( uu____10, (size_t)1U, (size_t)2U, libcrux_sha3_simd_portable_xor_and_rotate_d2_5b( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)2U}))[0U], t[2U])); libcrux_sha3_generic_keccak_KeccakState_17 *uu____11 = self; libcrux_sha3_generic_keccak_set_80_04( uu____11, (size_t)2U, (size_t)2U, libcrux_sha3_simd_portable_xor_and_rotate_d2_6f( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)2U}))[0U], t[2U])); libcrux_sha3_generic_keccak_KeccakState_17 *uu____12 = self; libcrux_sha3_generic_keccak_set_80_04( uu____12, (size_t)3U, (size_t)2U, libcrux_sha3_simd_portable_xor_and_rotate_d2_62( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)2U}))[0U], t[2U])); libcrux_sha3_generic_keccak_KeccakState_17 *uu____13 = self; libcrux_sha3_generic_keccak_set_80_04( uu____13, (size_t)4U, (size_t)2U, libcrux_sha3_simd_portable_xor_and_rotate_d2_23( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)2U}))[0U], t[2U])); libcrux_sha3_generic_keccak_KeccakState_17 *uu____14 = self; libcrux_sha3_generic_keccak_set_80_04( uu____14, (size_t)0U, (size_t)3U, libcrux_sha3_simd_portable_xor_and_rotate_d2_37( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)3U}))[0U], t[3U])); libcrux_sha3_generic_keccak_KeccakState_17 *uu____15 = self; libcrux_sha3_generic_keccak_set_80_04( uu____15, (size_t)1U, (size_t)3U, libcrux_sha3_simd_portable_xor_and_rotate_d2_bb( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)3U}))[0U], t[3U])); libcrux_sha3_generic_keccak_KeccakState_17 *uu____16 = self; libcrux_sha3_generic_keccak_set_80_04( uu____16, (size_t)2U, (size_t)3U, libcrux_sha3_simd_portable_xor_and_rotate_d2_b9( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)3U}))[0U], t[3U])); libcrux_sha3_generic_keccak_KeccakState_17 *uu____17 = self; libcrux_sha3_generic_keccak_set_80_04( uu____17, (size_t)3U, (size_t)3U, libcrux_sha3_simd_portable_xor_and_rotate_d2_54( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)3U}))[0U], t[3U])); libcrux_sha3_generic_keccak_KeccakState_17 *uu____18 = self; libcrux_sha3_generic_keccak_set_80_04( uu____18, (size_t)4U, (size_t)3U, libcrux_sha3_simd_portable_xor_and_rotate_d2_4c( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)3U}))[0U], t[3U])); libcrux_sha3_generic_keccak_KeccakState_17 *uu____19 = self; libcrux_sha3_generic_keccak_set_80_04( uu____19, (size_t)0U, (size_t)4U, libcrux_sha3_simd_portable_xor_and_rotate_d2_ce( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)4U}))[0U], t[4U])); libcrux_sha3_generic_keccak_KeccakState_17 *uu____20 = self; libcrux_sha3_generic_keccak_set_80_04( uu____20, (size_t)1U, (size_t)4U, libcrux_sha3_simd_portable_xor_and_rotate_d2_77( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)4U}))[0U], t[4U])); libcrux_sha3_generic_keccak_KeccakState_17 *uu____21 = self; libcrux_sha3_generic_keccak_set_80_04( uu____21, (size_t)2U, (size_t)4U, libcrux_sha3_simd_portable_xor_and_rotate_d2_25( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)4U}))[0U], t[4U])); libcrux_sha3_generic_keccak_KeccakState_17 *uu____22 = self; libcrux_sha3_generic_keccak_set_80_04( uu____22, (size_t)3U, (size_t)4U, libcrux_sha3_simd_portable_xor_and_rotate_d2_af( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)4U}))[0U], t[4U])); libcrux_sha3_generic_keccak_KeccakState_17 *uu____23 = self; libcrux_sha3_generic_keccak_set_80_04( uu____23, (size_t)4U, (size_t)4U, libcrux_sha3_simd_portable_xor_and_rotate_d2_fd( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)4U}))[0U], t[4U])); } /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_sha3.generic_keccak.pi_80 with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_80_04( libcrux_sha3_generic_keccak_KeccakState_17 *self) { libcrux_sha3_generic_keccak_KeccakState_17 old = self[0U]; libcrux_sha3_generic_keccak_set_80_04( self, (size_t)1U, (size_t)0U, libcrux_sha3_generic_keccak_index_c2_04( &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)3U}))[0U]); libcrux_sha3_generic_keccak_set_80_04( self, (size_t)2U, (size_t)0U, libcrux_sha3_generic_keccak_index_c2_04( &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)1U}))[0U]); libcrux_sha3_generic_keccak_set_80_04( self, (size_t)3U, (size_t)0U, libcrux_sha3_generic_keccak_index_c2_04( &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)4U}))[0U]); libcrux_sha3_generic_keccak_set_80_04( self, (size_t)4U, (size_t)0U, libcrux_sha3_generic_keccak_index_c2_04( &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)2U}))[0U]); libcrux_sha3_generic_keccak_set_80_04( self, (size_t)0U, (size_t)1U, libcrux_sha3_generic_keccak_index_c2_04( &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)1U}))[0U]); libcrux_sha3_generic_keccak_set_80_04( self, (size_t)1U, (size_t)1U, libcrux_sha3_generic_keccak_index_c2_04( &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)4U}))[0U]); libcrux_sha3_generic_keccak_set_80_04( self, (size_t)2U, (size_t)1U, libcrux_sha3_generic_keccak_index_c2_04( &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)2U}))[0U]); libcrux_sha3_generic_keccak_set_80_04( self, (size_t)3U, (size_t)1U, libcrux_sha3_generic_keccak_index_c2_04( &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)0U}))[0U]); libcrux_sha3_generic_keccak_set_80_04( self, (size_t)4U, (size_t)1U, libcrux_sha3_generic_keccak_index_c2_04( &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)1U, .snd = (size_t)3U}))[0U]); libcrux_sha3_generic_keccak_set_80_04( self, (size_t)0U, (size_t)2U, libcrux_sha3_generic_keccak_index_c2_04( &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)2U}))[0U]); libcrux_sha3_generic_keccak_set_80_04( self, (size_t)1U, (size_t)2U, libcrux_sha3_generic_keccak_index_c2_04( &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)0U}))[0U]); libcrux_sha3_generic_keccak_set_80_04( self, (size_t)2U, (size_t)2U, libcrux_sha3_generic_keccak_index_c2_04( &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)3U}))[0U]); libcrux_sha3_generic_keccak_set_80_04( self, (size_t)3U, (size_t)2U, libcrux_sha3_generic_keccak_index_c2_04( &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)1U}))[0U]); libcrux_sha3_generic_keccak_set_80_04( self, (size_t)4U, (size_t)2U, libcrux_sha3_generic_keccak_index_c2_04( &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)2U, .snd = (size_t)4U}))[0U]); libcrux_sha3_generic_keccak_set_80_04( self, (size_t)0U, (size_t)3U, libcrux_sha3_generic_keccak_index_c2_04( &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)3U}))[0U]); libcrux_sha3_generic_keccak_set_80_04( self, (size_t)1U, (size_t)3U, libcrux_sha3_generic_keccak_index_c2_04( &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)1U}))[0U]); libcrux_sha3_generic_keccak_set_80_04( self, (size_t)2U, (size_t)3U, libcrux_sha3_generic_keccak_index_c2_04( &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)4U}))[0U]); libcrux_sha3_generic_keccak_set_80_04( self, (size_t)3U, (size_t)3U, libcrux_sha3_generic_keccak_index_c2_04( &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)2U}))[0U]); libcrux_sha3_generic_keccak_set_80_04( self, (size_t)4U, (size_t)3U, libcrux_sha3_generic_keccak_index_c2_04( &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)3U, .snd = (size_t)0U}))[0U]); libcrux_sha3_generic_keccak_set_80_04( self, (size_t)0U, (size_t)4U, libcrux_sha3_generic_keccak_index_c2_04( &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)4U}))[0U]); libcrux_sha3_generic_keccak_set_80_04( self, (size_t)1U, (size_t)4U, libcrux_sha3_generic_keccak_index_c2_04( &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)2U}))[0U]); libcrux_sha3_generic_keccak_set_80_04( self, (size_t)2U, (size_t)4U, libcrux_sha3_generic_keccak_index_c2_04( &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)0U}))[0U]); libcrux_sha3_generic_keccak_set_80_04( self, (size_t)3U, (size_t)4U, libcrux_sha3_generic_keccak_index_c2_04( &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)3U}))[0U]); libcrux_sha3_generic_keccak_set_80_04( self, (size_t)4U, (size_t)4U, libcrux_sha3_generic_keccak_index_c2_04( &old, (KRML_CLITERAL(size_t_x2){.fst = (size_t)4U, .snd = (size_t)1U}))[0U]); } /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_sha3.generic_keccak.chi_80 with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_80_04( libcrux_sha3_generic_keccak_KeccakState_17 *self) { libcrux_sha3_generic_keccak_KeccakState_17 old = self[0U]; for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)5U; i++) { size_t j = i; libcrux_sha3_generic_keccak_set_80_04( self, i1, j, libcrux_sha3_simd_portable_and_not_xor_d2( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = i1, .snd = j}))[0U], libcrux_sha3_generic_keccak_index_c2_04( &old, (KRML_CLITERAL(size_t_x2){ .fst = i1, .snd = (j + (size_t)2U) % (size_t)5U}))[0U], libcrux_sha3_generic_keccak_index_c2_04( &old, (KRML_CLITERAL(size_t_x2){ .fst = i1, .snd = (j + (size_t)1U) % (size_t)5U}))[0U])); } } } /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_sha3.generic_keccak.iota_80 with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_80_04( libcrux_sha3_generic_keccak_KeccakState_17 *self, size_t i) { libcrux_sha3_generic_keccak_set_80_04( self, (size_t)0U, (size_t)0U, libcrux_sha3_simd_portable_xor_constant_d2( libcrux_sha3_generic_keccak_index_c2_04( self, (KRML_CLITERAL(size_t_x2){.fst = (size_t)0U, .snd = (size_t)0U}))[0U], libcrux_sha3_generic_keccak_constants_ROUNDCONSTANTS[i])); } /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600_80 with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_80_04( libcrux_sha3_generic_keccak_KeccakState_17 *self) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; uint64_t t[5U]; libcrux_sha3_generic_keccak_theta_80_04(self, t); libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = self; uint64_t uu____1[5U]; memcpy(uu____1, t, (size_t)5U * sizeof(uint64_t)); libcrux_sha3_generic_keccak_rho_80_04(uu____0, uu____1); libcrux_sha3_generic_keccak_pi_80_04(self); libcrux_sha3_generic_keccak_chi_80_04(self); libcrux_sha3_generic_keccak_iota_80_04(self, i0); } } /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block_80 with types uint64_t with const generics - N= 1 - RATE= 72 */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_80_c6( libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *blocks, size_t start) { libcrux_sha3_simd_portable_load_block_a1_f8(self, blocks, start); libcrux_sha3_generic_keccak_keccakf1600_80_04(self); } /** A monomorphic instance of libcrux_sha3.simd.portable.load_last with const generics - RATE= 72 - DELIMITER= 6 */ static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_last_96( uint64_t *state, Eurydice_slice blocks, size_t start, size_t len) { uint8_t buffer[72U] = {0U}; Eurydice_slice_copy( Eurydice_array_to_subslice3(buffer, (size_t)0U, len, uint8_t *), Eurydice_slice_subslice3(blocks, start, start + len, uint8_t *), uint8_t); buffer[len] = 6U; size_t uu____0 = (size_t)72U - (size_t)1U; buffer[uu____0] = (uint32_t)buffer[uu____0] | 128U; libcrux_sha3_simd_portable_load_block_f8( state, Eurydice_array_to_slice((size_t)72U, buffer, uint8_t), (size_t)0U); } /** This function found in impl {libcrux_sha3::traits::Absorb<1usize> for libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for u64}]} */ /** A monomorphic instance of libcrux_sha3.simd.portable.load_last_a1 with const generics - RATE= 72 - DELIMITER= 6 */ static inline void libcrux_sha3_simd_portable_load_last_a1_96( libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input, size_t start, size_t len) { libcrux_sha3_simd_portable_load_last_96(self->st, input[0U], start, len); } /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_80 with types uint64_t with const generics - N= 1 - RATE= 72 - DELIM= 6 */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80_9e( libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *last, size_t start, size_t len) { libcrux_sha3_simd_portable_load_last_a1_96(self, last, start, len); libcrux_sha3_generic_keccak_keccakf1600_80_04(self); } /** A monomorphic instance of libcrux_sha3.simd.portable.store_block with const generics - RATE= 72 */ static KRML_MUSTINLINE void libcrux_sha3_simd_portable_store_block_f8( uint64_t *s, Eurydice_slice out, size_t start, size_t len) { size_t octets = len / (size_t)8U; for (size_t i = (size_t)0U; i < octets; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice3( out, start + (size_t)8U * i0, start + (size_t)8U * i0 + (size_t)8U, uint8_t *); uint8_t ret[8U]; core_num__u64__to_le_bytes( libcrux_sha3_traits_get_ij_04(s, i0 / (size_t)5U, i0 % (size_t)5U)[0U], ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } size_t remaining = len % (size_t)8U; if (remaining > (size_t)0U) { Eurydice_slice uu____1 = Eurydice_slice_subslice3( out, start + len - remaining, start + len, uint8_t *); uint8_t ret[8U]; core_num__u64__to_le_bytes( libcrux_sha3_traits_get_ij_04(s, octets / (size_t)5U, octets % (size_t)5U)[0U], ret); Eurydice_slice_copy( uu____1, Eurydice_array_to_subslice3(ret, (size_t)0U, remaining, uint8_t *), uint8_t); } } /** This function found in impl {libcrux_sha3::traits::Squeeze1 for libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for u64}]} */ /** A monomorphic instance of libcrux_sha3.simd.portable.squeeze_13 with const generics - RATE= 72 */ static inline void libcrux_sha3_simd_portable_squeeze_13_f8( libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out, size_t start, size_t len) { libcrux_sha3_simd_portable_store_block_f8(self->st, out, start, len); } /** A monomorphic instance of libcrux_sha3.generic_keccak.portable.keccak1 with const generics - RATE= 72 - DELIM= 6 */ static inline void libcrux_sha3_generic_keccak_portable_keccak1_96( Eurydice_slice data, Eurydice_slice out) { libcrux_sha3_generic_keccak_KeccakState_17 s = libcrux_sha3_generic_keccak_new_80_04(); size_t data_len = Eurydice_slice_len(data, uint8_t); for (size_t i = (size_t)0U; i < data_len / (size_t)72U; i++) { size_t i0 = i; Eurydice_slice buf[1U] = {data}; libcrux_sha3_generic_keccak_absorb_block_80_c6(&s, buf, i0 * (size_t)72U); } size_t rem = data_len % (size_t)72U; Eurydice_slice buf[1U] = {data}; libcrux_sha3_generic_keccak_absorb_final_80_9e(&s, buf, data_len - rem, rem); size_t outlen = Eurydice_slice_len(out, uint8_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { libcrux_sha3_simd_portable_squeeze_13_f8(&s, out, (size_t)0U, outlen); } else { libcrux_sha3_simd_portable_squeeze_13_f8(&s, out, (size_t)0U, (size_t)72U); for (size_t i = (size_t)1U; i < blocks; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); libcrux_sha3_simd_portable_squeeze_13_f8(&s, out, i0 * (size_t)72U, (size_t)72U); } if (last < outlen) { libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); libcrux_sha3_simd_portable_squeeze_13_f8(&s, out, last, outlen - last); } } } /** A portable SHA3 512 implementation. */ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { libcrux_sha3_generic_keccak_portable_keccak1_96(data, digest); } /** A monomorphic instance of libcrux_sha3.simd.portable.load_block with const generics - RATE= 136 */ static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_block_5b( uint64_t *state, Eurydice_slice blocks, size_t start) { uint64_t state_flat[25U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; size_t offset = start + (size_t)8U * i0; uint8_t uu____0[8U]; Result_15 dst; Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice3(blocks, offset, offset + (size_t)8U, uint8_t *), Eurydice_slice, uint8_t[8U], TryFromSliceError); unwrap_26_68(dst, uu____0); state_flat[i0] = core_num__u64__from_le_bytes(uu____0); } for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; libcrux_sha3_traits_set_ij_04( state, i0 / (size_t)5U, i0 % (size_t)5U, libcrux_sha3_traits_get_ij_04(state, i0 / (size_t)5U, i0 % (size_t)5U)[0U] ^ state_flat[i0]); } } /** This function found in impl {libcrux_sha3::traits::Absorb<1usize> for libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for u64}]} */ /** A monomorphic instance of libcrux_sha3.simd.portable.load_block_a1 with const generics - RATE= 136 */ static inline void libcrux_sha3_simd_portable_load_block_a1_5b( libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input, size_t start) { libcrux_sha3_simd_portable_load_block_5b(self->st, input[0U], start); } /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block_80 with types uint64_t with const generics - N= 1 - RATE= 136 */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_80_c60( libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *blocks, size_t start) { libcrux_sha3_simd_portable_load_block_a1_5b(self, blocks, start); libcrux_sha3_generic_keccak_keccakf1600_80_04(self); } /** A monomorphic instance of libcrux_sha3.simd.portable.load_last with const generics - RATE= 136 - DELIMITER= 6 */ static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_last_ad( uint64_t *state, Eurydice_slice blocks, size_t start, size_t len) { uint8_t buffer[136U] = {0U}; Eurydice_slice_copy( Eurydice_array_to_subslice3(buffer, (size_t)0U, len, uint8_t *), Eurydice_slice_subslice3(blocks, start, start + len, uint8_t *), uint8_t); buffer[len] = 6U; size_t uu____0 = (size_t)136U - (size_t)1U; buffer[uu____0] = (uint32_t)buffer[uu____0] | 128U; libcrux_sha3_simd_portable_load_block_5b( state, Eurydice_array_to_slice((size_t)136U, buffer, uint8_t), (size_t)0U); } /** This function found in impl {libcrux_sha3::traits::Absorb<1usize> for libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for u64}]} */ /** A monomorphic instance of libcrux_sha3.simd.portable.load_last_a1 with const generics - RATE= 136 - DELIMITER= 6 */ static inline void libcrux_sha3_simd_portable_load_last_a1_ad( libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input, size_t start, size_t len) { libcrux_sha3_simd_portable_load_last_ad(self->st, input[0U], start, len); } /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_80 with types uint64_t with const generics - N= 1 - RATE= 136 - DELIM= 6 */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80_9e0( libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *last, size_t start, size_t len) { libcrux_sha3_simd_portable_load_last_a1_ad(self, last, start, len); libcrux_sha3_generic_keccak_keccakf1600_80_04(self); } /** A monomorphic instance of libcrux_sha3.simd.portable.store_block with const generics - RATE= 136 */ static KRML_MUSTINLINE void libcrux_sha3_simd_portable_store_block_5b( uint64_t *s, Eurydice_slice out, size_t start, size_t len) { size_t octets = len / (size_t)8U; for (size_t i = (size_t)0U; i < octets; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice3( out, start + (size_t)8U * i0, start + (size_t)8U * i0 + (size_t)8U, uint8_t *); uint8_t ret[8U]; core_num__u64__to_le_bytes( libcrux_sha3_traits_get_ij_04(s, i0 / (size_t)5U, i0 % (size_t)5U)[0U], ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } size_t