From 393d2d8508f1e7a7cb1b94dacd4151bc5b3d0480 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 19 Jun 2024 09:44:16 +0200 Subject: [PATCH 1/7] wip --- libcrux-ml-kem/src/vector/neon.rs | 9 +- libcrux-ml-kem/src/vector/neon/rejsample.rs | 33 - libcrux-ml-kem/src/vector/neon/simd128ops.rs | 852 ------------------- 3 files changed, 8 insertions(+), 886 deletions(-) delete mode 100644 libcrux-ml-kem/src/vector/neon/rejsample.rs delete mode 100644 libcrux-ml-kem/src/vector/neon/simd128ops.rs diff --git a/libcrux-ml-kem/src/vector/neon.rs b/libcrux-ml-kem/src/vector/neon.rs index a409ee1c2..ced188c61 100644 --- a/libcrux-ml-kem/src/vector/neon.rs +++ b/libcrux-ml-kem/src/vector/neon.rs @@ -3,9 +3,16 @@ use super::{Operations, FIELD_MODULUS}; // mod rejsample; +mod vector_type; +mod arithmetic; +mod compress; +mod ntt; +mod serialize; mod simd128ops; -pub(crate) use simd128ops::SIMD128Vector; +pub(crate) use vector_type::SIMD128Vector; +use vector_type::*; +use arithmetic::*; use simd128ops::*; // This is an empty shell, calling into standalone functions in `simd128ops`. diff --git a/libcrux-ml-kem/src/vector/neon/rejsample.rs b/libcrux-ml-kem/src/vector/neon/rejsample.rs deleted file mode 100644 index 393762719..000000000 --- a/libcrux-ml-kem/src/vector/neon/rejsample.rs +++ /dev/null @@ -1,33 +0,0 @@ -#![forbid(unsafe_code)] - -use super::intrinsics::*; -use crate::vector::rej_sample_table::REJECTION_SAMPLE_SHUFFLE_TABLE; - -#[inline(always)] -pub(crate) fn rej_sample(a: &[u8], out: &mut [i16]) -> usize { - let neon_bits: [u16; 8] = [0x1, 0x2, 0x4, 0x8, 0x10, 0x20, 0x40, 0x80]; - let bits = _vld1q_u16(&neon_bits); - let fm = _vdupq_n_s16(3328); - - let input = super::simd128ops::deserialize_12(a); - let mask0 = _vcleq_s16(input.low, fm); - let mask1 = _vcleq_s16(input.high, fm); - let masked = _vandq_u16(mask0, bits); - let used0 = _vaddvq_u16(masked); - let masked = _vandq_u16(mask1, bits); - let used1 = _vaddvq_u16(masked); - let pick0 = used0.count_ones(); - let pick1 = used1.count_ones(); - - // XXX: the indices used0 and used1 must be < 256. - let index_vec0 = _vld1q_u8(&REJECTION_SAMPLE_SHUFFLE_TABLE[(used0 as u8) as usize]); - let shifted0 = _vreinterpretq_s16_u8(_vqtbl1q_u8(_vreinterpretq_u8_s16(input.low), index_vec0)); - let index_vec1 = _vld1q_u8(&REJECTION_SAMPLE_SHUFFLE_TABLE[(used1 as u8) as usize]); - let shifted1 = - _vreinterpretq_s16_u8(_vqtbl1q_u8(_vreinterpretq_u8_s16(input.high), index_vec1)); - - let idx0 = pick0 as usize; - _vst1q_s16(&mut out[0..8], shifted0); - _vst1q_s16(&mut out[idx0..idx0 + 8], shifted1); - (pick0 + pick1) as usize -} diff --git a/libcrux-ml-kem/src/vector/neon/simd128ops.rs b/libcrux-ml-kem/src/vector/neon/simd128ops.rs deleted file mode 100644 index 2bb4800c1..000000000 --- a/libcrux-ml-kem/src/vector/neon/simd128ops.rs +++ /dev/null @@ -1,852 +0,0 @@ -use crate::vector::traits::INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; - -use super::FIELD_MODULUS; -use libcrux_intrinsics::arm64::*; - -#[derive(Clone, Copy)] -pub struct SIMD128Vector { - pub low: _int16x8_t, - pub high: _int16x8_t, -} - -#[allow(non_snake_case)] -#[inline(always)] -pub(crate) fn ZERO() -> SIMD128Vector { - SIMD128Vector { - low: _vdupq_n_s16(0), - high: _vdupq_n_s16(0), - } -} - -#[inline(always)] -pub(crate) fn to_i16_array(v: SIMD128Vector) -> [i16; 16] { - let mut out = [0i16; 16]; - _vst1q_s16(&mut out[0..8], v.low); - _vst1q_s16(&mut out[8..16], v.high); - out -} - -#[inline(always)] -pub(crate) fn from_i16_array(array: &[i16]) -> SIMD128Vector { - SIMD128Vector { - low: _vld1q_s16(&array[0..8]), - high: _vld1q_s16(&array[8..16]), - } -} - -#[inline(always)] -pub(crate) fn add(mut lhs: SIMD128Vector, rhs: &SIMD128Vector) -> SIMD128Vector { - lhs.low = _vaddq_s16(lhs.low, rhs.low); - lhs.high = _vaddq_s16(lhs.high, rhs.high); - lhs -} - -#[inline(always)] -pub(crate) fn sub(mut lhs: SIMD128Vector, rhs: &SIMD128Vector) -> SIMD128Vector { - lhs.low = _vsubq_s16(lhs.low, rhs.low); - lhs.high = _vsubq_s16(lhs.high, rhs.high); - lhs -} - -#[inline(always)] -pub(crate) fn multiply_by_constant(mut v: SIMD128Vector, c: i16) -> SIMD128Vector { - v.low = _vmulq_n_s16(v.low, c); - v.high = _vmulq_n_s16(v.high, c); - v -} - -#[inline(always)] -pub(crate) fn bitwise_and_with_constant(mut v: SIMD128Vector, c: i16) -> SIMD128Vector { - let c = _vdupq_n_s16(c); - v.low = _vandq_s16(v.low, c); - v.high = _vandq_s16(v.high, c); - v -} - -#[inline(always)] -pub(crate) fn shift_right(mut v: SIMD128Vector) -> SIMD128Vector { - // Should find special cases of this - // e.g when doing a right shift just to propagate signed bits, use vclezq_s32 instead - v.low = _vshrq_n_s16::(v.low); - v.high = _vshrq_n_s16::(v.high); - v -} - -// #[inline(always)] -// pub(crate) fn shift_left(mut lhs: SIMD128Vector) -> SIMD128Vector { -// lhs.low = _vshlq_n_s16::(lhs.low); -// lhs.high = _vshlq_n_s16::(lhs.high); -// lhs -// } - -#[inline(always)] -pub(crate) fn cond_subtract_3329(mut v: SIMD128Vector) -> SIMD128Vector { - let c = _vdupq_n_s16(3329); - let m0 = _vcgeq_s16(v.low, c); - let m1 = _vcgeq_s16(v.high, c); - let c0 = _vandq_s16(c, _vreinterpretq_s16_u16(m0)); - let c1 = _vandq_s16(c, _vreinterpretq_s16_u16(m1)); - v.low = _vsubq_s16(v.low, c0); - v.high = _vsubq_s16(v.high, c1); - v -} - -const BARRETT_MULTIPLIER: i16 = 20159; - -#[inline(always)] -fn barrett_reduce_int16x8_t(v: _int16x8_t) -> _int16x8_t { - //let pv = crate::simd::portable::from_i16_array(to_i16_array(v)); - //from_i16_array(crate::simd::portable::to_i16_array(crate::simd::portable::barrett_reduce(pv))) - - // This