remaining = len % (size_t)8U; if (remaining > (size_t)0U) { Eurydice_slice uu____1 = Eurydice_slice_subslice3( out, start + len - remaining, start + len, uint8_t *); uint8_t ret[8U]; core_num__u64__to_le_bytes( libcrux_sha3_traits_get_ij_04(s, octets / (size_t)5U, octets % (size_t)5U)[0U], ret); Eurydice_slice_copy( uu____1, Eurydice_array_to_subslice3(ret, (size_t)0U, remaining, uint8_t *), uint8_t); } } /** This function found in impl {libcrux_sha3::traits::Squeeze1 for libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for u64}]} */ /** A monomorphic instance of libcrux_sha3.simd.portable.squeeze_13 with const generics - RATE= 136 */ static inline void libcrux_sha3_simd_portable_squeeze_13_5b( libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out, size_t start, size_t len) { libcrux_sha3_simd_portable_store_block_5b(self->st, out, start, len); } /** A monomorphic instance of libcrux_sha3.generic_keccak.portable.keccak1 with const generics - RATE= 136 - DELIM= 6 */ static inline void libcrux_sha3_generic_keccak_portable_keccak1_ad( Eurydice_slice data, Eurydice_slice out) { libcrux_sha3_generic_keccak_KeccakState_17 s = libcrux_sha3_generic_keccak_new_80_04(); size_t data_len = Eurydice_slice_len(data, uint8_t); for (size_t i = (size_t)0U; i < data_len / (size_t)136U; i++) { size_t i0 = i; Eurydice_slice buf[1U] = {data}; libcrux_sha3_generic_keccak_absorb_block_80_c60(&s, buf, i0 * (size_t)136U); } size_t rem = data_len % (size_t)136U; Eurydice_slice buf[1U] = {data}; libcrux_sha3_generic_keccak_absorb_final_80_9e0(&s, buf, data_len - rem, rem); size_t outlen = Eurydice_slice_len(out, uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, (size_t)0U, outlen); } else { libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, (size_t)0U, (size_t)136U); for (size_t i = (size_t)1U; i < blocks; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, i0 * (size_t)136U, (size_t)136U); } if (last < outlen) { libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, last, outlen - last); } } } /** A portable SHA3 256 implementation. */ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { libcrux_sha3_generic_keccak_portable_keccak1_ad(data, digest); } /** A monomorphic instance of libcrux_sha3.simd.portable.load_last with const generics - RATE= 136 - DELIMITER= 31 */ static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_last_ad0( uint64_t *state, Eurydice_slice blocks, size_t start, size_t len) { uint8_t buffer[136U] = {0U}; Eurydice_slice_copy( Eurydice_array_to_subslice3(buffer, (size_t)0U, len, uint8_t *), Eurydice_slice_subslice3(blocks, start, start + len, uint8_t *), uint8_t); buffer[len] = 31U; size_t uu____0 = (size_t)136U - (size_t)1U; buffer[uu____0] = (uint32_t)buffer[uu____0] | 128U; libcrux_sha3_simd_portable_load_block_5b( state, Eurydice_array_to_slice((size_t)136U, buffer, uint8_t), (size_t)0U); } /** This function found in impl {libcrux_sha3::traits::Absorb<1usize> for libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for u64}]} */ /** A monomorphic instance of libcrux_sha3.simd.portable.load_last_a1 with const generics - RATE= 136 - DELIMITER= 31 */ static inline void libcrux_sha3_simd_portable_load_last_a1_ad0( libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input, size_t start, size_t len) { libcrux_sha3_simd_portable_load_last_ad0(self->st, input[0U], start, len); } /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_80 with types uint64_t with const generics - N= 1 - RATE= 136 - DELIM= 31 */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80_9e1( libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *last, size_t start, size_t len) { libcrux_sha3_simd_portable_load_last_a1_ad0(self, last, start, len); libcrux_sha3_generic_keccak_keccakf1600_80_04(self); } /** A monomorphic instance of libcrux_sha3.generic_keccak.portable.keccak1 with const generics - RATE= 136 - DELIM= 31 */ static inline void libcrux_sha3_generic_keccak_portable_keccak1_ad0( Eurydice_slice data, Eurydice_slice out) { libcrux_sha3_generic_keccak_KeccakState_17 s = libcrux_sha3_generic_keccak_new_80_04(); size_t data_len = Eurydice_slice_len(data, uint8_t); for (size_t i = (size_t)0U; i < data_len / (size_t)136U; i++) { size_t i0 = i; Eurydice_slice buf[1U] = {data}; libcrux_sha3_generic_keccak_absorb_block_80_c60(&s, buf, i0 * (size_t)136U); } size_t rem = data_len % (size_t)136U; Eurydice_slice buf[1U] = {data}; libcrux_sha3_generic_keccak_absorb_final_80_9e1(&s, buf, data_len - rem, rem); size_t outlen = Eurydice_slice_len(out, uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, (size_t)0U, outlen); } else { libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, (size_t)0U, (size_t)136U); for (size_t i = (size_t)1U; i < blocks; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, i0 * (size_t)136U, (size_t)136U); } if (last < outlen) { libcrux_sha3_generic_keccak_keccakf1600_80_04(&s); libcrux_sha3_simd_portable_squeeze_13_5b(&s, out, last, outlen - last); } } } /** A portable SHAKE256 implementation. */ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { libcrux_sha3_generic_keccak_portable_keccak1_ad0(data, digest); } typedef libcrux_sha3_generic_keccak_KeccakState_17 libcrux_sha3_portable_KeccakState; /** Create a new SHAKE-128 state object. */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_17 libcrux_sha3_portable_incremental_shake128_init(void) { return libcrux_sha3_generic_keccak_new_80_04(); } /** A monomorphic instance of libcrux_sha3.simd.portable.load_block with const generics - RATE= 168 */ static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_block_3a( uint64_t *state, Eurydice_slice blocks, size_t start) { uint64_t state_flat[25U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; size_t offset = start + (size_t)8U * i0; uint8_t uu____0[8U]; Result_15 dst; Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice3(blocks, offset, offset + (size_t)8U, uint8_t *), Eurydice_slice, uint8_t[8U], TryFromSliceError); unwrap_26_68(dst, uu____0); state_flat[i0] = core_num__u64__from_le_bytes(uu____0); } for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; libcrux_sha3_traits_set_ij_04( state, i0 / (size_t)5U, i0 % (size_t)5U, libcrux_sha3_traits_get_ij_04(state, i0 / (size_t)5U, i0 % (size_t)5U)[0U] ^ state_flat[i0]); } } /** A monomorphic instance of libcrux_sha3.simd.portable.load_last with const generics - RATE= 168 - DELIMITER= 31 */ static KRML_MUSTINLINE void libcrux_sha3_simd_portable_load_last_c6( uint64_t *state, Eurydice_slice blocks, size_t start, size_t len) { uint8_t buffer[168U] = {0U}; Eurydice_slice_copy( Eurydice_array_to_subslice3(buffer, (size_t)0U, len, uint8_t *), Eurydice_slice_subslice3(blocks, start, start + len, uint8_t *), uint8_t); buffer[len] = 31U; size_t uu____0 = (size_t)168U - (size_t)1U; buffer[uu____0] = (uint32_t)buffer[uu____0] | 128U; libcrux_sha3_simd_portable_load_block_3a( state, Eurydice_array_to_slice((size_t)168U, buffer, uint8_t), (size_t)0U); } /** This function found in impl {libcrux_sha3::traits::Absorb<1usize> for libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for u64}]} */ /** A monomorphic instance of libcrux_sha3.simd.portable.load_last_a1 with const generics - RATE= 168 - DELIMITER= 31 */ static inline void libcrux_sha3_simd_portable_load_last_a1_c6( libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *input, size_t start, size_t len) { libcrux_sha3_simd_portable_load_last_c6(self->st, input[0U], start, len); } /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_80 with types uint64_t with const generics - N= 1 - RATE= 168 - DELIM= 31 */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80_9e2( libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice *last, size_t start, size_t len) { libcrux_sha3_simd_portable_load_last_a1_c6(self, last, start, len); libcrux_sha3_generic_keccak_keccakf1600_80_04(self); } /** Absorb */ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice data0) { libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = s; Eurydice_slice uu____1[1U] = {data0}; libcrux_sha3_generic_keccak_absorb_final_80_9e2( uu____0, uu____1, (size_t)0U, Eurydice_slice_len(data0, uint8_t)); } /** A monomorphic instance of libcrux_sha3.simd.portable.store_block with const generics - RATE= 168 */ static KRML_MUSTINLINE void libcrux_sha3_simd_portable_store_block_3a( uint64_t *s, Eurydice_slice out, size_t start, size_t len) { size_t octets = len / (size_t)8U; for (size_t i = (size_t)0U; i < octets; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice3( out, start + (size_t)8U * i0, start + (size_t)8U * i0 + (size_t)8U, uint8_t *); uint8_t ret[8U]; core_num__u64__to_le_bytes( libcrux_sha3_traits_get_ij_04(s, i0 / (size_t)5U, i0 % (size_t)5U)[0U], ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } size_t remaining = len % (size_t)8U; if (remaining > (size_t)0U) { Eurydice_slice uu____1 = Eurydice_slice_subslice3( out, start + len - remaining, start + len, uint8_t *); uint8_t ret[8U]; core_num__u64__to_le_bytes( libcrux_sha3_traits_get_ij_04(s, octets / (size_t)5U, octets % (size_t)5U)[0U], ret); Eurydice_slice_copy( uu____1, Eurydice_array_to_subslice3(ret, (size_t)0U, remaining, uint8_t *), uint8_t); } } /** This function found in impl {libcrux_sha3::traits::Squeeze1 for libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for u64}]} */ /** A monomorphic instance of libcrux_sha3.simd.portable.squeeze_13 with const generics - RATE= 168 */ static inline void libcrux_sha3_simd_portable_squeeze_13_3a( libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out, size_t start, size_t len) { libcrux_sha3_simd_portable_store_block_3a(self->st, out, start, len); } /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for u64}]} */ /** A monomorphic instance of libcrux_sha3.generic_keccak.portable.squeeze_first_three_blocks_b4 with const generics - RATE= 168 */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_portable_squeeze_first_three_blocks_b4_3a( libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out) { libcrux_sha3_simd_portable_squeeze_13_3a(self, out, (size_t)0U, (size_t)168U); libcrux_sha3_generic_keccak_keccakf1600_80_04(self); libcrux_sha3_simd_portable_squeeze_13_3a(self, out, (size_t)168U, (size_t)168U); libcrux_sha3_generic_keccak_keccakf1600_80_04(self); libcrux_sha3_simd_portable_squeeze_13_3a(self, out, (size_t)2U * (size_t)168U, (size_t)168U); } /** Squeeze three blocks */ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out0) { libcrux_sha3_generic_keccak_portable_squeeze_first_three_blocks_b4_3a(s, out0); } /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[core::marker::Sized, libcrux_sha3::simd::portable::{libcrux_sha3::traits::KeccakItem<1usize> for u64}]} */ /** A monomorphic instance of libcrux_sha3.generic_keccak.portable.squeeze_next_block_b4 with const generics - RATE= 168 */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_portable_squeeze_next_block_b4_3a( libcrux_sha3_generic_keccak_KeccakState_17 *self, Eurydice_slice out, size_t start) { libcrux_sha3_generic_keccak_keccakf1600_80_04(self); libcrux_sha3_simd_portable_squeeze_13_3a(self, out, start, (size_t)168U); } /** Squeeze another block */ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out0) { libcrux_sha3_generic_keccak_portable_squeeze_next_block_b4_3a(s, out0, (size_t)0U); } #if defined(__cplusplus) } #endif #define libcrux_sha3_portable_H_DEFINED #endif /* libcrux_sha3_portable_H */ /* from libcrux/libcrux-ml-kem/extracts/c_header_only/generated/libcrux_mlkem768_portable.h */ /* * SPDX-FileCopyrightText: 2025 Cryspen Sarl * * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: * Charon: 667d2fc98984ff7f3df989c2367e6c1fa4a000e7 * Eurydice: 2381cbc416ef2ad0b561c362c500bc84f36b6785 * Karamel: 80f5435f2fc505973c469a4afcc8d875cddd0d8b * F*: 71d8221589d4d438af3706d89cb653cf53e18aab * Libcrux: 68dfed5a4a9e40277f62828471c029afed1ecdcc */ #ifndef libcrux_mlkem768_portable_H #define libcrux_mlkem768_portable_H #if defined(__cplusplus) extern "C" { #endif static inline void libcrux_ml_kem_hash_functions_portable_G( Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } static inline void libcrux_ml_kem_hash_functions_portable_H( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } static const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = {(int16_t)-1044, (int16_t)-758, (int16_t)-359, (int16_t)-1517, (int16_t)1493, (int16_t)1422, (int16_t)287, (int16_t)202, (int16_t)-171, (int16_t)622, (int16_t)1577, (int16_t)182, (int16_t)962, (int16_t)-1202, (int16_t)-1474, (int16_t)1468, (int16_t)573, (int16_t)-1325, (int16_t)264, (int16_t)383, (int16_t)-829, (int16_t)1458, (int16_t)-1602, (int16_t)-130, (int16_t)-681, (int16_t)1017, (int16_t)732, (int16_t)608, (int16_t)-1542, (int16_t)411, (int16_t)-205, (int16_t)-1571, (int16_t)1223, (int16_t)652, (int16_t)-552, (int16_t)1015, (int16_t)-1293, (int16_t)1491, (int16_t)-282, (int16_t)-1544, (int16_t)516, (int16_t)-8, (int16_t)-320, (int16_t)-666, (int16_t)-1618, (int16_t)-1162, (int16_t)126, (int16_t)1469, (int16_t)-853, (int16_t)-90, (int16_t)-271, (int16_t)830, (int16_t)107, (int16_t)-1421, (int16_t)-247, (int16_t)-951, (int16_t)-398, (int16_t)961, (int16_t)-1508, (int16_t)-725, (int16_t)448, (int16_t)-1065, (int16_t)677, (int16_t)-1275, (int16_t)-1103, (int16_t)430, (int16_t)555, (int16_t)843, (int16_t)-1251, (int16_t)871, (int16_t)1550, (int16_t)105, (int16_t)422, (int16_t)587, (int16_t)177, (int16_t)-235, (int16_t)-291, (int16_t)-460, (int16_t)1574, (int16_t)1653, (int16_t)-246, (int16_t)778, (int16_t)1159, (int16_t)-147, (int16_t)-777, (int16_t)1483, (int16_t)-602, (int16_t)1119, (int16_t)-1590, (int16_t)644, (int16_t)-872, (int16_t)349, (int16_t)418, (int16_t)329, (int16_t)-156, (int16_t)-75, (int16_t)817, (int16_t)1097, (int16_t)603, (int16_t)610, (int16_t)1322, (int16_t)-1285, (int16_t)-1465, (int16_t)384, (int16_t)-1215, (int16_t)-136, (int16_t)1218, (int16_t)-1335, (int16_t)-874, (int16_t)220, (int16_t)-1187, (int16_t)-1659, (int16_t)-1185, (int16_t)-1530, (int16_t)-1278, (int16_t)794, (int16_t)-1510, (int16_t)-854, (int16_t)-870, (int16_t)478, (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; static KRML_MUSTINLINE int16_t libcrux_ml_kem_polynomial_zeta(size_t i) { return libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[i]; } #define LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT ((size_t)16U) #define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR ((size_t)16U) #define LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS \ ((int16_t)1353) #define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS ((int16_t)3329) #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ (62209U) typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { int16_t elements[16U]; } libcrux_ml_kem_vector_portable_vector_type_PortableVector; static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice array) { libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; int16_t ret[16U]; Result_0a dst; Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice3(array, (size_t)0U, (size_t)16U, int16_t *), Eurydice_slice, int16_t[16U], TryFromSliceError); unwrap_26_00(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_from_i16_array_b8(Eurydice_slice array) { return libcrux_ml_kem_vector_portable_vector_type_from_i16_array( libcrux_secrets_int_classify_public_classify_ref_9b_39(array)); } typedef struct int16_t_x8_s { int16_t fst; int16_t snd; int16_t thd; int16_t f3; int16_t f4; int16_t f5; int16_t f6; int16_t f7; } int16_t_x8; static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_zero(void) { libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; int16_t ret[16U]; int16_t buf[16U] = {0U}; libcrux_secrets_int_public_integers_classify_27_46(buf, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ZERO_b8(void) { return libcrux_ml_kem_vector_portable_vector_type_zero(); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_add( libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; size_t uu____0 = i0; lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; } return lhs; } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_add_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { return libcrux_ml_kem_vector_portable_arithmetic_add(lhs, rhs); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_sub( libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; size_t uu____0 = i0; lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; } return lhs; } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_sub_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { return libcrux_ml_kem_vector_portable_arithmetic_sub(lhs, rhs); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; size_t uu____0 = i0; vec.elements[uu____0] = vec.elements[uu____0] * c; } return vec; } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_multiply_by_constant_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) { return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(vec, c); } /** Note: This function is not secret independent Only use with public values. */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; if (libcrux_secrets_int_public_integers_declassify_d8_39( vec.elements[i0]) >= (int16_t)3329) { size_t uu____0 = i0; vec.elements[uu____0] = vec.elements[uu____0] - (int16_t)3329; } } return vec; } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_cond_subtract_3329_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); } #define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER \ ((int32_t)20159) #define LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_SHIFT ((int32_t)26) #define LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_R \ ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_SHIFT) /** Signed Barrett Reduction Given an input `value`, `barrett_reduce` outputs a representative `result` such that: - result ≡ value (mod FIELD_MODULUS) - the absolute value of `result` is bound as follows: `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) Note: The input bound is 28296 to prevent overflow in the multiplication of quotient by FIELD_MODULUS */ static inline int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { int32_t t = libcrux_secrets_int_as_i32_f5(value) * LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER + (LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_R >> 1U); int16_t quotient = libcrux_secrets_int_as_i16_36( t >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_SHIFT); return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int16_t vi = libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( vec.elements[i0]); vec.elements[i0] = vi; } return vec; } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_barrett_reduce_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector vector) { return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(vector); } #define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT (16U) /** Signed Montgomery Reduction Given an input `value`, `montgomery_reduce` outputs a representative `o` such that: - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) - the absolute value of `o` is bound as follows: `|result| ≤ ceil(|value| / MONTGOMERY_R) + 1665 In particular, if `|value| ≤ FIELD_MODULUS-1 * FIELD_MODULUS-1`, then `|o| <= FIELD_MODULUS-1`. And, if `|value| ≤ pow2 16 * FIELD_MODULUS-1`, then `|o| <= FIELD_MODULUS + 1664 */ static inline int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value) { int32_t k = libcrux_secrets_int_as_i32_f5(libcrux_secrets_int_as_i16_36(value)) * libcrux_secrets_int_as_i32_b8( libcrux_secrets_int_public_integers_classify_27_df( LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); int32_t k_times_modulus = libcrux_secrets_int_as_i32_f5(libcrux_secrets_int_as_i16_36(k)) * libcrux_secrets_int_as_i32_f5( libcrux_secrets_int_public_integers_classify_27_39( LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); int16_t c = libcrux_secrets_int_as_i16_36( k_times_modulus >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); int16_t value_high = libcrux_secrets_int_as_i16_36( value >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); return value_high - c; } /** If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to `x · y`, as follows: `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod FIELD_MODULUS)`. */ static KRML_MUSTINLINE int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer) { int32_t product = libcrux_secrets_int_as_i32_f5(fe) * libcrux_secrets_int_as_i32_f5(fer); return libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( product); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; vec.elements[i0] = libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( vec.elements[i0], c); } return vec; } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector vector, int16_t constant) { return libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( vector, libcrux_secrets_int_public_integers_classify_27_39(constant)); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; size_t uu____0 = i0; vec.elements[uu____0] = vec.elements[uu____0] & c; } return vec; } /** A monomorphic instance of libcrux_ml_kem.vector.portable.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_shift_right_ef( libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; vec.elements[i0] = vec.elements[i0] >> (uint32_t)(int32_t)15; } return vec; } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_to_unsigned_representative( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = libcrux_ml_kem_vector_portable_arithmetic_shift_right_ef(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_portable_arithmetic_add(a, &fm); } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_to_unsigned_representative_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { return libcrux_ml_kem_vector_portable_arithmetic_to_unsigned_representative( a); } /** The `compress_*` functions implement the `Compress` function specified in the NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: ```plaintext Compress_d: ℤq -> ℤ_{2ᵈ} Compress_d(x) = ⌈(2ᵈ/q)·x⌋ ``` Since `⌈x⌋ = ⌊x + 1/2⌋` we have: ```plaintext Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ = ⌊(2^{d+1}·x + q) / 2q⌋ ``` For further information about the function implementations, consult the `implementation_notes.pdf` document in this directory. The NIST FIPS 203 standard can be found at . */ static inline uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe) { int16_t shifted = libcrux_secrets_int_public_integers_classify_27_39((int16_t)1664) - libcrux_secrets_int_as_i16_ca(fe); int16_t mask = shifted >> 15U; int16_t shifted_to_positive = mask ^ shifted; int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; int16_t r0 = shifted_positive_in_range >> 15U; int16_t r1 = r0 & (int16_t)1; return libcrux_secrets_int_as_u8_f5(r1); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_compress_compress_1( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; a.elements[i0] = libcrux_secrets_int_as_i16_59( libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( libcrux_secrets_int_as_u16_f5(a.elements[i0]))); } return a; } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_compress_1_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { return libcrux_ml_kem_vector_portable_compress_compress_1(a); } static KRML_MUSTINLINE uint32_t libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( uint8_t n, uint32_t value) { return value & ((1U << (uint32_t)n) - 1U); } static inline int16_t libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( uint8_t coefficient_bits, uint16_t fe) { uint64_t compressed = libcrux_secrets_int_as_u64_ca(fe) << (uint32_t)coefficient_bits; compressed = compressed + 1664ULL; compressed = compressed * 10321340ULL; compressed = compressed >> 35U; return libcrux_secrets_int_as_i16_b8( libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( coefficient_bits, libcrux_secrets_int_as_u32_a3(compressed))); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_compress_decompress_1( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector z = libcrux_ml_kem_vector_portable_vector_type_zero(); libcrux_ml_kem_vector_portable_vector_type_PortableVector s = libcrux_ml_kem_vector_portable_arithmetic_sub(z, &a); libcrux_ml_kem_vector_portable_vector_type_PortableVector res = libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( s, (int16_t)1665); return res; } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_decompress_1_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { return libcrux_ml_kem_vector_portable_compress_decompress_1(a); } static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step( libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec, int16_t zeta, size_t i, size_t j) { int16_t t = libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( vec->elements[j], libcrux_secrets_int_public_integers_classify_27_39(zeta)); int16_t a_minus_t = vec->elements[i] - t; int16_t a_plus_t = vec->elements[i] + t; vec->elements[j] = a_minus_t; vec->elements[i] = a_plus_t; } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)0U, (size_t)2U); libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)1U, (size_t)3U); libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)4U, (size_t)6U); libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)5U, (size_t)7U); libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta2, (size_t)8U, (size_t)10U); libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta2, (size_t)9U, (size_t)11U); libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta3, (size_t)12U, (size_t)14U); libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta3, (size_t)13U, (size_t)15U); return vec; } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_layer_1_step_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { return libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t zeta0, int16_t zeta1) { libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)0U, (size_t)4U); libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)1U, (size_t)5U); libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)2U, (size_t)6U); libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)3U, (size_t)7U); libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)8U, (size_t)12U); libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)9U, (size_t)13U); libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)10U, (size_t)14U); libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)11U, (size_t)15U); return vec; } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_layer_2_step_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1) { return libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(a, zeta0, zeta1); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t zeta) { libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)0U, (size_t)8U); libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)1U, (size_t)9U); libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)2U, (size_t)10U); libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)3U, (size_t)11U); libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)4U, (size_t)12U); libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)5U, (size_t)13U); libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)6U, (size_t)14U); libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)7U, (size_t)15U); return vec; } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_layer_3_step_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { return libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(a, zeta); } static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec, int16_t zeta, size_t i, size_t j) { int16_t a_minus_b = vec->elements[j] - vec->elements[i]; int16_t a_plus_b = vec->elements[j] + vec->elements[i]; int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( a_plus_b); int16_t o1 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( a_minus_b, libcrux_secrets_int_public_integers_classify_27_39(zeta)); vec->elements[i] = o0; vec->elements[j] = o1; } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)0U, (size_t)2U); libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)1U, (size_t)3U); libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)4U, (size_t)6U); libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)5U, (size_t)7U); libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta2, (size_t)8U, (size_t)10U); libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta2, (size_t)9U, (size_t)11U); libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta3, (size_t)12U, (size_t)14U); libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta3, (size_t)13U, (size_t)15U); return vec; } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( a, zeta0, zeta1, zeta2, zeta3); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t zeta0, int16_t zeta1) { libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)0U, (size_t)4U); libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)1U, (size_t)5U); libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)2U, (size_t)6U); libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)3U, (size_t)7U); libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)8U, (size_t)12U); libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)9U, (size_t)13U); libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)10U, (size_t)14U); libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)11U, (size_t)15U); return vec; } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1) { return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(a, zeta0, zeta1); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t zeta) { libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)0U, (size_t)8U); libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)1U, (size_t)9U); libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)2U, (size_t)10U); libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)3U, (size_t)11U); libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)4U, (size_t)12U); libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)5U, (size_t)13U); libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)6U, (size_t)14U); libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)7U, (size_t)15U); return vec; } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } /** Compute the product of two Kyber binomials with respect to the modulus `X² - zeta`. This function almost implements Algorithm 11 of the NIST FIPS 203 standard, which is reproduced below: ```plaintext Input: a₀, a₁, b₀, b₁ ∈ ℤq. Input: γ ∈ ℤq. Output: c₀, c₁ ∈ ℤq. c₀ ← a₀·b₀ + a₁·b₁·γ c₁ ← a₀·b₁ + a₁·b₀ return c₀, c₁ ``` We say "almost" because the coefficients output by this function are in the Montgomery domain (unlike in the specification). The NIST FIPS 203 standard can be found at . */ static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, size_t i, libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { int16_t ai = a->elements[(size_t)2U * i]; int16_t bi = b->elements[(size_t)2U * i]; int16_t aj = a->elements[(size_t)2U * i + (size_t)1U]; int16_t bj = b->elements[(size_t)2U * i + (size_t)1U]; int32_t ai_bi = libcrux_secrets_int_as_i32_f5(ai) * libcrux_secrets_int_as_i32_f5(bi); int32_t aj_bj_ = libcrux_secrets_int_as_i32_f5(aj) * libcrux_secrets_int_as_i32_f5(bj); int16_t aj_bj = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( aj_bj_); int32_t aj_bj_zeta = libcrux_secrets_int_as_i32_f5(aj_bj) * libcrux_secrets_int_as_i32_f5(zeta); int32_t ai_bi_aj_bj = ai_bi + aj_bj_zeta; int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( ai_bi_aj_bj); int32_t ai_bj = libcrux_secrets_int_as_i32_f5(ai) * libcrux_secrets_int_as_i32_f5(bj); int32_t aj_bi = libcrux_secrets_int_as_i32_f5(aj) * libcrux_secrets_int_as_i32_f5(bi); int32_t ai_bj_aj_bi = ai_bj + aj_bi; int16_t o1 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( ai_bj_aj_bi); out->elements[(size_t)2U * i] = o0; out->elements[(size_t)2U * i + (size_t)1U] = o1; } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_ntt_multiply( libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { int16_t nzeta0 = -zeta0; int16_t nzeta1 = -zeta1; int16_t nzeta2 = -zeta2; int16_t nzeta3 = -zeta3; libcrux_ml_kem_vector_portable_vector_type_PortableVector out = libcrux_ml_kem_vector_portable_vector_type_zero(); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(zeta0), (size_t)0U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(nzeta0), (size_t)1U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(zeta1), (size_t)2U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(nzeta1), (size_t)3U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(zeta2), (size_t)4U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(nzeta2), (size_t)5U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(zeta3), (size_t)6U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( lhs, rhs, libcrux_secrets_int_public_integers_classify_27_39(nzeta3), (size_t)7U, &out); return out; } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_multiply_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { return libcrux_ml_kem_vector_portable_ntt_ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2, zeta3); } static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[2U]) { uint8_t result0 = (((((((uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[0U]) | (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[1U]) << 1U) | (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[2U]) << 2U) | (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[3U]) << 3U) | (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[4U]) << 4U) | (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[5U]) << 5U) | (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[6U]) << 6U) | (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[7U]) << 7U; uint8_t result1 = (((((((uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[8U]) | (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[9U]) << 1U) | (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[10U]) << 2U) | (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[11U]) << 3U) | (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[12U]) << 4U) | (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[13U]) << 5U) | (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[14U]) << 6U) | (uint32_t)libcrux_secrets_int_as_u8_f5(v.elements[15U]) << 7U; ret[0U] = result0; ret[1U] = result1; } static inline void libcrux_ml_kem_vector_portable_serialize_1( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[2U]) { uint8_t ret0[2U]; libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret0); libcrux_secrets_int_public_integers_declassify_d8_d4(ret0, ret); } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline void libcrux_ml_kem_vector_portable_serialize_1_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[2U]) { libcrux_ml_kem_vector_portable_serialize_1(a, ret); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { int16_t result0 = libcrux_secrets_int_as_i16_59( (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) & 1U); int16_t result1 = libcrux_secrets_int_as_i16_59( (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) >> 1U & 1U); int16_t result2 = libcrux_secrets_int_as_i16_59( (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) >> 2U & 1U); int16_t result3 = libcrux_secrets_int_as_i16_59( (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) >> 3U & 1U); int16_t result4 = libcrux_secrets_int_as_i16_59( (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) >> 4U & 1U); int16_t result5 = libcrux_secrets_int_as_i16_59( (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) >> 5U & 1U); int16_t result6 = libcrux_secrets_int_as_i16_59( (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) >> 6U & 1U); int16_t result7 = libcrux_secrets_int_as_i16_59( (uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, uint8_t *) >> 7U & 1U); int16_t result8 = libcrux_secrets_int_as_i16_59( (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) & 1U); int16_t result9 = libcrux_secrets_int_as_i16_59( (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) >> 1U & 1U); int16_t result10 = libcrux_secrets_int_as_i16_59( (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) >> 2U & 1U); int16_t result11 = libcrux_secrets_int_as_i16_59( (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) >> 3U & 1U); int16_t result12 = libcrux_secrets_int_as_i16_59( (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) >> 4U & 1U); int16_t result13 = libcrux_secrets_int_as_i16_59( (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) >> 5U & 1U); int16_t result14 = libcrux_secrets_int_as_i16_59( (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) >> 6U & 1U); int16_t result15 = libcrux_secrets_int_as_i16_59( (uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, uint8_t *) >> 7U & 1U); return ( KRML_CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector){ .elements = {result0, result1, result2, result3, result4, result5, result6, result7, result8, result9, result10, result11, result12, result13, result14, result15}}); } static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_1(Eurydice_slice a) { return libcrux_ml_kem_vector_portable_serialize_deserialize_1( libcrux_secrets_int_classify_public_classify_ref_9b_90(a)); } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_1_b8(Eurydice_slice a) { return libcrux_ml_kem_vector_portable_deserialize_1(a); } typedef struct uint8_t_x4_s { uint8_t fst; uint8_t snd; uint8_t thd; uint8_t f3; } uint8_t_x4; static KRML_MUSTINLINE uint8_t_x4 libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { uint8_t result0 = (uint32_t)libcrux_secrets_int_as_u8_f5( Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *)) << 4U | (uint32_t)libcrux_secrets_int_as_u8_f5(Eurydice_slice_index( v, (size_t)0U, int16_t, int16_t *)); uint8_t result1 = (uint32_t)libcrux_secrets_int_as_u8_f5( Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *)) << 4U | (uint32_t)libcrux_secrets_int_as_u8_f5(Eurydice_slice_index( v, (size_t)2U, int16_t, int16_t *)); uint8_t result2 = (uint32_t)libcrux_secrets_int_as_u8_f5( Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *)) << 4U | (uint32_t)libcrux_secrets_int_as_u8_f5(Eurydice_slice_index( v, (size_t)4U, int16_t, int16_t *)); uint8_t result3 = (uint32_t)libcrux_secrets_int_as_u8_f5( Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *)) << 4U | (uint32_t)libcrux_secrets_int_as_u8_f5(Eurydice_slice_index( v, (size_t)6U, int16_t, int16_t *)); return (KRML_CLITERAL(uint8_t_x4){ .