is what we are trying to do in portable: - // let t = (value as i16 * BARRETT_MULTIPLIER) + (BARRETT_R >> 1); - // let quotient = (t >> BARRETT_SHIFT) as i16; - // let result = value - (quotient * FIELD_MODULUS); - - let adder = _vdupq_n_s16(1024); - let vec = _vqdmulhq_n_s16(v, BARRETT_MULTIPLIER as i16); - let vec = _vaddq_s16(vec, adder); - let quotient = _vshrq_n_s16::<11>(vec); - let sub = _vmulq_n_s16(quotient, FIELD_MODULUS); - _vsubq_s16(v, sub) -} - -#[inline(always)] -pub(crate) fn barrett_reduce(mut v: SIMD128Vector) -> SIMD128Vector { - //let pv = crate::simd::portable::from_i16_array(to_i16_array(v)); - //from_i16_array(crate::simd::portable::to_i16_array(crate::simd::portable::barrett_reduce(pv))) - - // This is what we are trying to do in portable: - // let t = (value as i16 * BARRETT_MULTIPLIER) + (BARRETT_R >> 1); - // let quotient = (t >> BARRETT_SHIFT) as i16; - // let result = value - (quotient * FIELD_MODULUS); - - v.low = barrett_reduce_int16x8_t(v.low); - v.high = barrett_reduce_int16x8_t(v.high); - v -} - -#[inline(always)] -fn montgomery_reduce_int16x8_t(low: _int16x8_t, high: _int16x8_t) -> _int16x8_t { - // This is what we are trying to do in portable: - // let k = low as i16 * INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; - // let k_times_modulus = (k as i16 as i16) * (FIELD_MODULUS as i16); - // let c = (k_times_modulus >> MONTGOMERY_SHIFT) as i16; - // high - c - - let k = _vreinterpretq_s16_u16(_vmulq_n_u16( - _vreinterpretq_u16_s16(low), - INVERSE_OF_MODULUS_MOD_MONTGOMERY_R as u16, - )); - let c = _vshrq_n_s16::<1>(_vqdmulhq_n_s16(k, FIELD_MODULUS as i16)); - _vsubq_s16(high, c) -} - -#[inline(always)] -fn montgomery_multiply_by_constant_int16x8_t(v: _int16x8_t, c: i16) -> _int16x8_t { - // This is what we are trying to do in portable: - // let value = v as i16 * c - // let k = (value as i16) as i16 * INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; - // let k_times_modulus = (k as i16 as i16) * (FIELD_MODULUS as i16); - // let c = (k_times_modulus >> MONTGOMERY_SHIFT) as i16; - // let value_high = (value >> MONTGOMERY_SHIFT) as i16; - // value_high - c - - let v_low = _vmulq_n_s16(v, c); - let v_high = _vshrq_n_s16::<1>(_vqdmulhq_n_s16(v, c)); - montgomery_reduce_int16x8_t(v_low, v_high) -} - -#[inline(always)] -fn montgomery_multiply_int16x8_t(v: _int16x8_t, c: _int16x8_t) -> _int16x8_t { - // This is what we are trying to do in portable: - // let value = v as i16 * c - // let k = (value as i16) as i16 * INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; - // let k_times_modulus = (k as i16 as i16) * (FIELD_MODULUS as i16); - // let c = (k_times_modulus >> MONTGOMERY_SHIFT) as i16; - // let value_high = (value >> MONTGOMERY_SHIFT) as i16; - // value_high - c - - let v_low = _vmulq_s16(v, c); - let v_high = _vshrq_n_s16::<1>(_vqdmulhq_s16(v, c)); - montgomery_reduce_int16x8_t(v_low, v_high) -} - -#[inline(always)] -pub(crate) fn montgomery_multiply_by_constant(mut v: SIMD128Vector, c: i16) -> SIMD128Vector { - v.low = montgomery_multiply_by_constant_int16x8_t(v.low, c); - v.high = montgomery_multiply_by_constant_int16x8_t(v.high, c); - v -} - -#[inline(always)] -pub(crate) fn compress_1(mut v: SIMD128Vector) -> SIMD128Vector { - // This is what we are trying to do in portable: - // let shifted: i16 = 1664 - (fe as i16); - // let mask = shifted >> 15; - // let shifted_to_positive = mask ^ shifted; - // let shifted_positive_in_range = shifted_to_positive - 832; - // ((shifted_positive_in_range >> 15) & 1) as u8 - - let half = _vdupq_n_s16(1664); - let quarter = _vdupq_n_s16(832); - - let shifted = _vsubq_s16(half, v.low); - let mask = _vshrq_n_s16::<15>(shifted); - let shifted_to_positive = _veorq_s16(mask, shifted); - let shifted_positive_in_range = _vsubq_s16(shifted_to_positive, quarter); - v.low = _vreinterpretq_s16_u16(_vshrq_n_u16::<15>(_vreinterpretq_u16_s16( - shifted_positive_in_range, - ))); - - let shifted = _vsubq_s16(half, v.high); - let mask = _vshrq_n_s16::<15>(shifted); - let shifted_to_positive = _veorq_s16(mask, shifted); - let shifted_positive_in_range = _vsubq_s16(shifted_to_positive, quarter); - v.high = _vreinterpretq_s16_u16(_vshrq_n_u16::<15>(_vreinterpretq_u16_s16( - shifted_positive_in_range, - ))); - - v -} - -#[inline(always)] -fn mask_n_least_significant_bits(coefficient_bits: i16) -> i16 { - match coefficient_bits { - 4 => 0x0f, - 5 => 0x1f, - 10 => 0x3ff, - 11 => 0x7ff, - x => (1 << x) - 1, - } -} - -#[inline(always)] -fn compress_int32x4_t(v: _uint32x4_t) -> _uint32x4_t { - // This is what we are trying to do in portable: - // let mut compressed = (fe as u64) << coefficient_bits; - // compressed += 1664 as u64; - // compressed *= 10_321_340; - // compressed >>= 35; - // get_n_least_significant_bits(coefficient_bits, compressed as u32) as FieldElement - let half = _vdupq_n_u32(1664); - let compressed = _vshlq_n_u32::(v); - let compressed = _vaddq_u32(compressed, half); - let compressed = _vreinterpretq_u32_s32(_vqdmulhq_n_s32( - _vreinterpretq_s32_u32(compressed), - 10_321_340, - )); - let compressed = _vshrq_n_u32::<4>(compressed); - compressed -} - -#[inline(always)] -pub(crate) fn compress(mut v: SIMD128Vector) -> SIMD128Vector { - // This is what we are trying to do in portable: - // let mut compressed = (fe as u64) << coefficient_bits; - // compressed += 1664 as u64; - // compressed *= 10_321_340; - // compressed >>= 35; - // get_n_least_significant_bits(coefficient_bits, compressed