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); } static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[8U]) { uint8_t_x4 result0_3 = libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice3(v.elements, (size_t)0U, (size_t)8U, int16_t *)); uint8_t_x4 result4_7 = libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice3(v.elements, (size_t)8U, (size_t)16U, int16_t *)); ret[0U] = result0_3.fst; ret[1U] = result0_3.snd; ret[2U] = result0_3.thd; ret[3U] = result0_3.f3; ret[4U] = result4_7.fst; ret[5U] = result4_7.snd; ret[6U] = result4_7.thd; ret[7U] = result4_7.f3; } static inline void libcrux_ml_kem_vector_portable_serialize_4( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[8U]) { uint8_t ret0[8U]; libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret0); libcrux_secrets_int_public_integers_declassify_d8_76(ret0, ret); } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline void libcrux_ml_kem_vector_portable_serialize_4_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[8U]) { libcrux_ml_kem_vector_portable_serialize_4(a, ret); } static KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( Eurydice_slice bytes) { int16_t v0 = libcrux_secrets_int_as_i16_59( (uint32_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *) & 15U); int16_t v1 = libcrux_secrets_int_as_i16_59( (uint32_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *) >> 4U & 15U); int16_t v2 = libcrux_secrets_int_as_i16_59( (uint32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & 15U); int16_t v3 = libcrux_secrets_int_as_i16_59( (uint32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> 4U & 15U); int16_t v4 = libcrux_secrets_int_as_i16_59( (uint32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & 15U); int16_t v5 = libcrux_secrets_int_as_i16_59( (uint32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> 4U & 15U); int16_t v6 = libcrux_secrets_int_as_i16_59( (uint32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) & 15U); int16_t v7 = libcrux_secrets_int_as_i16_59( (uint32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) >> 4U & 15U); return (KRML_CLITERAL(int16_t_x8){.fst = v0, .snd = v1, .thd = v2, .f3 = v3, .f4 = v4, .f5 = v5, .f6 = v6, .f7 = v7}); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( Eurydice_slice_subslice3(bytes, (size_t)0U, (size_t)4U, uint8_t *)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( Eurydice_slice_subslice3(bytes, (size_t)4U, (size_t)8U, uint8_t *)); return ( KRML_CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector){ .elements = {v0_7.fst, v0_7.snd, v0_7.thd, v0_7.f3, v0_7.f4, v0_7.f5, v0_7.f6, v0_7.f7, v8_15.fst, v8_15.snd, v8_15.thd, v8_15.f3, v8_15.f4, v8_15.f5, v8_15.f6, v8_15.f7}}); } static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_4(Eurydice_slice a) { return libcrux_ml_kem_vector_portable_serialize_deserialize_4( libcrux_secrets_int_classify_public_classify_ref_9b_90(a)); } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_4_b8(Eurydice_slice a) { return libcrux_ml_kem_vector_portable_deserialize_4(a); } typedef struct uint8_t_x5_s { uint8_t fst; uint8_t snd; uint8_t thd; uint8_t f3; uint8_t f4; } uint8_t_x5; static KRML_MUSTINLINE uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { uint8_t r0 = libcrux_secrets_int_as_u8_f5( Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & (int16_t)255); uint8_t r1 = (uint32_t)libcrux_secrets_int_as_u8_f5( Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) & (int16_t)63) << 2U | (uint32_t)libcrux_secrets_int_as_u8_f5( Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) >> 8U & (int16_t)3); uint8_t r2 = (uint32_t)libcrux_secrets_int_as_u8_f5( Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) & (int16_t)15) << 4U | (uint32_t)libcrux_secrets_int_as_u8_f5( Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 6U & (int16_t)15); uint8_t r3 = (uint32_t)libcrux_secrets_int_as_u8_f5( Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) & (int16_t)3) << 6U | (uint32_t)libcrux_secrets_int_as_u8_f5( Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) >> 4U & (int16_t)63); uint8_t r4 = libcrux_secrets_int_as_u8_f5( Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 2U & (int16_t)255); return (KRML_CLITERAL(uint8_t_x5){ .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_10( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[20U]) { uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( Eurydice_array_to_subslice3(v.elements, (size_t)0U, (size_t)4U, int16_t *)); uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( Eurydice_array_to_subslice3(v.elements, (size_t)4U, (size_t)8U, int16_t *)); uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( Eurydice_array_to_subslice3(v.elements, (size_t)8U, (size_t)12U, int16_t *)); uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( Eurydice_array_to_subslice3(v.elements, (size_t)12U, (size_t)16U, int16_t *)); ret[0U] = r0_4.fst; ret[1U] = r0_4.snd; ret[2U] = r0_4.thd; ret[3U] = r0_4.f3; ret[4U] = r0_4.f4; ret[5U] = r5_9.fst; ret[6U] = r5_9.snd; ret[7U] = r5_9.thd; ret[8U] = r5_9.f3; ret[9U] = r5_9.f4; ret[10U] = r10_14.fst; ret[11U] = r10_14.snd; ret[12U] = r10_14.thd; ret[13U] = r10_14.f3; ret[14U] = r10_14.f4; ret[15U] = r15_19.fst; ret[16U] = r15_19.snd; ret[17U] = r15_19.thd; ret[18U] = r15_19.f3; ret[19U] = r15_19.f4; } static inline void libcrux_ml_kem_vector_portable_serialize_10( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[20U]) { uint8_t ret0[20U]; libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret0); libcrux_secrets_int_public_integers_declassify_d8_57(ret0, ret); } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline void libcrux_ml_kem_vector_portable_serialize_10_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[20U]) { libcrux_ml_kem_vector_portable_serialize_10(a, ret); } static KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( Eurydice_slice bytes) { int16_t r0 = libcrux_secrets_int_as_i16_f5( (libcrux_secrets_int_as_i16_59( Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *)) & (int16_t)3) << 8U | (libcrux_secrets_int_as_i16_59( Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)) & (int16_t)255)); int16_t r1 = libcrux_secrets_int_as_i16_f5( (libcrux_secrets_int_as_i16_59( Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *)) & (int16_t)15) << 6U | libcrux_secrets_int_as_i16_59( Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *)) >> 2U); int16_t r2 = libcrux_secrets_int_as_i16_f5( (libcrux_secrets_int_as_i16_59( Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *)) & (int16_t)63) << 4U | libcrux_secrets_int_as_i16_59( Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *)) >> 4U); int16_t r3 = libcrux_secrets_int_as_i16_f5( libcrux_secrets_int_as_i16_59( Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *)) << 2U | libcrux_secrets_int_as_i16_59( Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *)) >> 6U); int16_t r4 = libcrux_secrets_int_as_i16_f5( (libcrux_secrets_int_as_i16_59( Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *)) & (int16_t)3) << 8U | (libcrux_secrets_int_as_i16_59( Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *)) & (int16_t)255)); int16_t r5 = libcrux_secrets_int_as_i16_f5( (libcrux_secrets_int_as_i16_59( Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *)) & (int16_t)15) << 6U | libcrux_secrets_int_as_i16_59( Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *)) >> 2U); int16_t r6 = libcrux_secrets_int_as_i16_f5( (libcrux_secrets_int_as_i16_59( Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *)) & (int16_t)63) << 4U | libcrux_secrets_int_as_i16_59( Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *)) >> 4U); int16_t r7 = libcrux_secrets_int_as_i16_f5( libcrux_secrets_int_as_i16_59( Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *)) << 2U | libcrux_secrets_int_as_i16_59( Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *)) >> 6U); return (KRML_CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4, .f5 = r5, .f6 = r6, .f7 = r7}); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( Eurydice_slice_subslice3(bytes, (size_t)0U, (size_t)10U, uint8_t *)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( Eurydice_slice_subslice3(bytes, (size_t)10U, (size_t)20U, uint8_t *)); return ( KRML_CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector){ .elements = {v0_7.fst, v0_7.snd, v0_7.thd, v0_7.f3, v0_7.f4, v0_7.f5, v0_7.f6, v0_7.f7, v8_15.fst, v8_15.snd, v8_15.thd, v8_15.f3, v8_15.f4, v8_15.f5, v8_15.f6, v8_15.f7}}); } static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_10(Eurydice_slice a) { return libcrux_ml_kem_vector_portable_serialize_deserialize_10( libcrux_secrets_int_classify_public_classify_ref_9b_90(a)); } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_10_b8(Eurydice_slice a) { return libcrux_ml_kem_vector_portable_deserialize_10(a); } typedef struct uint8_t_x3_s { uint8_t fst; uint8_t snd; uint8_t thd; } uint8_t_x3; static KRML_MUSTINLINE uint8_t_x3 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { uint8_t r0 = libcrux_secrets_int_as_u8_f5( Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & (int16_t)255); uint8_t r1 = libcrux_secrets_int_as_u8_f5( Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) >> 8U | (Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) & (int16_t)15) << 4U); uint8_t r2 = libcrux_secrets_int_as_u8_f5( Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 4U & (int16_t)255); return (KRML_CLITERAL(uint8_t_x3){.fst = r0, .snd = r1, .thd = r2}); } static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_12( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[24U]) { uint8_t_x3 r0_2 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( Eurydice_array_to_subslice3(v.elements, (size_t)0U, (size_t)2U, int16_t *)); uint8_t_x3 r3_5 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( Eurydice_array_to_subslice3(v.elements, (size_t)2U, (size_t)4U, int16_t *)); uint8_t_x3 r6_8 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( Eurydice_array_to_subslice3(v.elements, (size_t)4U, (size_t)6U, int16_t *)); uint8_t_x3 r9_11 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( Eurydice_array_to_subslice3(v.elements, (size_t)6U, (size_t)8U, int16_t *)); uint8_t_x3 r12_14 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( Eurydice_array_to_subslice3(v.elements, (size_t)8U, (size_t)10U, int16_t *)); uint8_t_x3 r15_17 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( Eurydice_array_to_subslice3(v.elements, (size_t)10U, (size_t)12U, int16_t *)); uint8_t_x3 r18_20 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( Eurydice_array_to_subslice3(v.elements, (size_t)12U, (size_t)14U, int16_t *)); uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( Eurydice_array_to_subslice3(v.elements, (size_t)14U, (size_t)16U, int16_t *)); ret[0U] = r0_2.fst; ret[1U] = r0_2.snd; ret[2U] = r0_2.thd; ret[3U] = r3_5.fst; ret[4U] = r3_5.snd; ret[5U] = r3_5.thd; ret[6U] = r6_8.fst; ret[7U] = r6_8.snd; ret[8U] = r6_8.thd; ret[9U] = r9_11.fst; ret[10U] = r9_11.snd; ret[11U] = r9_11.thd; ret[12U] = r12_14.fst; ret[13U] = r12_14.snd; ret[14U] = r12_14.thd; ret[15U] = r15_17.fst; ret[16U] = r15_17.snd; ret[17U] = r15_17.thd; ret[18U] = r18_20.fst; ret[19U] = r18_20.snd; ret[20U] = r18_20.thd; ret[21U] = r21_23.fst; ret[22U] = r21_23.snd; ret[23U] = r21_23.thd; } static inline void libcrux_ml_kem_vector_portable_serialize_12( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[24U]) { uint8_t ret0[24U]; libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret0); libcrux_secrets_int_public_integers_declassify_d8_d2(ret0, ret); } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline void libcrux_ml_kem_vector_portable_serialize_12_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[24U]) { libcrux_ml_kem_vector_portable_serialize_12(a, ret); } typedef struct int16_t_x2_s { int16_t fst; int16_t snd; } int16_t_x2; static KRML_MUSTINLINE int16_t_x2 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice bytes) { int16_t byte0 = libcrux_secrets_int_as_i16_59( Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); int16_t byte1 = libcrux_secrets_int_as_i16_59( Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *)); int16_t byte2 = libcrux_secrets_int_as_i16_59( Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *)); int16_t r0 = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); int16_t r1 = byte2 << 4U | (byte1 >> 4U & (int16_t)15); return (KRML_CLITERAL(int16_t_x2){.fst = r0, .snd = r1}); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice_subslice3(bytes, (size_t)0U, (size_t)3U, uint8_t *)); int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice_subslice3(bytes, (size_t)3U, (size_t)6U, uint8_t *)); int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice_subslice3(bytes, (size_t)6U, (size_t)9U, uint8_t *)); int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice_subslice3(bytes, (size_t)9U, (size_t)12U, uint8_t *)); int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice_subslice3(bytes, (size_t)12U, (size_t)15U, uint8_t *)); int16_t_x2 v10_11 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice_subslice3(bytes, (size_t)15U, (size_t)18U, uint8_t *)); int16_t_x2 v12_13 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice_subslice3(bytes, (size_t)18U, (size_t)21U, uint8_t *)); int16_t_x2 v14_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice_subslice3(bytes, (size_t)21U, (size_t)24U, uint8_t *)); return ( KRML_CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector){ .elements = {v0_1.fst, v0_1.snd, v2_3.fst, v2_3.snd, v4_5.fst, v4_5.snd, v6_7.fst, v6_7.snd, v8_9.fst, v8_9.snd, v10_11.fst, v10_11.snd, v12_13.fst, v12_13.snd, v14_15.fst, v14_15.snd}}); } static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_12(Eurydice_slice a) { return libcrux_ml_kem_vector_portable_serialize_deserialize_12( libcrux_secrets_int_classify_public_classify_ref_9b_90(a)); } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_12_b8(Eurydice_slice a) { return libcrux_ml_kem_vector_portable_deserialize_12(a); } static KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, Eurydice_slice result) { size_t sampled = (size_t)0U; for (size_t i = (size_t)0U; i < Eurydice_slice_len(a, uint8_t) / (size_t)3U; i++) { size_t i0 = i; int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, uint8_t, uint8_t *); int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, uint8_t, uint8_t *); int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, uint8_t, uint8_t *); int16_t d1 = (b2 & (int16_t)15) << 8U | b1; int16_t d2 = b3 << 4U | b2 >> 4U; if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { if (sampled < (size_t)16U) { Eurydice_slice_index(result, sampled, int16_t, int16_t *) = d1; sampled++; } } if (d2 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { if (sampled < (size_t)16U) { Eurydice_slice_index(result, sampled, int16_t, int16_t *) = d2; sampled++; } } } return sampled; } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ static inline size_t libcrux_ml_kem_vector_portable_rej_sample_b8( Eurydice_slice a, Eurydice_slice out) { return libcrux_ml_kem_vector_portable_sampling_rej_sample(a, out); } #define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR ((size_t)10U) #define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE \ (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR / (size_t)8U) #define LIBCRUX_ML_KEM_MLKEM768_RANK ((size_t)3U) #define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE \ (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE * LIBCRUX_ML_KEM_MLKEM768_RANK) #define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR ((size_t)4U) #define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE \ (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR / (size_t)8U) #define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE \ (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE) #define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE \ (LIBCRUX_ML_KEM_MLKEM768_RANK * \ LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) #define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE \ (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE + (size_t)32U) #define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE \ (LIBCRUX_ML_KEM_MLKEM768_RANK * \ LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) #define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) #define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE \ (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) #define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) #define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE \ (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) #define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE \ (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE) typedef libcrux_ml_kem_types_MlKemPrivateKey_d9 libcrux_ml_kem_mlkem768_MlKem768PrivateKey; typedef libcrux_ml_kem_types_MlKemPublicKey_30 libcrux_ml_kem_mlkem768_MlKem768PublicKey; #define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT \ (LIBCRUX_ML_KEM_MLKEM768_RANK * \ LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) #define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE \ (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE + \ LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE + \ LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) /** A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement with types libcrux_ml_kem_vector_portable_vector_type_PortableVector */ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1d_s { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement_1d; /** A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - $3size_t */ typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[3U]; } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_polynomial_ZERO_d6_ea(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_1d lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector repeat_expression[16U]; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { repeat_expression[i] = libcrux_ml_kem_vector_portable_ZERO_b8(); } memcpy(lit.coefficients, repeat_expression, (size_t)16U * sizeof(libcrux_ml_kem_vector_portable_vector_type_PortableVector)); return lit; } /** This function found in impl {core::ops::function::FnMut<(usize), libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, TraitClause@1]> for libcrux_ml_kem::ind_cpa::decrypt::closure[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt.call_mut_0b with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 - VECTOR_U_ENCODED_SIZE= 960 - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_ind_cpa_decrypt_call_mut_0b_42(void **_, size_t tupled_args) { return libcrux_ml_kem_polynomial_ZERO_d6_ea(); } /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ea( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = libcrux_ml_kem_polynomial_ZERO_d6_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice3(serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t *); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_deserialize_12_b8(bytes); re.coefficients[i0] = uu____0; } return re; } /** Call [`deserialize_to_uncompressed_ring_element`] for each ring element. */ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_vector with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_vector_1b( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *secret_as_ntt) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ea( Eurydice_slice_subslice3( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t *)); secret_as_ntt[i0] = uu____0; } } /** This function found in impl {core::ops::function::FnMut<(usize), libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, TraitClause@1]> for libcrux_ml_kem::ind_cpa::deserialize_then_decompress_u::closure[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.call_mut_35 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_call_mut_35_6c( void **_, size_t tupled_args) { return libcrux_ml_kem_polynomial_ZERO_d6_ea(); } /** A monomorphic instance of libcrux_ml_kem.vector.portable.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_ef( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int32_t decompressed = libcrux_secrets_int_as_i32_f5(a.elements[i0]) * libcrux_secrets_int_as_i32_f5( libcrux_secrets_int_public_integers_classify_27_39( LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)10); decompressed = decompressed >> (uint32_t)((int32_t)10 + (int32_t)1); a.elements[i0] = libcrux_secrets_int_as_i16_36(decompressed); } return a; } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ /** A monomorphic instance of libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_b8 with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_b8_ef( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_ef( a); } /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_serialize_deserialize_then_decompress_10_ea( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = libcrux_ml_kem_polynomial_ZERO_d6_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice3(serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t *); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_b8(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_b8_ef( coefficient); re.coefficients[i0] = uu____0; } return re; } /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_0a( Eurydice_slice serialized) { return libcrux_ml_kem_serialize_deserialize_then_decompress_10_ea(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { libcrux_ml_kem_vector_portable_vector_type_PortableVector fst; libcrux_ml_kem_vector_portable_vector_type_PortableVector snd; } libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2; /** A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 libcrux_ml_kem_ntt_ntt_layer_int_vec_step_ea( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_b8(a, &t); a = libcrux_ml_kem_vector_portable_add_b8(a, &t); return (KRML_CLITERAL( libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){.fst = a, .snd = b}); } /** A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { size_t round = i0; zeta_i[0U] = zeta_i[0U] + (size_t)1U; size_t offset = round * step * (size_t)2U; size_t offset_vec = offset / (size_t)16U; size_t step_vec = step / (size_t)16U; for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = libcrux_ml_kem_ntt_ntt_layer_int_vec_step_ea( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd; re->coefficients[j] = x; re->coefficients[j + step_vec] = y; } } } /** A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_ea( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ntt_layer_3_step_b8( re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U])); re->coefficients[round] = uu____0; } } /** A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_ea( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_2_step_b8( re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]), libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)1U)); zeta_i[0U] = zeta_i[0U] + (size_t)1U; } } /** A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_ea( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_1_step_b8( re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]), libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)1U), libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)2U), libcrux_ml_kem_polynomial_zeta(zeta_i[0U] + (size_t)3U)); zeta_i[0U] = zeta_i[0U] + (size_t)3U; } } /** A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_b8( myself->coefficients[i0]); myself->coefficients[i0] = uu____0; } } /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self) { libcrux_ml_kem_polynomial_poly_barrett_reduce_ea(self); } /** A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_0a( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { size_t zeta_i = (size_t)0U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)7U, (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)6U, (size_t)2U * (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)5U, (size_t)3U * (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)4U, (size_t)4U * (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_3_ea(&zeta_i, re, (size_t)5U * (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_2_ea(&zeta_i, re, (size_t)6U * (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_1_ea(&zeta_i, re, (size_t)7U * (size_t)3328U); libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_ea(re); } /** Call [`deserialize_then_decompress_ring_element_u`] on each ring element in the `ciphertext`. */ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { /* original Rust expression is not an lvalue in C */ void *lvalue = (void *)0U; u_as_ntt[i] = libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_call_mut_35_6c( &lvalue, i); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { size_t i0 = i; Eurydice_slice u_bytes = Eurydice_array_to_subslice3( ciphertext, i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t *); u_as_ntt[i0] = libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_0a( u_bytes); libcrux_ml_kem_ntt_ntt_vector_u_0a(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); } /** A monomorphic instance of libcrux_ml_kem.vector.portable.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_d1( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int32_t decompressed = libcrux_secrets_int_as_i32_f5(a.elements[i0]) * libcrux_secrets_int_as_i32_f5( libcrux_secrets_int_public_integers_classify_27_39( LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)4); decompressed = decompressed >> (uint32_t)((int32_t)4 + (int32_t)1); a.elements[i0] = libcrux_secrets_int_as_i16_36(decompressed); } return a; } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ /** A monomorphic instance of libcrux_ml_kem.vector.portable.decompress_ciphertext_coefficient_b8 with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_b8_d1( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_d1( a); } /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_serialize_deserialize_then_decompress_4_ea( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = libcrux_ml_kem_polynomial_ZERO_d6_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice3( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t *); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_b8(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_b8_d1( coefficient); re.coefficients[i0] = uu____0; } return re; } /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_89( Eurydice_slice serialized) { return libcrux_ml_kem_serialize_deserialize_then_decompress_4_ea(serialized); } /** A monomorphic instance of libcrux_ml_kem.polynomial.ZERO with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_polynomial_ZERO_ea(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_1d lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector repeat_expression[16U]; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { repeat_expression[i] = libcrux_ml_kem_vector_portable_ZERO_b8(); } memcpy(lit.coefficients, repeat_expression, (size_t)16U * sizeof(libcrux_ml_kem_vector_portable_vector_type_PortableVector)); return lit; } /** Given two `KyberPolynomialRingElement`s in their NTT representations, compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: ```plaintext ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - ζ^(2·BitRev₇(i) + 1)) ``` This function almost implements Algorithm 10 of the NIST FIPS 203 standard, which is reproduced below: ```plaintext Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. Output: An array ĥ ∈ ℤq. for(i ← 0; i < 128; i++) (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], ζ^(2·BitRev₇(i) + 1)) end for return ĥ ``` We say "almost" because the coefficients of the ring element output by this function are in the Montgomery domain. The NIST FIPS 203 standard can be found at . */ /** A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_polynomial_ntt_multiply_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_1d out = libcrux_ml_kem_polynomial_ZERO_ea(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ntt_multiply_b8( &myself->coefficients[i0], &rhs->coefficients[i0], libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0), libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 + (size_t)1U), libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 + (size_t)2U), libcrux_ml_kem_polynomial_zeta((size_t)64U + (size_t)4U * i0 + (size_t)3U)); out.coefficients[i0] = uu____0; } return out; } /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_polynomial_ntt_multiply_d6_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) { return libcrux_ml_kem_polynomial_ntt_multiply_ea(self, rhs); } /** Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise sum of their constituent coefficients. */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_1b( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, myself->coefficients, libcrux_ml_kem_vector_portable_vector_type_PortableVector), libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_add_b8(myself->coefficients[i0], &rhs->coefficients[i0]); myself->coefficients[i0] = uu____0; } } /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_d6_1b( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) { libcrux_ml_kem_polynomial_add_to_ring_element_1b(self, rhs); } /** A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_ea( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_b8( re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]), libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)1U), libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)2U), libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)3U)); zeta_i[0U] = zeta_i[0U] - (size_t)3U; } } /** A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ea( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_b8( re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U]), libcrux_ml_kem_polynomial_zeta(zeta_i[0U] - (size_t)1U)); zeta_i[0U] = zeta_i[0U] - (size_t)1U; } } /** A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_ea( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_b8( re->coefficients[round], libcrux_ml_kem_polynomial_zeta(zeta_i[0U])); re->coefficients[round] = uu____0; } } /** A monomorphic instance of libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ea( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector a_minus_b = libcrux_ml_kem_vector_portable_sub_b8(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_b8( libcrux_ml_kem_vector_portable_add_b8(a, &b)); b = libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8( a_minus_b, zeta_r); return (KRML_CLITERAL( libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){.fst = a, .snd = b}); } /** A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ea( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { size_t round = i0; zeta_i[0U] = zeta_i[0U] - (size_t)1U; size_t offset = round * step * (size_t)2U; size_t offset_vec = offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; size_t step_vec = step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ea( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd; re->coefficients[j] = x; re->coefficients[j + step_vec] = y; } } } /** A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_ea(&zeta_i, re); libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ea(&zeta_i, re); libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_ea(&zeta_i, re); libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)4U); libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)5U); libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)6U); libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)7U); libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_ea(re); } /** A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_polynomial_subtract_reduce_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself, libcrux_ml_kem_polynomial_PolynomialRingElement_1d b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8( b.coefficients[i0], (int16_t)1441); libcrux_ml_kem_vector_portable_vector_type_PortableVector diff = libcrux_ml_kem_vector_portable_sub_b8(myself->coefficients[i0], &coefficient_normal_form); libcrux_ml_kem_vector_portable_vector_type_PortableVector red = libcrux_ml_kem_vector_portable_barrett_reduce_b8(diff); b.coefficients[i0] = red; } return b; } /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_polynomial_subtract_reduce_d6_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, libcrux_ml_kem_polynomial_PolynomialRingElement_1d b) { return libcrux_ml_kem_polynomial_subtract_reduce_ea(self, b); } /** The following functions compute various expressions involving vectors and matrices. The computation of these expressions has been abstracted away into these functions in order to save on loop iterations. Compute v − InverseNTT(sᵀ ◦ NTT(u)) */ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_matrix_compute_message_1b( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *v, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = libcrux_ml_kem_polynomial_ZERO_d6_ea(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_1d product = libcrux_ml_kem_polynomial_ntt_multiply_d6_ea(&secret_as_ntt[i0], &u_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_d6_1b(&result, &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b(&result); return libcrux_ml_kem_polynomial_subtract_reduce_d6_ea(v, result); } /** A monomorphic instance of libcrux_ml_kem.serialize.to_unsigned_field_modulus with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_serialize_to_unsigned_field_modulus_ea( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { return libcrux_ml_kem_vector_portable_to_unsigned_representative_b8(a); } /** A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void libcrux_ml_kem_serialize_compress_then_serialize_message_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_ea( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_b8(coefficient); uint8_t bytes[2U]; libcrux_ml_kem_vector_portable_serialize_1_b8(coefficient_compressed, bytes); Eurydice_slice_copy( Eurydice_array_to_subslice3(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t *), Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } /** This function implements Algorithm 14 of the NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. Algorithm 14 is reproduced below: ```plaintext Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. Output: message m ∈ 𝔹^{32}. c₁ ← c[0 : 32dᵤk] c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) ŝ ← ByteDecode₁₂(dkₚₖₑ) w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) m ← ByteEncode₁(Compress₁(w)) return m ``` The NIST FIPS 203 standard can be found at . */ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 - VECTOR_U_ENCODED_SIZE= 960 - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_decrypt_unpacked_42( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[3U]; libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_1d v = libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_89( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, uint8_t[])); libcrux_ml_kem_polynomial_PolynomialRingElement_1d message = libcrux_ml_kem_matrix_compute_message_1b(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; libcrux_ml_kem_serialize_compress_then_serialize_message_ea(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 - VECTOR_U_ENCODED_SIZE= 960 - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_decrypt_42( Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 secret_key_unpacked; libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { /* original Rust expression is not an lvalue in C */ void *lvalue = (void *)0U; ret0[i] = libcrux_ml_kem_ind_cpa_decrypt_call_mut_0b_42(&lvalue, i); } memcpy( secret_key_unpacked.secret_as_ntt, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); libcrux_ml_kem_ind_cpa_deserialize_vector_1b( secret_key, secret_key_unpacked.secret_as_ntt); uint8_t ret1[32U]; libcrux_ml_kem_ind_cpa_decrypt_unpacked_42(&secret_key_unpacked, ciphertext, ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); } /** This function found in impl {libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::portable::PortableHash} */ /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_4a with const generics - K= 3 */ static inline void libcrux_ml_kem_hash_functions_portable_G_4a_e0( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ static inline void