as u32) as FieldElement - - let mask = _vdupq_n_s16(mask_n_least_significant_bits(COEFFICIENT_BITS as i16)); - let mask16 = _vdupq_n_u32(0xffff); - - let low0 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); //a0, a2, a4, a6 - let low1 = _vshrq_n_u32::<16>(_vreinterpretq_u32_s16(v.low)); //a1, a3, a5, a7 - let high0 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); //a0, a2, a4, a6 - let high1 = _vshrq_n_u32::<16>(_vreinterpretq_u32_s16(v.high)); //a1, a3, a5, a7 - - let low0 = compress_int32x4_t::(low0); - let low1 = compress_int32x4_t::(low1); - let high0 = compress_int32x4_t::(high0); - let high1 = compress_int32x4_t::(high1); - - let low = _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); - let high = _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); - - v.low = _vandq_s16(low, mask); - v.high = _vandq_s16(high, mask); - v -} - -#[inline(always)] -fn decompress_uint32x4_t(v: _uint32x4_t) -> _uint32x4_t { - let coeff = _vdupq_n_u32(1 << (COEFFICIENT_BITS - 1)); - let decompressed = _vmulq_n_u32(v, FIELD_MODULUS as u32); - let decompressed = _vaddq_u32(decompressed, coeff); - let decompressed = _vshrq_n_u32::(decompressed); - - decompressed -} - -#[inline(always)] -pub(crate) fn decompress_ciphertext_coefficient( - mut v: SIMD128Vector, -) -> SIMD128Vector { - let mask16 = _vdupq_n_u32(0xffff); - let low0 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); - let low1 = _vshrq_n_u32::<16>(_vreinterpretq_u32_s16(v.low)); - let high0 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); - let high1 = _vshrq_n_u32::<16>(_vreinterpretq_u32_s16(v.high)); - - let low0 = decompress_uint32x4_t::(low0); - let low1 = decompress_uint32x4_t::(low1); - let high0 = decompress_uint32x4_t::(high0); - let high1 = decompress_uint32x4_t::(high1); - - v.low = _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); - v.high = _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); - v -} - -#[inline(always)] -pub(crate) fn ntt_layer_1_step( - mut v: SIMD128Vector, - zeta1: i16, - zeta2: i16, - zeta3: i16, - zeta4: i16, -) -> SIMD128Vector { - // This is what we are trying to do, pointwise for every pair of elements: - // let t = simd::Vector::montgomery_multiply_fe_by_fer(b, zeta_r); - // b = simd::Vector::sub(a, &t); - // a = simd::Vector::add(a, &t); - - let zetas = [zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4]; - let zeta = _vld1q_s16(&zetas); - let dup_a = _vreinterpretq_s16_s32(_vtrn1q_s32( - _vreinterpretq_s32_s16(v.low), - _vreinterpretq_s32_s16(v.high), - )); - let dup_b = _vreinterpretq_s16_s32(_vtrn2q_s32( - _vreinterpretq_s32_s16(v.low), - _vreinterpretq_s32_s16(v.high), - )); - let t = montgomery_multiply_int16x8_t(dup_b, zeta); - let b = _vsubq_s16(dup_a, t); - let a = _vaddq_s16(dup_a, t); - - v.low = _vreinterpretq_s16_s32(_vtrn1q_s32( - _vreinterpretq_s32_s16(a), - _vreinterpretq_s32_s16(b), - )); - v.high = _vreinterpretq_s16_s32(_vtrn2q_s32( - _vreinterpretq_s32_s16(a), - _vreinterpretq_s32_s16(b), - )); - v -} - -#[inline(always)] -pub(crate) fn ntt_layer_2_step(mut v: SIMD128Vector, zeta1: i16, zeta2: i16) -> SIMD128Vector { - // This is what we are trying to do for every four elements: - // let t = simd::Vector::montgomery_multiply_fe_by_fer(b, zeta_r); - // b = simd::Vector::sub(a, &t); - // a = simd::Vector::add(a, &t); - - let zetas = [zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2]; - let zeta = _vld1q_s16(&zetas); - let dup_a = _vreinterpretq_s16_s64(_vtrn1q_s64( - _vreinterpretq_s64_s16(v.low), - _vreinterpretq_s64_s16(v.high), - )); - let dup_b = _vreinterpretq_s16_s64(_vtrn2q_s64( - _vreinterpretq_s64_s16(v.low), - _vreinterpretq_s64_s16(v.high), - )); - let t = montgomery_multiply_int16x8_t(dup_b, zeta); - let b = _vsubq_s16(dup_a, t); - let a = _vaddq_s16(dup_a, t); - - v.low = _vreinterpretq_s16_s64(_vtrn1q_s64( - _vreinterpretq_s64_s16(a), - _vreinterpretq_s64_s16(b), - )); - v.high = _vreinterpretq_s16_s64(_vtrn2q_s64( - _vreinterpretq_s64_s16(a), - _vreinterpretq_s64_s16(b), - )); - v -} - -#[inline(always)] -pub(crate) fn ntt_layer_3_step(mut v: SIMD128Vector, zeta: i16) -> SIMD128Vector { - // This is what we are trying to do for every four elements: - // let t = simd::Vector::montgomery_multiply_fe_by_fer(b, zeta_r); - // b = simd::Vector::sub(a, &t); - // a = simd::Vector::add(a, &t); - - let zeta = _vdupq_n_s16(zeta); - let t = montgomery_multiply_int16x8_t(v.high, zeta); - v.high = _vsubq_s16(v.low, t); - v.low = _vaddq_s16(v.low, t); - v -} - -#[inline(always)] -pub(crate) fn inv_ntt_layer_1_step( - mut v: SIMD128Vector, - zeta1: i16, - zeta2: i16, - zeta3: i16, - zeta4: i16, -) -> SIMD128Vector { - // This is what we are trying to do for every two elements: - //let a_minus_b = simd::Vector::sub(b, &a); - //a = simd::Vector::add(a, &b); - //b = simd::Vector::montgomery_multiply_fe_by_fer(a_minus_b, zeta_r); - //(a, b) - - let zetas = [zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4]; - let zeta = _vld1q_s16(&zetas); - - let a = _vreinterpretq_s16_s32(_vtrn1q_s32( - _vreinterpretq_s32_s16(v.low), - _vreinterpretq_s32_s16(v.high), - )); - let b = _vreinterpretq_s16_s32(_vtrn2q_s32( - _vreinterpretq_s32_s16(v.low), - _vreinterpretq_s32_s16(v.high), - )); - - let b_minus_a = _vsubq_s16(b, a); - let a = _vaddq_s16(a, b); - let a = barrett_reduce_int16x8_t(a); - let b = montgomery_multiply_int16x8_t(b_minus_a, zeta); - - v.low = _vreinterpretq_s16_s32(_vtrn1q_s32( - _vreinterpretq_s32_s16(a), - _vreinterpretq_s32_s16(b), - )); - v.high = _vreinterpretq_s16_s32(_vtrn2q_s32( - _vreinterpretq_s32_s16(a), - _vreinterpretq_s32_s16(b), - )); - v -} - -#[inline(always)] -pub(crate) fn inv_ntt_layer_2_step(mut v: SIMD128Vector, zeta1: i16, zeta2: i16) -> SIMD128Vector { - // This is what we are trying to do for every four elements: - //let a_minus_b = simd::Vector::sub(b, &a); - //a = simd::Vector::add(a, &b); - //b = simd::Vector::montgomery_multiply_fe_by_fer(a_minus_b, zeta_r); - //(a, b) - - let zetas = [zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2]; - let zeta = _vld1q_s16(&zetas); - - let a = _vreinterpretq_s16_s64(_vtrn1q_s64( - _vreinterpretq_s64_s16(v.low), - _vreinterpretq_s64_s16(v.high), - )); - let b = _vreinterpretq_s16_s64(_vtrn2q_s64( - _vreinterpretq_s64_s16(v.low), - _vreinterpretq_s64_s16(v.high), - )); - - let b_minus_a = _vsubq_s16(b, a); - let a = _vaddq_s16(a, b); - let b = montgomery_multiply_int16x8_t(b_minus_a, zeta); - - v.low = _vreinterpretq_s16_s64(_vtrn1q_s64( - _vreinterpretq_s64_s16(a), - _vreinterpretq_s64_s16(b), - )); - v.high = _vreinterpretq_s16_s64(_vtrn2q_s64( - _vreinterpretq_s64_s16(a), - _vreinterpretq_s64_s16(b), - )); - v -} - -#[inline(always)] -pub(crate) fn inv_ntt_layer_3_step(mut v: SIMD128Vector, zeta: i16) -> SIMD128Vector { - // This is what we are trying to do for every four elements: - //let a_minus_b = simd::Vector::sub(b, &a); - //a = simd::Vector::add(a, &b); - //b = simd::Vector::montgomery_multiply_fe_by_fer(a_minus_b, zeta_r); - //(a, b) - - let zeta = _vdupq_n_s16(zeta); - let b_minus_a = _vsubq_s16(v.high, v.low); - v.low = _vaddq_s16(v.low, v.high); - v.high = montgomery_multiply_int16x8_t(b_minus_a, zeta); - v -} - -#[inline(always)] -pub(crate) fn ntt_multiply( - lhs: &SIMD128Vector, - rhs: &SIMD128Vector, - zeta1: i16, - zeta2: i16, - zeta3: i16, - zeta4: i16, -) -> SIMD128Vector { - // This is what we are trying to do for pairs of two elements: - // montgomery_reduce(a0 * b0 + montgomery_reduce(a1 * b1) * zeta), - // montgomery_reduce(a0 * b1 + a1 * b0) - //let lhsp = crate::simd::portable::from_i16_array(to_i16_array(lhs.clone())); - //let rhsp = crate::simd::portable::from_i16_array(to_i16_array(rhs.clone())); - //let mulp = crate::simd::portable::ntt_multiply(&lhsp,&rhsp,zeta0,zeta1); - //from_i16_array(crate::simd::portable::to_i16_array(mulp)) - - let zetas: [i16; 8] = [zeta1, zeta3, -zeta1, -zeta3, zeta2, zeta4, -zeta2, -zeta4]; - let zeta = _vld1q_s16(&zetas); - - let a0 = _vtrn1q_s16(lhs.low, lhs.high); // a0, a8, a2, a10, ... - let a1 = _vtrn2q_s16(lhs.low, lhs.high); // a1, a9, a3, a11, ... - let b0 = _vtrn1q_s16(rhs.low, rhs.high); // b0, b8, b2, b10, ... - let b1 = _vtrn2q_s16(rhs.low, rhs.high); // b1, b9, b3, b11, ... - - let a1b1 = montgomery_multiply_int16x8_t(a1, b1); - let a1b1_low = _vmull_s16(_vget_low_s16(a1b1), _vget_low_s16(zeta)); // a1b1z, a9b9z, a3b3z, a11b11z - let a1b1_high = _vmull_high_s16(a1b1, zeta); // a5b5z, a13b13z, a7b7z, a15b15z - - let fst_low = - _vreinterpretq_s16_s32(_vmlal_s16(a1b1_low, _vget_low_s16(a0), _vget_low_s16(b0))); // 0, 8, 2, 10 - let fst_high = _vreinterpretq_s16_s32(_vmlal_high_s16(a1b1_high, a0, b0)); // 4, 12, 6, 14 - - let a0b1_low = _vmull_s16(_vget_low_s16(a0), _vget_low_s16(b1)); - let a0b1_high = _vmull_high_s16(a0, b1); - - let snd_low = - _vreinterpretq_s16_s32(_vmlal_s16(a0b1_low, _vget_low_s16(a1), _vget_low_s16(b0))); // 1, 9, 3, 11 - let snd_high = _vreinterpretq_s16_s32(_vmlal_high_s16(a0b1_high, a1, b0)); // 5, 13, 7, 15 - - let fst_low16 = _vtrn1q_s16(fst_low, fst_high); // 0,4,8,12,2,6,10,14 - let fst_high16 = _vtrn2q_s16(fst_low, fst_high); - let snd_low16 = _vtrn1q_s16(snd_low, snd_high); // 1,5,9,13,3,7,11,15 - let snd_high16 = _vtrn2q_s16(snd_low, snd_high); - - let fst = montgomery_reduce_int16x8_t(fst_low16, fst_high16); // 0,4,8,12,2,6,10,14 - let snd = montgomery_reduce_int16x8_t(snd_low16, snd_high16); // 1,5,9,13,3,7,11,15 - - let low0 = _vreinterpretq_s32_s16(_vtrn1q_s16(fst, snd)); // 0,1,8,9,2,3,10,11 - let high0 = _vreinterpretq_s32_s16(_vtrn2q_s16(fst, snd)); // 4,5,12,13,6,7,14,15 - - let low1 = _vreinterpretq_s16_s32(_vtrn1q_s32(low0, high0)); // 0,1,4,5,2,3,6,7 - let high1 = _vreinterpretq_s16_s32(_vtrn2q_s32(low0, high0)); // 8,9,12,13,10,11,14,15 - - let indexes: [u8; 16] = [0, 1, 2, 3, 8, 9, 10, 11, 4, 5, 6, 7, 12, 13, 14, 15]; - let index = _vld1q_u8(&indexes); - let low2 = _vreinterpretq_s16_u8(_vqtbl1q_u8(_vreinterpretq_u8_s16(low1), index)); - let high2 = _vreinterpretq_s16_u8(_vqtbl1q_u8(_vreinterpretq_u8_s16(high1), index)); - - SIMD128Vector { - low: low2, - high: high2, - } -} - -#[inline(always)] -pub(crate) fn serialize_1(v: SIMD128Vector) -> [u8; 2] { - let shifter: [i16; 8] = [0, 1, 2, 3, 4, 5, 6, 7]; - let shift = _vld1q_s16(&shifter); - let low = _vshlq_s16(v.low, shift); - let high = _vshlq_s16(v.high, shift); - let low = _vaddvq_s16(low); - let high = _vaddvq_s16(high); - [low as u8, high as u8] -} - -#[inline(always)] -pub(crate) fn deserialize_1(a: &[u8]) -> SIMD128Vector { - let one = _vdupq_n_s16(1); - let low = _vdupq_n_s16(a[0] as i16); - let high = _vdupq_n_s16(a[1] as i16); - let shifter: [i16; 8] = [0, 0xff, -2, -3, -4, -5, -6, -7]; - let shift = _vld1q_s16(&shifter); - let low = _vshlq_s16(low, shift); - let high = _vshlq_s16(high, shift); - SIMD128Vector { - low: _vandq_s16(low, one), - high: _vandq_s16(high, one), - } -} - -#[inline(always)] -pub(crate) fn serialize_4(v: SIMD128Vector) -> [u8; 8] { - let shifter: [i16; 8] = [0, 4, 8, 12, 