libcrux_ml_kem_hash_functions_portable_PRF_9e( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } /** This function found in impl {libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::portable::PortableHash} */ /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF_4a with const generics - K= 3 - LEN= 32 */ static inline void libcrux_ml_kem_hash_functions_portable_PRF_4a_41( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_PRF_9e(input, ret); } /** A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - $3size_t */ typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { libcrux_ml_kem_polynomial_PolynomialRingElement_1d t_as_ntt[3U]; uint8_t seed_for_A[32U]; libcrux_ml_kem_polynomial_PolynomialRingElement_1d A[3U][3U]; } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; /** This function found in impl {core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8b with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 libcrux_ml_kem_ind_cpa_unpacked_default_8b_1b(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { uu____0[i] = libcrux_ml_kem_polynomial_ZERO_d6_ea(); } uint8_t uu____1[32U] = {0U}; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1d repeat_expression0[3U][3U]; for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { libcrux_ml_kem_polynomial_PolynomialRingElement_1d repeat_expression[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { repeat_expression[i] = libcrux_ml_kem_polynomial_ZERO_d6_ea(); } memcpy(repeat_expression0[i0], repeat_expression, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); } memcpy(lit.A, repeat_expression0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U])); return lit; } /** Only use with public values. This MUST NOT be used with secret inputs, like its caller `deserialize_ring_elements_reduced`. */ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ea( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = libcrux_ml_kem_polynomial_ZERO_d6_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice3(serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t *); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_12_b8(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_cond_subtract_3329_b8(coefficient); re.coefficients[i0] = uu____0; } return re; } /** See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1b( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; Eurydice_slice ring_element = Eurydice_slice_subslice3( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t *); libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ea( ring_element); deserialized_pk[i0] = uu____0; } } /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PortableHash with const generics - $3size_t */ typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash_88_s { libcrux_sha3_generic_keccak_KeccakState_17 shake128_state[3U]; } libcrux_ml_kem_hash_functions_portable_PortableHash_88; /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_final with const generics - K= 3 */ static inline libcrux_ml_kem_hash_functions_portable_PortableHash_88 libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_e0( uint8_t (*input)[34U]) { libcrux_ml_kem_hash_functions_portable_PortableHash_88 shake128_state; libcrux_sha3_generic_keccak_KeccakState_17 repeat_expression[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { repeat_expression[i] = libcrux_sha3_portable_incremental_shake128_init(); } memcpy(shake128_state.shake128_state, repeat_expression, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_17)); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_sha3_portable_incremental_shake128_absorb_final( &shake128_state.shake128_state[i0], Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t)); } return shake128_state; } /** This function found in impl {libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::portable::PortableHash} */ /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_final_4a with const generics - K= 3 */ static inline libcrux_ml_kem_hash_functions_portable_PortableHash_88 libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_4a_e0( uint8_t (*input)[34U]) { return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_e0( input); } /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 3 */ static inline void libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_e0( libcrux_ml_kem_hash_functions_portable_PortableHash_88 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t)); } memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); } /** This function found in impl {libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::portable::PortableHash} */ /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_4a with const generics - K= 3 */ static inline void libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_4a_e0( libcrux_ml_kem_hash_functions_portable_PortableHash_88 *self, uint8_t ret[3U][504U]) { libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_e0( self, ret); } /** If `bytes` contains a set of uniformly random bytes, this function uniformly samples a ring element `â` that is treated as being the NTT representation of the corresponding polynomial `a`. Since rejection sampling is used, it is possible the supplied bytes are not enough to sample the element, in which case an `Err` is returned and the caller must try again with a fresh set of bytes. This function partially implements Algorithm 6 of the NIST FIPS 203 standard, We say "partially" because this implementation only accepts a finite set of bytes as input and returns an error if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other hand samples from an infinite stream of bytes until the ring element is filled. Algorithm 6 is reproduced below: ```plaintext Input: byte stream B ∈ 𝔹*. Output: array â ∈ ℤ₂₅₆. i ← 0 j ← 0 while j < 256 do d₁ ← B[i] + 256·(B[i+1] mod 16) d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] if d₁ < q then â[j] ← d₁ j ← j + 1 end if if d₂ < q and j < 256 then â[j] ← d₂ j ← j + 1 end if i ← i + 3 end while return â ``` The NIST FIPS 203 standard can be found at . */ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ static KRML_MUSTINLINE bool libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_89( uint8_t (*randomness)[504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { size_t r = i; if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_b8( Eurydice_array_to_subslice3(randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, uint8_t *), Eurydice_array_to_subslice3(out[i1], sampled_coefficients[i1], sampled_coefficients[i1] + (size_t)16U, int16_t *)); size_t uu____0 = i1; sampled_coefficients[uu____0] = sampled_coefficients[uu____0] + sampled; } } } bool done = true; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; } else { done = false; } } return done; } /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 3 */ static inline void libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_e0( libcrux_ml_kem_hash_functions_portable_PortableHash_88 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_next_block( &st->shake128_state[i0], Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t)); } memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); } /** This function found in impl {libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::portable::PortableHash} */ /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_4a with const generics - K= 3 */ static inline void libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_4a_e0( libcrux_ml_kem_hash_functions_portable_PortableHash_88 *self, uint8_t ret[3U][168U]) { libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_e0(self, ret); } /** If `bytes` contains a set of uniformly random bytes, this function uniformly samples a ring element `â` that is treated as being the NTT representation of the corresponding polynomial `a`. Since rejection sampling is used, it is possible the supplied bytes are not enough to sample the element, in which case an `Err` is returned and the caller must try again with a fresh set of bytes. This function partially implements Algorithm 6 of the NIST FIPS 203 standard, We say "partially" because this implementation only accepts a finite set of bytes as input and returns an error if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other hand samples from an infinite stream of bytes until the ring element is filled. Algorithm 6 is reproduced below: ```plaintext Input: byte stream B ∈ 𝔹*. Output: array â ∈ ℤ₂₅₆. i ← 0 j ← 0 while j < 256 do d₁ ← B[i] + 256·(B[i+1] mod 16) d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] if d₁ < q then â[j] ← d₁ j ← j + 1 end if if d₂ < q and j < 256 then â[j] ← d₂ j ← j + 1 end if i ← i + 3 end while return â ``` The NIST FIPS 203 standard can be found at . */ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ static KRML_MUSTINLINE bool libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_890( uint8_t (*randomness)[168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { size_t r = i; if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_b8( Eurydice_array_to_subslice3(randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, uint8_t *), Eurydice_array_to_subslice3(out[i1], sampled_coefficients[i1], sampled_coefficients[i1] + (size_t)16U, int16_t *)); size_t uu____0 = i1; sampled_coefficients[uu____0] = sampled_coefficients[uu____0] + sampled; } } } bool done = true; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; if (sampled_coefficients[i0] >= LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { sampled_coefficients[i0] = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; } else { done = false; } } return done; } /** A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_polynomial_from_i16_array_ea(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = libcrux_ml_kem_polynomial_ZERO_ea(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_from_i16_array_b8( Eurydice_slice_subslice3(a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t *)); result.coefficients[i0] = uu____0; } return result; } /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_polynomial_from_i16_array_d6_ea(Eurydice_slice a) { return libcrux_ml_kem_polynomial_from_i16_array_ea(a); } /** This function found in impl {core::ops::function::FnMut<(@Array), libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, TraitClause@2]> for libcrux_ml_kem::sampling::sample_from_xof::closure[TraitClause@0, TraitClause@1, TraitClause@2, TraitClause@3]} */ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.call_mut_e7 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_sampling_sample_from_xof_call_mut_e7_2b( void **_, int16_t tupled_args[272U]) { int16_t s[272U]; memcpy(s, tupled_args, (size_t)272U * sizeof(int16_t)); return libcrux_ml_kem_polynomial_from_i16_array_d6_ea( Eurydice_array_to_subslice3(s, (size_t)0U, (size_t)256U, int16_t *)); } /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( uint8_t (*seeds)[34U], libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; libcrux_ml_kem_hash_functions_portable_PortableHash_88 xof_state = libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_4a_e0( seeds); uint8_t randomness0[3U][504U]; libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_4a_e0( &xof_state, randomness0); bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_89( randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_4a_e0( &xof_state, randomness); done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_890( randomness, sampled_coefficients, out); } } /* Passing arrays by value in Rust generates a copy in C */ int16_t copy_of_out[3U][272U]; memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { /* original Rust expression is not an lvalue in C */ void *lvalue = (void *)0U; ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_call_mut_e7_2b( &lvalue, copy_of_out[i]); } memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); } /** A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_2b( libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*A_transpose)[3U], uint8_t *seed, bool transpose) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; uint8_t seeds[3U][34U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { core_array__core__clone__Clone_for__Array_T__N___clone( (size_t)34U, seed, seeds[i], uint8_t, void *); } for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j; } libcrux_ml_kem_polynomial_PolynomialRingElement_1d sampled[3U]; libcrux_ml_kem_sampling_sample_from_xof_2b(seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, libcrux_ml_kem_polynomial_PolynomialRingElement_1d), libcrux_ml_kem_polynomial_PolynomialRingElement_1d); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_1d sample = sampled[j]; if (transpose) { A_transpose[j][i1] = sample; } else { A_transpose[i1][j] = sample; } } } } /** A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key_mut with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 - T_AS_NTT_ENCODED_SIZE= 1152 */ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_3f( Eurydice_slice public_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *unpacked_public_key) { Eurydice_slice uu____0 = Eurydice_slice_subslice_to( public_key, (size_t)1152U, uint8_t, size_t, uint8_t[]); libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1b( uu____0, unpacked_public_key->t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from( public_key, (size_t)1152U, uint8_t, size_t, uint8_t[]); libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[3U] = unpacked_public_key->A; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_b6(seed, ret); libcrux_ml_kem_matrix_sample_matrix_A_2b(uu____1, ret, false); } /** A monomorphic instance of libcrux_ml_kem.ind_cpa.build_unpacked_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 - T_AS_NTT_ENCODED_SIZE= 1152 */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 libcrux_ml_kem_ind_cpa_build_unpacked_public_key_3f( Eurydice_slice public_key) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8b_1b(); libcrux_ml_kem_ind_cpa_build_unpacked_public_key_mut_3f(public_key, &unpacked_public_key); return unpacked_public_key; } /** A monomorphic instance of K. with types libcrux_ml_kem_polynomial_PolynomialRingElement libcrux_ml_kem_vector_portable_vector_type_PortableVector[3size_t], libcrux_ml_kem_polynomial_PolynomialRingElement libcrux_ml_kem_vector_portable_vector_type_PortableVector */ typedef struct tuple_ed_s { libcrux_ml_kem_polynomial_PolynomialRingElement_1d fst[3U]; libcrux_ml_kem_polynomial_PolynomialRingElement_1d snd; } tuple_ed; /** This function found in impl {core::ops::function::FnMut<(usize), libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, TraitClause@2]> for libcrux_ml_kem::ind_cpa::encrypt_c1::closure[TraitClause@0, TraitClause@1, TraitClause@2, TraitClause@3]} */ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_c1.call_mut_f1 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 - C1_LEN= 960 - U_COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_ind_cpa_encrypt_c1_call_mut_f1_85(void **_, size_t tupled_args) { return libcrux_ml_kem_polynomial_ZERO_d6_ea(); } /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN with const generics - K= 3 - LEN= 128 */ static inline void libcrux_ml_kem_hash_functions_portable_PRFxN_41( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t)); } memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); } /** This function found in impl {libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::portable::PortableHash} */ /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN_4a with const generics - K= 3 - LEN= 128 */ static inline void libcrux_ml_kem_hash_functions_portable_PRFxN_4a_41( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { libcrux_ml_kem_hash_functions_portable_PRFxN_41(input, ret); } /** Given a series of uniformly random bytes in `randomness`, for some number `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring element from a binomial distribution centered at 0 that uses two sets of `eta` coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: ```plaintext - If v < 0, Pr[v] = Pr[-v] - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) ``` The values `v < 0` are mapped to the appropriate `KyberFieldElement`. The expected value is: ```plaintext E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. ``` And the variance is: ```plaintext Var(X) = E[(X - E[X])^2] = E[X^2] = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2^(2 * ETA)) = ETA / 2 ``` This function implements Algorithm 7 of the NIST FIPS 203 standard, which is reproduced below: ```plaintext Input: byte array B ∈ 𝔹^{64η}. Output: array f ∈ ℤ₂₅₆. b ← BytesToBits(B) for (i ← 0; i < 256; i++) x ← ∑(j=0 to η - 1) b[2iη + j] y ← ∑(j=0 to η - 1) b[2iη + η + j] f[i] ← x−y mod q end for return f ``` The NIST FIPS 203 standard can be found at . */ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ea( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice3( randomness, chunk_number * (size_t)4U, chunk_number * (size_t)4U + (size_t)4U, uint8_t *); uint32_t random_bits_as_u32 = (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, uint8_t *) << 16U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, uint8_t *) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; uint32_t coin_toss_outcomes = even_bits + odd_bits; for (uint32_t i = 0U; i < 32U / 4U; i++) { uint32_t outcome_set = i; uint32_t outcome_set0 = outcome_set * 4U; int16_t outcome_1 = (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); size_t offset = (size_t)(outcome_set0 >> 2U); sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } return libcrux_ml_kem_polynomial_from_i16_array_d6_ea( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_sampling_sample_from_binomial_distribution_a0( Eurydice_slice randomness) { return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ea( randomness); } /** A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector t = libcrux_ml_kem_vector_portable_multiply_by_constant_b8( re->coefficients[j + step], (int16_t)-1600); re->coefficients[j + step] = libcrux_ml_kem_vector_portable_sub_b8(re->coefficients[j], &t); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = libcrux_ml_kem_vector_portable_add_b8(re->coefficients[j], &t); re->coefficients[j] = uu____1; } } /** A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { libcrux_ml_kem_ntt_ntt_at_layer_7_ea(re); size_t zeta_i = (size_t)1U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)6U, (size_t)11207U); libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea(&zeta_i, re, (size_t)5U, (size_t)11207U + (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ea( &zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_3_ea( &zeta_i, re, (size_t)11207U + (size_t)3U * (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_2_ea( &zeta_i, re, (size_t)11207U + (size_t)4U * (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_1_ea( &zeta_i, re, (size_t)11207U + (size_t)5U * (size_t)3328U); libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_ea(re); } /** Sample a vector of ring elements from a centered binomial distribution and convert them into their NTT representations. */ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE uint8_t libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re_as_ntt, uint8_t *prf_input, uint8_t domain_separator) { uint8_t prf_inputs[3U][33U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { core_array__core__clone__Clone_for__Array_T__N___clone( (size_t)33U, prf_input, prf_inputs[i], uint8_t, void *); } domain_separator = libcrux_ml_kem_utils_prf_input_inc_e0(prf_inputs, domain_separator); uint8_t prf_outputs[3U][128U]; libcrux_ml_kem_hash_functions_portable_PRFxN_4a_41(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = libcrux_ml_kem_sampling_sample_from_binomial_distribution_a0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_ea(&re_as_ntt[i0]); } return domain_separator; } /** This function found in impl {core::ops::function::FnMut<(usize), libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, TraitClause@2]> for libcrux_ml_kem::ind_cpa::encrypt_c1::closure#1[TraitClause@0, TraitClause@1, TraitClause@2, TraitClause@3]} */ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_c1.call_mut_dd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 - C1_LEN= 960 - U_COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_ind_cpa_encrypt_c1_call_mut_dd_85(void **_, size_t tupled_args) { return libcrux_ml_kem_polynomial_ZERO_d6_ea(); } /** Sample a vector of ring elements from a centered binomial distribution. */ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ static KRML_MUSTINLINE uint8_t libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_3b( uint8_t *prf_input, uint8_t domain_separator, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_1) { uint8_t prf_inputs[3U][33U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { core_array__core__clone__Clone_for__Array_T__N___clone( (size_t)33U, prf_input, prf_inputs[i], uint8_t, void *); } domain_separator = libcrux_ml_kem_utils_prf_input_inc_e0(prf_inputs, domain_separator); uint8_t prf_outputs[3U][128U]; libcrux_ml_kem_hash_functions_portable_PRFxN_4a_41(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = libcrux_ml_kem_sampling_sample_from_binomial_distribution_a0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____0; } return domain_separator; } /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ static inline void libcrux_ml_kem_hash_functions_portable_PRF_a6( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } /** This function found in impl {libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::portable::PortableHash} */ /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF_4a with const generics - K= 3 - LEN= 128 */ static inline void libcrux_ml_kem_hash_functions_portable_PRF_4a_410( Eurydice_slice input, uint8_t ret[128U]) { libcrux_ml_kem_hash_functions_portable_PRF_a6(input, ret); } /** This function found in impl {core::ops::function::FnMut<(usize), libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, TraitClause@1]> for libcrux_ml_kem::matrix::compute_vector_u::closure[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u.call_mut_a8 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_matrix_compute_vector_u_call_mut_a8_1b(void **_, size_t tupled_args) { return libcrux_ml_kem_polynomial_ZERO_d6_ea(); } /** A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8( myself->coefficients[j], (int16_t)1441); libcrux_ml_kem_vector_portable_vector_type_PortableVector sum = libcrux_ml_kem_vector_portable_add_b8(coefficient_normal_form, &error->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector red = libcrux_ml_kem_vector_portable_barrett_reduce_b8(sum); myself->coefficients[j] = red; } } /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) { libcrux_ml_kem_polynomial_add_error_reduce_ea(self, error); } /** Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ */ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_1b( libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1d result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { /* original Rust expression is not an lvalue in C */ void *lvalue = (void *)0U; result[i] = libcrux_ml_kem_matrix_compute_vector_u_call_mut_a8_1b(&lvalue, i); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]), libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_1d), libcrux_ml_kem_polynomial_PolynomialRingElement_1d); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_1d *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_1d product = libcrux_ml_kem_polynomial_ntt_multiply_d6_ea(a_element, &r_as_ntt[j]); libcrux_ml_kem_polynomial_add_to_ring_element_d6_1b(&result[i1], &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b(&result[i1]); libcrux_ml_kem_polynomial_add_error_reduce_d6_ea(&result[i1], &error_1[i1]); } memcpy( ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); } /** A monomorphic instance of libcrux_ml_kem.vector.portable.compress.compress with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_compress_compress_ef( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int16_t uu____0 = libcrux_secrets_int_as_i16_f5( libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( (uint8_t)(int32_t)10, libcrux_secrets_int_as_u16_f5(a.elements[i0]))); a.elements[i0] = uu____0; } return a; } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ /** A monomorphic instance of libcrux_ml_kem.vector.portable.compress_b8 with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_compress_b8_ef( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { return libcrux_ml_kem_vector_portable_compress_compress_ef(a); } /** A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void libcrux_ml_kem_serialize_compress_then_serialize_10_ff( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_compress_b8_ef( libcrux_ml_kem_serialize_to_unsigned_field_modulus_ea( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_b8(coefficient, bytes); Eurydice_slice_copy( Eurydice_array_to_subslice3(serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t *), Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } /** A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ static KRML_MUSTINLINE void libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_fe( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; libcrux_ml_kem_serialize_compress_then_serialize_10_ff(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } /** Call [`compress_then_serialize_ring_element_u`] on each ring element. */ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - OUT_LEN= 960 - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_43( libcrux_ml_kem_polynomial_PolynomialRingElement_1d input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, libcrux_ml_kem_polynomial_PolynomialRingElement_1d), libcrux_ml_kem_polynomial_PolynomialRingElement_1d); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice3( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t *); uint8_t ret[320U]; libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_fe(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_c1 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 - C1_LEN= 960 - U_COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE tuple_ed libcrux_ml_kem_ind_cpa_encrypt_c1_85( Eurydice_slice randomness, libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*matrix)[3U], Eurydice_slice ciphertext) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_c8(randomness, prf_input); libcrux_ml_kem_polynomial_PolynomialRingElement_1d r_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { /* original Rust expression is not an lvalue in C */ void *lvalue = (void *)0U; r_as_ntt[i] = libcrux_ml_kem_ind_cpa_encrypt_c1_call_mut_f1_85(&lvalue, i); } uint8_t domain_separator0 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b(r_as_ntt, prf_input, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { /* original Rust expression is not an lvalue in C */ void *lvalue = (void *)0U; error_1[i] = libcrux_ml_kem_ind_cpa_encrypt_c1_call_mut_dd_85(&lvalue, i); } uint8_t domain_separator = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_3b( prf_input, domain_separator0, error_1); prf_input[32U] = domain_separator; uint8_t prf_output[128U]; libcrux_ml_kem_hash_functions_portable_PRF_4a_410( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_2 = libcrux_ml_kem_sampling_sample_from_binomial_distribution_a0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1d u[3U]; libcrux_ml_kem_matrix_compute_vector_u_1b(matrix, r_as_ntt, error_1, u); libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[3U]; memcpy( uu____0, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); libcrux_ml_kem_ind_cpa_compress_then_serialize_u_43(uu____0, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_r_as_ntt[3U]; memcpy( copy_of_r_as_ntt, r_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); tuple_ed lit; memcpy( lit.fst, copy_of_r_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); lit.snd = error_2; return lit; } /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_serialize_deserialize_then_decompress_message_ea( uint8_t *serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = libcrux_ml_kem_polynomial_ZERO_d6_ea(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_deserialize_1_b8( Eurydice_array_to_subslice3(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t *)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_decompress_1_b8(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; } /** A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_polynomial_add_message_error_reduce_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message, libcrux_ml_kem_polynomial_PolynomialRingElement_1d result) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8( result.coefficients[i0], (int16_t)1441); libcrux_ml_kem_vector_portable_vector_type_PortableVector sum1 = libcrux_ml_kem_vector_portable_add_b8(myself->coefficients[i0], &message->coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector sum2 = libcrux_ml_kem_vector_portable_add_b8(coefficient_normal_form, &sum1); libcrux_ml_kem_vector_portable_vector_type_PortableVector red = libcrux_ml_kem_vector_portable_barrett_reduce_b8(sum2); result.coefficients[i0] = red; } return result; } /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_polynomial_add_message_error_reduce_d6_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message, libcrux_ml_kem_polynomial_PolynomialRingElement_1d result) { return libcrux_ml_kem_polynomial_add_message_error_reduce_ea(self, message, result); } /** Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message */ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_matrix_compute_ring_element_v_1b( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = libcrux_ml_kem_polynomial_ZERO_d6_ea(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_1d product = libcrux_ml_kem_polynomial_ntt_multiply_d6_ea(&t_as_ntt[i0], &r_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_d6_1b(&result, &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_1b(&result); return libcrux_ml_kem_polynomial_add_message_error_reduce_d6_ea( error_2, message, result); } /** A monomorphic instance of libcrux_ml_kem.vector.portable.compress.compress with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_compress_compress_d1( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int16_t uu____0 = libcrux_secrets_int_as_i16_f5( libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( (uint8_t)(int32_t)4, libcrux_secrets_int_as_u16_f5(a.elements[i0]))); a.elements[i0] = uu____0; } return a; } /** This function found in impl {libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector} */ /** A monomorphic instance of libcrux_ml_kem.vector.portable.compress_b8 with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_compress_b8_d1( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { return libcrux_ml_kem_vector_portable_compress_compress_d1(a); } /** A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void libcrux_ml_kem_serialize_compress_then_serialize_4_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_compress_b8_d1( libcrux_ml_kem_serialize_to_unsigned_field_modulus_ea( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_b8(coefficient, bytes); Eurydice_slice_copy( Eurydice_slice_subslice3(serialized, (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t *), Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); } } /** A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ static KRML_MUSTINLINE void libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6c( libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, Eurydice_slice out) { libcrux_ml_kem_serialize_compress_then_serialize_4_ea(re, out); } /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_c2 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - V_COMPRESSION_FACTOR= 4 - C2_LEN= 128 */ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_c2_6c( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_2, uint8_t *message, Eurydice_slice ciphertext) { libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element = libcrux_ml_kem_serialize_deserialize_then_decompress_message_ea(message); libcrux_ml_kem_polynomial_PolynomialRingElement_1d v = libcrux_ml_kem_matrix_compute_ring_element_v_1b( t_as_ntt, r_as_ntt, error_2, &message_as_ring_element); libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6c( v, ciphertext); } /** This function implements Algorithm 13 of the NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. Algorithm 13 is reproduced below: ```plaintext Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. Input: message m ∈ 𝔹^{32}. Input: encryption randomness r ∈ 𝔹^{32}. Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. N ← 0 t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) ρ ← ekₚₖₑ[384k: 384k + 32] for (i ← 0; i < k; i++) for(j ← 0; j < k; j++) Â[i,j] ← SampleNTT(XOF(ρ, i, j)) end for end for for(i ← 0; i < k; i++) r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) N ← N + 1 end for for(i ← 0; i < k; i++) e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) N ← N + 1 end for e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) r̂ ← NTT(r) u ← NTT-¹(Âᵀ ◦ r̂) + e₁ μ ← Decompress₁(ByteDecode₁(m))) v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) return c ← (c₁ ‖ c₂) ``` The NIST FIPS 203 standard can be found at . */ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 - T_AS_NTT_ENCODED_SIZE= 1152 - C1_LEN= 960 - C2_LEN= 128 - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 - BLOCK_LEN= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t *message, Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t ciphertext[1088U] = {0U}; tuple_ed uu____0 = libcrux_ml_kem_ind_cpa_encrypt_c1_85( randomness, public_key->A, Eurydice_array_to_subslice3(ciphertext, (size_t)0U, (size_t)960U, uint8_t *)); libcrux_ml_kem_polynomial_PolynomialRingElement_1d r_as_ntt[3U]; memcpy( r_as_ntt, uu____0.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_2 = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____1 = public_key->t_as_ntt; libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____2 = r_as_ntt; libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____3 = &error_2; uint8_t *uu____4 = message; libcrux_ml_kem_ind_cpa_encrypt_c2_6c( uu____1, uu____2, uu____3, uu____4, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, uint8_t[])); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 - T_AS_NTT_ENCODED_SIZE= 1152 - C1_LEN= 960 - C2_LEN= 128 - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 - BLOCK_LEN= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_encrypt_2a( Eurydice_slice public_key, uint8_t *message, Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 unpacked_public_key = libcrux_ml_kem_ind_cpa_build_unpacked_public_key_3f(public_key); uint8_t ret0[1088U]; libcrux_ml_kem_ind_cpa_encrypt_unpacked_2a(&unpacked_public_key, message, randomness, ret0); memcpy(ret, ret0, (size_t)1088U * sizeof(uint8_t)); } /** This function found in impl {libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem} */ /** A monomorphic instance of libcrux_ml_kem.variant.kdf_39 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_39_d6( Eurydice_slice shared_secret, uint8_t *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } /** This code verifies on some machines, runs out of memory on others */ /** A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], libcrux_ml_kem_variant_MlKem with const generics - K= 3 - SECRET_KEY_SIZE= 2400 - CPA_SECRET_KEY_SIZE= 1152 - PUBLIC_KEY_SIZE= 1184 - CIPHERTEXT_SIZE= 1088 - T_AS_NTT_ENCODED_SIZE= 1152 - C1_SIZE= 960 - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 - C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_decapsulate_62( libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x4 uu____0 = libcrux_ml_kem_types_unpack_private_key_b4( Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t)); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice ind_cpa_public_key = uu____0.snd; Eurydice_slice ind_cpa_public_key_hash = uu____0.thd; Eurydice_slice implicit_rejection_value = uu____0.f3; uint8_t decrypted[32U]; libcrux_ml_kem_ind_cpa_decrypt_42(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_24( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, uint8_t[]), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_portable_G_4a_e0( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; libcrux_ml_kem_utils_into_padded_array_15(implicit_rejection_value, to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, uint8_t[]); Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_d3_80(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_4a_41( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); uint8_t expected_ciphertext[1088U]; libcrux_ml_kem_ind_cpa_encrypt_2a(ind_cpa_public_key, decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_variant_kdf_39_d6( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), libcrux_ml_kem_types_as_slice_a9_80(ciphertext), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; libcrux_ml_kem_variant_kdf_39_d6( shared_secret0, libcrux_ml_kem_types_as_slice_a9_80(ciphertext), shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( libcrux_ml_kem_types_as_ref_d3_80(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } /** Portable decapsulate */ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - K= 3 - SECRET_KEY_SIZE= 2400 - CPA_SECRET_KEY_SIZE= 