0, 4, 8, 12]; - let shift = _vld1q_s16(&shifter); - let lowt = _vshlq_u16(_vreinterpretq_u16_s16(v.low), shift); - let hight = _vshlq_u16(_vreinterpretq_u16_s16(v.high), shift); - let sum0 = _vaddv_u16(_vget_low_u16(lowt)) as u64; - let sum1 = _vaddv_u16(_vget_high_u16(lowt)) as u64; - let sum2 = _vaddv_u16(_vget_low_u16(hight)) as u64; - let sum3 = _vaddv_u16(_vget_high_u16(hight)) as u64; - let sum = sum0 | (sum1 << 16) | (sum2 << 32) | (sum3 << 48); - sum.to_le_bytes() -} - -#[inline(always)] -pub(crate) fn deserialize_4(v: &[u8]) -> SIMD128Vector { - let input = u64::from_le_bytes(v.try_into().unwrap()); - let mut low = [0i16; 8]; - let mut high = [0i16; 8]; - low[0] = (input & 0x0f) as i16; - low[1] = ((input >> 4) & 0x0f) as i16; - low[2] = ((input >> 8) & 0x0f) as i16; - low[3] = ((input >> 12) & 0x0f) as i16; - low[4] = ((input >> 16) & 0x0f) as i16; - low[5] = ((input >> 20) & 0x0f) as i16; - low[6] = ((input >> 24) & 0x0f) as i16; - low[7] = ((input >> 28) & 0x0f) as i16; - high[0] = ((input >> 32) & 0x0f) as i16; - high[1] = ((input >> 36) & 0x0f) as i16; - high[2] = ((input >> 40) & 0x0f) as i16; - high[3] = ((input >> 44) & 0x0f) as i16; - high[4] = ((input >> 48) & 0x0f) as i16; - high[5] = ((input >> 52) & 0x0f) as i16; - high[6] = ((input >> 56) & 0x0f) as i16; - high[7] = ((input >> 60) & 0x0f) as i16; - SIMD128Vector { - low: _vld1q_s16(&low), - high: _vld1q_s16(&high), - } -} - -#[inline(always)] -pub(crate) fn serialize_5(v: SIMD128Vector) -> [u8; 10] { - let mut res = [0u8; 10]; - let out = to_i16_array(v); - res[0] = (out[0] | out[1] << 5) as u8; - res[1] = (out[1] >> 3 | out[2] << 2 | out[3] << 7) as u8; - res[2] = (out[3] >> 1 | out[4] << 4) as u8; - res[3] = (out[4] >> 4 | out[5] << 1 | out[6] << 6) as u8; - res[4] = (out[6] >> 2 | out[7] << 3) as u8; - res[5] = (out[8 + 0] | out[8 + 1] << 5) as u8; - res[6] = (out[8 + 1] >> 3 | out[8 + 2] << 2 | out[8 + 3] << 7) as u8; - res[7] = (out[8 + 3] >> 1 | out[8 + 4] << 4) as u8; - res[8] = (out[8 + 4] >> 4 | out[8 + 5] << 1 | out[8 + 6] << 6) as u8; - res[9] = (out[8 + 6] >> 2 | out[8 + 7] << 3) as u8; - res -} - -#[inline(always)] -pub(crate) fn deserialize_5(v: &[u8]) -> SIMD128Vector { - let mut input0 = [0u8; 8]; - input0[0..5].copy_from_slice(&v[0..5]); - let low64 = u64::from_le_bytes(input0); - let mut input1 = [0u8; 8]; - input1[0..5].copy_from_slice(&v[5..10]); - let high64 = u64::from_le_bytes(input1); - - let mut low = [0i16; 8]; - let mut high = [0i16; 8]; - - low[0] = (low64 & 0x1F) as i16; - low[1] = ((low64 >> 5) & 0x1F) as i16; - low[2] = ((low64 >> 10) & 0x1F) as i16; - low[3] = ((low64 >> 15) & 0x1F) as i16; - low[4] = ((low64 >> 20) & 0x1F) as i16; - low[5] = ((low64 >> 25) & 0x1F) as i16; - low[6] = ((low64 >> 30) & 0x1F) as i16; - low[7] = ((low64 >> 35) & 0x1F) as i16; - - high[0] = (high64 & 0x1F) as i16; - high[1] = ((high64 >> 5) & 0x1F) as i16; - high[2] = ((high64 >> 10) & 0x1F) as i16; - high[3] = ((high64 >> 15) & 0x1F) as i16; - high[4] = ((high64 >> 20) & 0x1F) as i16; - high[5] = ((high64 >> 25) & 0x1F) as i16; - high[6] = ((high64 >> 30) & 0x1F) as i16; - high[7] = ((high64 >> 35) & 0x1F) as i16; - - SIMD128Vector { - low: _vld1q_s16(&low), - high: _vld1q_s16(&high), - } -} - -#[inline(always)] -pub(crate) fn serialize_10(v: SIMD128Vector) -> [u8; 20] { - let low0 = _vreinterpretq_s32_s16(_vtrn1q_s16(v.low, v.low)); // a0, a0, a2, a2, a4, a4, a6, a6 - let low1 = _vreinterpretq_s32_s16(_vtrn2q_s16(v.low, v.low)); // a1, a1, a3, a3, a5, a5, a7, a7 - let mixt = _vsliq_n_s32::<10>(low0, low1); // a1a0, a3a2, a5a4, a7a6 - - let low0 = _vreinterpretq_s64_s32(_vtrn1q_s32(mixt, mixt)); // a1a0, a1a0, a5a4, a5a4 - let low1 = _vreinterpretq_s64_s32(_vtrn2q_s32(mixt, mixt)); // a3a2, a3a2, a7a6, a7a6 - let low_mix = _vsliq_n_s64::<20>(low0, low1); // a3a2a1a0, a7a6a5a4 - - let high0 = _vreinterpretq_s32_s16(_vtrn1q_s16(v.high, v.high)); // a0, a0, a2, a2, a4, a4, a6, a6 - let high1 = _vreinterpretq_s32_s16(_vtrn2q_s16(v.high, v.high)); // a1, a1, a3, a3, a5, a5, a7, a7 - let mixt = _vsliq_n_s32::<10>(high0, high1); // a1a0, a3a2, a5a4, a7a6 - - let high0 = _vreinterpretq_s64_s32(_vtrn1q_s32(mixt, mixt)); // a1a0, a1a0, a5a4, a5a4 - let high1 = _vreinterpretq_s64_s32(_vtrn2q_s32(mixt, mixt)); // a3a2, a3a2, a7a6, a7a6 - let high_mix = _vsliq_n_s64::<20>(high0, high1); // a3a2a1a0, a7a6a5a4 - - let mut result32 = [0u8; 32]; - _vst1q_u8(&mut result32[0..16], _vreinterpretq_u8_s64(low_mix)); - _vst1q_u8(&mut result32[16..32], _vreinterpretq_u8_s64(high_mix)); - let mut result = [0u8; 20]; - result[0..5].copy_from_slice(&result32[0..5]); - result[5..10].copy_from_slice(&result32[8..13]); - result[10..15].copy_from_slice(&result32[16..21]); - result[15..20].copy_from_slice(&result32[24..29]); - result -} - -#[inline(always)] -pub(crate) fn deserialize_10(v: &[u8]) -> SIMD128Vector { - let mut input0 = [0u8; 8]; - let mut input1 = [0u8; 8]; - let mut input2 = [0u8; 4]; - input0.copy_from_slice(&v[0..8]); - input1.copy_from_slice(&v[8..16]); - input2.copy_from_slice(&v[16..20]); - let input0 = u64::from_le_bytes(input0); - let input1 = u64::from_le_bytes(input1); - let input2 = u32::from_le_bytes(input2); - let mut low = [0i16; 8]; - let mut high = [0i16; 8]; - low[0] = (input0 & 0x3ff) as i16; - low[1] = ((input0 >> 10) & 0x3ff) as i16; - low[2] = ((input0 >> 20) & 0x3ff) as i16; - low[3] = ((input0 >> 30) & 0x3ff) as i16; - low[4] = ((input0 >> 40) & 0x3ff) as i16; - low[5] = ((input0 >> 50) & 0x3ff) as i16; - low[6] = (((input0 >> 60) | (input1 << 4)) & 0x3ff) as i16; - low[7] = ((input1 >> 6) & 0x3ff) as i16; - high[0] = ((input1 >> 16) & 0x3ff) as i16; - high[1] = ((input1 >> 26) & 0x3ff) as i16; - high[2] = ((input1 >> 36) & 0x3ff) as i16; - high[3] = ((input1 >> 46) & 0x3ff) as i16; - high[4] = ((((input1 >> 56) as u32) | (input2 << 8)) & 0x3ff) as i16; - high[5] = ((input2 >> 2) & 0x3ff) as i16; - high[6] = ((input2 >> 12) & 0x3ff) as i16; - high[7] = ((input2 >> 22) & 0x3ff) as i16; - - SIMD128Vector { - low: _vld1q_s16(&low), - high: _vld1q_s16(&high), - } -} - -#[inline(always)] -pub(crate) fn serialize_11(v: SIMD128Vector) -> [u8; 22] { - let input = to_i16_array(v); - let mut result = [0u8; 22]; - result[0] = input[0] as u8; // 3 left in 0 - result[1] = ((input[0] >> 8) | (input[1] << 3)) as u8; // 6 left in 1 - result[2] = ((input[1] >> 5) | (input[2] << 6)) as u8; // 9 left in 2 - result[3] = (input[2] >> 2) as u8; // 1 left in 2 - result[4] = ((input[2] >> 10) | (input[3] << 1)) as u8; // 4 left in 3 - result[5] = ((input[3] >> 7) | (input[4] << 4)) as u8; // 7 left in 4 - result[6] = ((input[4] >> 4) | (input[5] << 7)) as u8; // 10 left in 5 - result[7] = (input[5] >> 1) as u8; // 2 left in 5 - result[8] = ((input[5] >> 9) | (input[6] << 2)) as u8; // 5 left in 6 - result[9] = ((input[6] >> 6) | (input[7] << 5)) as u8; // 8 left in 7 - result[10] = (input[7] >> 3) as u8; - - result[11 + 0] = input[8 + 0] as u8; // 3 left in 0 - result[11 + 1] = ((input[8 + 0] >> 8) | (input[8 + 1] << 3)) as u8; // 6 left in 1 - result[11 + 2] = ((input[8 + 1] >> 5) | (input[8 + 2] << 6)) as u8; // 9 left in 2 - result[11 + 3] = (input[8 + 2] >> 2) as u8; // 1 left in 2 - result[11 + 4] = ((input[8 + 2] >> 10) | (input[8 + 3] << 1)) as u8; // 4 left in 3 - result[11 + 5] = ((input[8 + 3] >> 7) | (input[8 + 4] << 4)) as u8; // 7 left in 4 - result[11 + 6] = ((input[8 + 4] >> 4) | (input[8 + 5] << 7)) as u8; // 10 left in 5 - result[11 + 7] = (input[8 + 5] >> 1) as u8; // 2 left in 5 - result[11 + 8] = ((input[8 + 5] >> 9) | (input[8 + 6] << 2)) as u8; // 5 left in 6 - result[11 + 9] = ((input[8 + 6] >> 6) | (input[8 + 7] << 5)) as u8; // 8 left in 7 - result[11 + 10] = (input[8 + 7] >> 3) as u8; - result -} - -#[inline(always)] -pub(crate) fn deserialize_11(v: &[u8]) -> SIMD128Vector { - let mut input0 = [0u8; 8]; - let mut input1 = [0u8; 8]; - let mut input2 = [0u8; 8]; - input0.copy_from_slice(&v[0..8]); - input1.copy_from_slice(&v[8..16]); - input2[0..6].copy_from_slice(&v[16..22]); - let input0 = u64::from_le_bytes(input0); - let input1 = u64::from_le_bytes(input1); - let input2 = u64::from_le_bytes(input2); - - let mut low = [0i16; 8]; - let mut high = [0i16; 8]; - - low[0] = (input0 & 0x7FF) as i16; - low[1] = ((input0 >> 11) & 0x7FF) as i16; - low[2] = ((input0 >> 22) & 0x7FF) as i16; - low[3] = ((input0 >> 33) & 0x7FF) as i16; - low[4] = ((input0 >> 44) & 0x7FF) as i16; - low[5] = (((input0 >> 55) | (input1 << 9)) & 0x7FF) as i16; - low[6] = ((input1 >> 2) & 0x7FF) as i16; - low[7] = ((input1 >> 13) & 0x7FF) as i16; - - high[0] = ((input1 >> 24) & 0x7FF) as i16; - high[1] = ((input1 >> 35) & 0x7FF) as i16; - high[2] = ((input1 >> 46) & 0x7FF) as i16; - high[3] = (((input1 >> 57) | (input2 << 7)) & 0x7FF) as i16; - high[4] = ((input2 >> 4) & 0x7FF) as i16; - high[5] = ((input2 >> 15) & 0x7FF) as i16; - high[6] = ((input2 >> 26) & 0x7FF) as i16; - high[7] = ((input2 >> 37) & 0x7FF) as i16; - - SIMD128Vector { - low: _vld1q_s16(&low), - high: _vld1q_s16(&high), - } -} - -#[inline(always)] -pub(crate) fn serialize_12(v: SIMD128Vector) -> [u8; 24] { - let low0 = _vreinterpretq_s32_s16(_vtrn1q_s16(v.low, v.low)); // a0, a0, a2, a2, a4, a4, a6, a6 - let low1 = _vreinterpretq_s32_s16(_vtrn2q_s16(v.low, v.low)); // a1, a1, a3, a3, a5, a5, a7, a7 - let mixt = _vsliq_n_s32::<12>(low0, low1); // a1a0, a3a2, a5a4, a7a6 - - let low0 = _vreinterpretq_s64_s32(_vtrn1q_s32(mixt, mixt)); // a1a0, a1a0, a5a4, a5a4 - let low1 = _vreinterpretq_s64_s32(_vtrn2q_s32(mixt, mixt)); // a3a2, a3a2, a7a6, a7a6 - let low_mix = _vsliq_n_s64::<24>(low0, low1); // a3a2a1a0, a7a6a5a4 - - let high0 = _vreinterpretq_s32_s16(_vtrn1q_s16(v.high, v.high)); // a0, a0, a2, a2, a4, a4, a6, a6 - let high1 = _vreinterpretq_s32_s16(_vtrn2q_s16(v.high, v.high)); // a1, a1, a3, a3, a5, a5, a7, a7 - let mixt = _vsliq_n_s32::<12>(high0, high1); // a1a0, a3a2, a5a4, a7a6 - - let high0 = _vreinterpretq_s64_s32(_vtrn1q_s32(mixt, mixt)); // a1a0, a1a0, a5a4, a5a4 - let high1 = _vreinterpretq_s64_s32(_vtrn2q_s32(mixt, mixt)); // a3a2, a3a2, a7a6, a7a6 - let high_mix = _vsliq_n_s64::<24>(high0, high1); // a3a2a1a0, a7a6a5a4 - - let mut result32 = [0u8; 32]; - _vst1q_u8(&mut result32[0..16], _vreinterpretq_u8_s64(low_mix)); - _vst1q_u8(&mut result32[16..32], _vreinterpretq_u8_s64(high_mix)); - let mut result = [0u8; 24]; - result[0..6].copy_from_slice(&result32[0..6]); - result[6..12].copy_from_slice(&result32[8..14]); - result[12..18].copy_from_slice(&result32[16..22]); - result[18..24].copy_from_slice(&result32[24..30]); - result -} - -#[inline(always)] -pub(crate) fn deserialize_12(v: &[u8]) -> SIMD128Vector { - let indexes: [u8; 16] = [0, 1, 1, 2, 3, 4, 4, 5, 6, 7, 7, 8, 9, 10, 10, 11]; - let index_vec = _vld1q_u8(&indexes); - let shifts: [i16; 8] = [0, -4, 0, -4, 0, -4, 0, -4]; - let shift_vec = _vld1q_s16(&shifts); - let mask12 = _vdupq_n_u16(0xfff); - - let mut input0 = [0u8; 16]; - input0[0..12].copy_from_slice(&v[0..12]); - let input_vec0 = _vld1q_u8(&input0); - - let mut input1 = [0u8; 