1152 - PUBLIC_KEY_SIZE= 1184 - CIPHERTEXT_SIZE= 1088 - T_AS_NTT_ENCODED_SIZE= 1152 - C1_SIZE= 960 - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 - C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_35( libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_62(private_key, ciphertext, ret); } /** Decapsulate ML-KEM 768 Generates an [`MlKemSharedSecret`]. The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. */ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_35( private_key, ciphertext, ret); } /** This function found in impl {libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem} */ /** A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_39 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_39_9c( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } /** This function found in impl {libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::portable::PortableHash} */ /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_4a with const generics - K= 3 */ static inline void libcrux_ml_kem_hash_functions_portable_H_4a_e0( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], libcrux_ml_kem_variant_MlKem with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 - PUBLIC_KEY_SIZE= 1184 - T_AS_NTT_ENCODED_SIZE= 1152 - C1_SIZE= 960 - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 - C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE tuple_c2 libcrux_ml_kem_ind_cca_encapsulate_ca( libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, uint8_t *randomness) { uint8_t randomness0[32U]; libcrux_ml_kem_variant_entropy_preprocess_39_9c( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_24( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, uint8_t[]); uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_portable_H_4a_e0( Eurydice_array_to_slice((size_t)1184U, libcrux_ml_kem_types_as_slice_e6_d0(public_key), uint8_t), ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_portable_G_4a_e0( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t ciphertext[1088U]; libcrux_ml_kem_ind_cpa_encrypt_2a( Eurydice_array_to_slice((size_t)1184U, libcrux_ml_kem_types_as_slice_e6_d0(public_key), uint8_t), randomness0, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); tuple_c2 lit; lit.fst = libcrux_ml_kem_types_from_e0_80(copy_of_ciphertext); uint8_t ret[32U]; libcrux_ml_kem_variant_kdf_39_d6(shared_secret, ciphertext, ret); memcpy(lit.snd, ret, (size_t)32U * sizeof(uint8_t)); return lit; } /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 - PUBLIC_KEY_SIZE= 1184 - T_AS_NTT_ENCODED_SIZE= 1152 - C1_SIZE= 960 - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 - C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_c2 libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_cd( libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, uint8_t *randomness) { return libcrux_ml_kem_ind_cca_encapsulate_ca(public_key, randomness); } /** Encapsulate ML-KEM 768 Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] bytes of `randomness`. */ tuple_c2 libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, uint8_t randomness[32U]) { return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_cd( public_key, randomness); } /** This function found in impl {core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_70 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 libcrux_ml_kem_ind_cpa_unpacked_default_70_1b(void) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 lit; libcrux_ml_kem_polynomial_PolynomialRingElement_1d repeat_expression[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { repeat_expression[i] = libcrux_ml_kem_polynomial_ZERO_d6_ea(); } memcpy( lit.secret_as_ntt, repeat_expression, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); return lit; } /** This function found in impl {libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem} */ /** A monomorphic instance of libcrux_ml_kem.variant.cpa_keygen_seed_39 with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_39_9c( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( Eurydice_array_to_subslice3( seed, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t *), key_generation_seed, uint8_t); seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)3U; uint8_t ret0[64U]; libcrux_ml_kem_hash_functions_portable_G_4a_e0( Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } /** This function found in impl {core::ops::function::FnMut<(usize), libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, TraitClause@3]> for libcrux_ml_kem::ind_cpa::generate_keypair_unpacked::closure[TraitClause@0, TraitClause@1, TraitClause@2, TraitClause@3, TraitClause@4, TraitClause@5]} */ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked.call_mut_73 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], libcrux_ml_kem_variant_MlKem with const generics - K= 3 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_call_mut_73_1c( void **_, size_t tupled_args) { return libcrux_ml_kem_polynomial_ZERO_d6_ea(); } /** A monomorphic instance of libcrux_ml_kem.polynomial.to_standard_domain with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_polynomial_to_standard_domain_ea( libcrux_ml_kem_vector_portable_vector_type_PortableVector vector) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_b8( vector, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } /** A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_standard_error_reduce_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *myself, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = libcrux_ml_kem_polynomial_to_standard_domain_ea( myself->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector sum = libcrux_ml_kem_vector_portable_add_b8(coefficient_normal_form, &error->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector red = libcrux_ml_kem_vector_portable_barrett_reduce_b8(sum); myself->coefficients[j] = red; } } /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) { libcrux_ml_kem_polynomial_add_standard_error_reduce_ea(self, error); } /** Compute Â ◦ ŝ + ê */ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_1b( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_1d *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_as_ntt) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]), libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0]; libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = libcrux_ml_kem_polynomial_ZERO_d6_ea(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_1d), libcrux_ml_kem_polynomial_PolynomialRingElement_1d); i1++) { size_t j = i1; libcrux_ml_kem_polynomial_PolynomialRingElement_1d *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_1d product = libcrux_ml_kem_polynomial_ntt_multiply_d6_ea(matrix_element, &s_as_ntt[j]); libcrux_ml_kem_polynomial_add_to_ring_element_d6_1b(&t_as_ntt[i0], &product); } libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_ea( &t_as_ntt[i0], &error_as_ntt[i0]); } } /** This function implements most of Algorithm 12 of the NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation algorithm. We say "most of" since Algorithm 12 samples the required randomness within the function itself, whereas this implementation expects it to be provided through the `key_generation_seed` parameter. Algorithm 12 is reproduced below: ```plaintext Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. d ←$ B (ρ,σ) ← G(d) N ← 0 for (i ← 0; i < k; i++) for(j ← 0; j < k; j++) Â[i,j] ← SampleNTT(XOF(ρ, i, j)) end for end for for(i ← 0; i < k; i++) s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) N ← N + 1 end for for(i ← 0; i < k; i++) e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) N ← N + 1 end for ŝ ← NTT(s) ê ← NTT(e) t̂ ← Â◦ŝ + ê ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ dkₚₖₑ ← ByteEncode₁₂(ŝ) ``` The NIST FIPS 203 standard can be found at . */ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], libcrux_ml_kem_variant_MlKem with const generics - K= 3 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c( Eurydice_slice key_generation_seed, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) { uint8_t hashed[64U]; libcrux_ml_kem_variant_cpa_keygen_seed_39_9c(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[3U] = public_key->A; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_b6(seed_for_A, ret); libcrux_ml_kem_matrix_sample_matrix_A_2b(uu____1, ret, true); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_c8(seed_for_secret_and_error, prf_input); uint8_t domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b( private_key->secret_as_ntt, prf_input, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { /* original Rust expression is not an lvalue in C */ void *lvalue = (void *)0U; error_as_ntt[i] = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_call_mut_73_1c(&lvalue, i); } libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3b(error_as_ntt, prf_input, domain_separator); libcrux_ml_kem_matrix_compute_As_plus_e_1b( public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____2[32U]; Result_fb dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U], TryFromSliceError); unwrap_26_b3(dst, uu____2); memcpy(public_key->seed_for_A, uu____2, (size_t)32U * sizeof(uint8_t)); } /** A monomorphic instance of libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_ea( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_b8(coefficient, bytes); Eurydice_slice_copy( Eurydice_array_to_subslice3(serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t *), Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } /** Call [`serialize_uncompressed_ring_element`] for each ring element. */ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_vector with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_vector_1b( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *key, Eurydice_slice out) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, libcrux_ml_kem_polynomial_PolynomialRingElement_1d), libcrux_ml_kem_polynomial_PolynomialRingElement_1d); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = key[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice3( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t *); uint8_t ret[384U]; libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_ea(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret, uint8_t), uint8_t); } } /** Concatenate `t` and `ρ` into the public key. */ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_89( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { libcrux_ml_kem_ind_cpa_serialize_vector_1b( t_as_ntt, Eurydice_array_to_subslice3( serialized, (size_t)0U, libcrux_ml_kem_constants_ranked_bytes_per_ring_element((size_t)3U), uint8_t *)); Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)1184U, serialized, libcrux_ml_kem_constants_ranked_bytes_per_ring_element((size_t)3U), uint8_t, size_t, uint8_t[]), seed_for_a, uint8_t); } /** Concatenate `t` and `ρ` into the public key. */ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_89( libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; libcrux_ml_kem_ind_cpa_serialize_public_key_mut_89(t_as_ntt, seed_for_a, public_key_serialized); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } /** Serialize the secret key from the unpacked key pair generation. */ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_unpacked_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - PRIVATE_KEY_SIZE= 1152 - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_6c( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key) { uint8_t public_key_serialized[1184U]; libcrux_ml_kem_ind_cpa_serialize_public_key_89( public_key->t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key->seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U] = {0U}; libcrux_ml_kem_ind_cpa_serialize_vector_1b( private_key->secret_as_ntt, Eurydice_array_to_slice((size_t)1152U, secret_key_serialized, uint8_t)); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key_serialized[1184U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; memcpy(lit.fst, copy_of_secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); memcpy(lit.snd, copy_of_public_key_serialized, (size_t)1184U * sizeof(uint8_t)); return lit; } /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], libcrux_ml_kem_variant_MlKem with const generics - K= 3 - PRIVATE_KEY_SIZE= 1152 - PUBLIC_KEY_SIZE= 1184 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE libcrux_ml_kem_utils_extraction_helper_Keypair768 libcrux_ml_kem_ind_cpa_generate_keypair_ea(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = libcrux_ml_kem_ind_cpa_unpacked_default_70_1b(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8b_1b(); libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1c( key_generation_seed, &private_key, &public_key); return libcrux_ml_kem_ind_cpa_serialize_unpacked_secret_key_6c(&public_key, &private_key); } /** Serialize the secret key. */ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key_mut with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_mut_d6( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t *serialized) { size_t pointer = (size_t)0U; uint8_t *uu____0 = serialized; size_t uu____1 = pointer; size_t uu____2 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice3( uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), uint8_t *), private_key, uint8_t); pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = serialized; size_t uu____4 = pointer; size_t uu____5 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice3( uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), uint8_t *), public_key, uint8_t); pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice3( serialized, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t *); uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_4a_e0(public_key, ret); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = serialized; size_t uu____8 = pointer; size_t uu____9 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice3( uu____7, uu____8, uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), uint8_t *), implicit_rejection_value, uint8_t); } /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d6( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; libcrux_ml_kem_ind_cca_serialize_kem_secret_key_mut_d6( private_key, public_key, implicit_rejection_value, out); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } /** Packed API Generate a key pair. Depending on the `Vector` and `Hasher` used, this requires different hardware features */ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], libcrux_ml_kem_variant_MlKem with const generics - K= 3 - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_generate_keypair_15(uint8_t *randomness) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice3( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t *); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, uint8_t[]); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_ea(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d6( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[2400U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_d9 private_key = libcrux_ml_kem_types_from_77_28(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_d9 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_17_74( uu____2, libcrux_ml_kem_types_from_fd_d0(copy_of_public_key)); } /** Portable generate key pair. */ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const generics - K= 3 - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ce( uint8_t *randomness) { return libcrux_ml_kem_ind_cca_generate_keypair_15(randomness); } /** Generate ML-KEM 768 Key Pair */ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ce( randomness); } /** This function found in impl {core::ops::function::FnMut<(usize), libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, TraitClause@1]> for libcrux_ml_kem::serialize::deserialize_ring_elements_reduced_out::closure[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out.call_mut_0b with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1d libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_call_mut_0b_1b( void **_, size_t tupled_args) { return libcrux_ml_kem_polynomial_ZERO_d6_ea(); } /** This function deserializes ring elements and reduces the result by the field modulus. This function MUST NOT be used on secret inputs. */ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_1b( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1d deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { /* original Rust expression is not an lvalue in C */ void *lvalue = (void *)0U; deserialized_pk[i] = libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_call_mut_0b_1b( &lvalue, i); } libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_1b( public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); } /** Validate an ML-KEM public key. This implements the Modulus check in 7.2 2. Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the `public_key` type. */ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_89( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_1d deserialized_pk[3U]; libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_1b( Eurydice_array_to_subslice_to( (size_t)1184U, public_key, libcrux_ml_kem_constants_ranked_bytes_per_ring_element((size_t)3U), uint8_t, size_t, uint8_t[]), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; libcrux_ml_kem_ind_cpa_serialize_public_key_89( uu____0, Eurydice_array_to_subslice_from( (size_t)1184U, public_key, libcrux_ml_kem_constants_ranked_bytes_per_ring_element((size_t)3U), uint8_t, size_t, uint8_t[]), public_key_serialized); return Eurydice_array_eq((size_t)1184U, public_key, public_key_serialized, uint8_t); } /** Public key validation */ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const generics - K= 3 - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_41( uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_89(public_key); } /** Validate a public key. Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_30 *public_key) { return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_41( public_key->value); } #if defined(__cplusplus) } #endif #define libcrux_mlkem768_portable_H_DEFINED #endif /* libcrux_mlkem768_portable_H */ /* rename some types to be a bit more ergonomic */ #define libcrux_mlkem768_keypair libcrux_ml_kem_mlkem768_MlKem768KeyPair_s #define libcrux_mlkem768_pk libcrux_ml_kem_types_MlKemPublicKey_30_s #define libcrux_mlkem768_sk libcrux_ml_kem_types_MlKemPrivateKey_d9_s #define libcrux_mlkem768_ciphertext libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s #define libcrux_mlkem768_enc_result tuple_c2_s /* defines for PRNG inputs */ #define LIBCRUX_ML_KEM_KEY_PAIR_PRNG_LEN 64U #define LIBCRUX_ML_KEM_ENC_PRNG_LEN 32