16]; - input1[0..12].copy_from_slice(&v[12..24]); - let input_vec1 = _vld1q_u8(&input1); - - let moved0 = _vreinterpretq_u16_u8(_vqtbl1q_u8(input_vec0, index_vec)); - let shifted0 = _vshlq_u16(moved0, shift_vec); - let low = _vreinterpretq_s16_u16(_vandq_u16(shifted0, mask12)); - - let moved1 = _vreinterpretq_u16_u8(_vqtbl1q_u8(input_vec1, index_vec)); - let shifted1 = _vshlq_u16(moved1, shift_vec); - let high = _vreinterpretq_s16_u16(_vandq_u16(shifted1, mask12)); - - SIMD128Vector { low, high } -} From 0f70f812253d994f1359b02fae9235ebac971249 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 20 Jun 2024 10:08:45 +0200 Subject: [PATCH 2/7] restructured neon --- libcrux-ml-kem/src/vector/neon.rs | 5 +- libcrux-ml-kem/src/vector/neon/arithmetic.rs | 146 ++++++++ libcrux-ml-kem/src/vector/neon/compress.rs | 124 +++++++ libcrux-ml-kem/src/vector/neon/ntt.rs | 244 ++++++++++++++ libcrux-ml-kem/src/vector/neon/rejsample.rs | 33 ++ libcrux-ml-kem/src/vector/neon/sampling.rs | 33 ++ libcrux-ml-kem/src/vector/neon/serialize.rs | 313 ++++++++++++++++++ libcrux-ml-kem/src/vector/neon/vector_type.rs | 31 ++ 8 files changed, 927 insertions(+), 2 deletions(-) create mode 100644 libcrux-ml-kem/src/vector/neon/arithmetic.rs create mode 100644 libcrux-ml-kem/src/vector/neon/compress.rs create mode 100644 libcrux-ml-kem/src/vector/neon/ntt.rs create mode 100644 libcrux-ml-kem/src/vector/neon/rejsample.rs create mode 100644 libcrux-ml-kem/src/vector/neon/sampling.rs create mode 100644 libcrux-ml-kem/src/vector/neon/serialize.rs create mode 100644 libcrux-ml-kem/src/vector/neon/vector_type.rs diff --git a/libcrux-ml-kem/src/vector/neon.rs b/libcrux-ml-kem/src/vector/neon.rs index ced188c61..758f2e8d4 100644 --- a/libcrux-ml-kem/src/vector/neon.rs +++ b/libcrux-ml-kem/src/vector/neon.rs @@ -8,12 +8,13 @@ mod arithmetic; mod compress; mod ntt; mod serialize; -mod simd128ops; pub(crate) use vector_type::SIMD128Vector; use vector_type::*; use arithmetic::*; -use simd128ops::*; +use compress::*; +use ntt::*; +use serialize::*; // This is an empty shell, calling into standalone functions in `simd128ops`. // This is due to limitations in F* and hax to deal with large trait implementations diff --git a/libcrux-ml-kem/src/vector/neon/arithmetic.rs b/libcrux-ml-kem/src/vector/neon/arithmetic.rs new file mode 100644 index 000000000..b6cf1aecf --- /dev/null +++ b/libcrux-ml-kem/src/vector/neon/arithmetic.rs @@ -0,0 +1,146 @@ +use crate::vector::{FIELD_MODULUS, INVERSE_OF_MODULUS_MOD_MONTGOMERY_R}; +use super::vector_type::*; +use libcrux_intrinsics::arm64::*; + + +#[inline(always)] +pub(crate) fn add(mut lhs: SIMD128Vector, rhs: &SIMD128Vector) -> SIMD128Vector { + lhs.low = _vaddq_s16(lhs.low, rhs.low); + lhs.high = _vaddq_s16(lhs.high, rhs.high); + lhs +} + +#[inline(always)] +pub(crate) fn sub(mut lhs: SIMD128Vector, rhs: &SIMD128Vector) -> SIMD128Vector { + lhs.low = _vsubq_s16(lhs.low, rhs.low); + lhs.high = _vsubq_s16(lhs.high, rhs.high); + lhs +} + +#[inline(always)] +pub(crate) fn multiply_by_constant(mut v: SIMD128Vector, c: i16) -> SIMD128Vector { + v.low = _vmulq_n_s16(v.low, c); + v.high = _vmulq_n_s16(v.high, c); + v +} + +#[inline(always)] +pub(crate) fn bitwise_and_with_constant(mut v: SIMD128Vector, c: i16) -> SIMD128Vector { + let c = _vdupq_n_s16(c); + v.low = _vandq_s16(v.low, c); + v.high = _vandq_s16(v.high, c); + v +} + +#[inline(always)] +pub(crate) fn shift_right(mut v: SIMD128Vector) -> SIMD128Vector { + // Should find special cases of this + // e.g when doing a right shift just to propagate signed bits, use vclezq_s32 instead + v.low = _vshrq_n_s16::(v.low); + v.high = _vshrq_n_s16::(v.high); + v +} + +// #[inline(always)] +// pub(crate) fn shift_left(mut lhs: SIMD128Vector) -> SIMD128Vector { +// lhs.low = _vshlq_n_s16::(lhs.low); +// lhs.high = _vshlq_n_s16::(lhs.high); +// lhs +// } + +#[inline(always)] +pub(crate) fn cond_subtract_3329(mut v: SIMD128Vector) -> SIMD128Vector { + let c = _vdupq_n_s16(3329); + let m0 = _vcgeq_s16(v.low, c); + let m1 = _vcgeq_s16(v.high, c); + let c0 = _vandq_s16(c, _vreinterpretq_s16_u16(m0)); + let c1 = _vandq_s16(c, _vreinterpretq_s16_u16(m1)); + v.low = _vsubq_s16(v.low, c0); + v.high = _vsubq_s16(v.high, c1); + v +} + +const BARRETT_MULTIPLIER: i16 = 20159; + +#[inline(always)] +pub(crate) fn barrett_reduce_int16x8_t(v: _int16x8_t) -> _int16x8_t { + // This is what we are trying to do in portable: + // let t = (value as i16 * BARRETT_MULTIPLIER) + (BARRETT_R >> 1); + // let quotient = (t >> BARRETT_SHIFT) as i16; + // let result = value - (quotient * FIELD_MODULUS); + + let adder = _vdupq_n_s16(1024); + let vec = _vqdmulhq_n_s16(v, BARRETT_MULTIPLIER as i16); + let vec = _vaddq_s16(vec, adder); + let quotient = _vshrq_n_s16::<11>(vec); + let sub = _vmulq_n_s16(quotient, FIELD_MODULUS); + _vsubq_s16(v, sub) +} + +#[inline(always)] +pub(crate) fn barrett_reduce(mut v: SIMD128Vector) -> SIMD128Vector { + //let pv = crate::simd::portable::from_i16_array(to_i16_array(v)); + //from_i16_array(crate::simd::portable::to_i16_array(crate::simd::portable::barrett_reduce(pv))) + + // This is what we are trying to do in portable: + // let t = (value as i16 * BARRETT_MULTIPLIER) + (BARRETT_R >> 1); + // let quotient = (t >> BARRETT_SHIFT) as i16; + // let result = value - (quotient * FIELD_MODULUS); + + v.low = barrett_reduce_int16x8_t(v.low); + v.high = barrett_reduce_int16x8_t(v.high); + v +} + +#[inline(always)] +pub(crate) fn montgomery_reduce_int16x8_t(low: _int16x8_t, high: _int16x8_t) -> _int16x8_t { + // This is what we are trying to do in portable: + // let k = low as i16 * INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; + // let k_times_modulus = (k as i16 as i16) * (FIELD_MODULUS as i16); + // let c = (k_times_modulus >> MONTGOMERY_SHIFT) as i16; + // high - c + + let k = _vreinterpretq_s16_u16(_vmulq_n_u16( + _vreinterpretq_u16_s16(low), + INVERSE_OF_MODULUS_MOD_MONTGOMERY_R as u16, + )); + let c = _vshrq_n_s16::<1>(_vqdmulhq_n_s16(k, FIELD_MODULUS as i16)); + _vsubq_s16(high, c) +} + +#[inline(always)] +pub(crate) fn montgomery_multiply_by_constant_int16x8_t(v: _int16x8_t, c: i16) -> _int16x8_t { + // This is what we are trying to do in portable: + // let value = v as i16 * c + // let k = (value as i16) as i16 * INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; + // let k_times_modulus = (k as i16 as i16) * (FIELD_MODULUS as i16); + // let c = (k_times_modulus >> MONTGOMERY_SHIFT) as i16; + // let value_high = (value >> MONTGOMERY_SHIFT) as i16; + // value_high - c + + let v_low = _vmulq_n_s16(v, c); + let v_high = _vshrq_n_s16::<1>(_vqdmulhq_n_s16(v, c)); + montgomery_reduce_int16x8_t(v_low, v_high) +} + +#[inline(always)] +pub(crate) fn montgomery_multiply_int16x8_t(v: _int16x8_t, c: _int16x8_t) -> _int16x8_t { + // This is what we are trying to do in portable: + // let value = v as i16 * c + // let k = (value as i16) as i16 * INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; + // let k_times_modulus = (k as i16 as i16) * (FIELD_MODULUS as i16); + // let c = (k_times_modulus >> MONTGOMERY_SHIFT) as i16; + // let value_high = (value >> MONTGOMERY_SHIFT) as i16; + // value_high - c + + let v_low = _vmulq_s16(v, c); + let v_high = _vshrq_n_s16::<1>(_vqdmulhq_s16(v, c)); + montgomery_reduce_int16x8_t(v_low, v_high) +} + +#[inline(always)] +pub(crate) fn montgomery_multiply_by_constant(mut v: SIMD128Vector, c: i16) -> SIMD128Vector { + v.low = montgomery_multiply_by_constant_int16x8_t(v.low, c); + v.high = montgomery_multiply_by_constant_int16x8_t(v.high, c); + v +} \ No newline at end of file diff --git a/libcrux-ml-kem/src/vector/neon/compress.rs b/libcrux-ml-kem/src/vector/neon/compress.rs new file mode 100644 index 000000000..d871d818b --- /dev/null +++ b/libcrux-ml-kem/src/vector/neon/compress.rs @@ -0,0 +1,124 @@ +use super::vector_type::*; +use crate::vector::FIELD_MODULUS; +use libcrux_intrinsics::arm64::*; + +#[inline(always)] +pub(crate) fn compress_1(mut v: SIMD128Vector) -> SIMD128Vector { + // This is what we are trying to do in portable: + // let shifted: i16 = 1664 - (fe as i16); + // let mask = shifted >> 15; + // let shifted_to_positive = mask ^ shifted; + // let shifted_positive_in_range = shifted_to_positive - 832; + // ((shifted_positive_in_range >> 15) & 1) as u8 + + let half = _vdupq_n_s16(1664); + let quarter = _vdupq_n_s16(832); + + let shifted = _vsubq_s16(half, v.low); + let mask = _vshrq_n_s16::<15>(shifted); + let shifted_to_positive = _veorq_s16(mask, shifted); + let shifted_positive_in_range = _vsubq_s16(shifted_to_positive, quarter); + v.low = _vreinterpretq_s16_u16(_vshrq_n_u16::<15>(_vreinterpretq_u16_s16( + shifted_positive_in_range, + ))); + + let shifted = _vsubq_s16(half, v.high); + let mask = _vshrq_n_s16::<15>(shifted); + let shifted_to_positive = _veorq_s16(mask, shifted); + let shifted_positive_in_range = _vsubq_s16(shifted_to_positive, quarter); + v.high = _vreinterpretq_s16_u16(_vshrq_n_u16::<15>(_vreinterpretq_u16_s16( + shifted_positive_in_range, + ))); + + v +} + +#[inline(always)] +fn mask_n_least_significant_bits(coefficient_bits: i16) -> i16 { + match coefficient_bits { + 4 => 0x0f, + 5 => 0x1f, + 10 => 0x3ff, + 11 => 0x7ff, + x => (1 << x) - 1, + } +} + +#[inline(always)] +fn compress_int32x4_t(v: _uint32x4_t) -> _uint32x4_t { + // This is what we are trying to do in portable: + // let mut compressed = (fe as u64) << coefficient_bits; + // compressed += 1664 as u64; + // compressed *= 10_321_340; + // compressed >>= 35; + // get_n_least_significant_bits(coefficient_bits, compressed as u32) as FieldElement + let half = _vdupq_n_u32(1664); + let compressed = _vshlq_n_u32::(v); + let compressed = _vaddq_u32(compressed, half); + let compressed = _vreinterpretq_u32_s32(_vqdmulhq_n_s32( + _vreinterpretq_s32_u32(compressed), + 10_321_340, + )); + let compressed = _vshrq_n_u32::<4>(compressed); + compressed +} + +#[inline(always)] +pub(crate) fn compress(mut v: SIMD128Vector) -> SIMD128Vector { + // This is what we are trying to do in portable: + // let mut compressed = (fe as u64) << coefficient_bits; + // compressed += 1664 as u64; + // compressed *= 10_321_340; + // compressed >>= 35; + // get_n_least_significant_bits(coefficient_bits, compressed as u32) as FieldElement + + let mask = _vdupq_n_s16(mask_n_least_significant_bits(COEFFICIENT_BITS as i16)); + let mask16 = _vdupq_n_u32(0xffff); + + let low0 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); //a0, a2, a4, a6 + let low1 = _vshrq_n_u32::<16>(_vreinterpretq_u32_s16(v.low)); //a1, a3, a5, a7 + let high0 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); //a0, a2, a4, a6 + let high1 = _vshrq_n_u32::<16>(_vreinterpretq_u32_s16(v.high)); //a1, a3, a5, a7 + + let low0 = compress_int32x4_t::(low0); + let low1 = compress_int32x4_t::(low1); + let high0 = compress_int32x4_t::(high0); + let high1 = compress_int32x4_t::(high1); + + let low = _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); + let high = _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); + + v.low = _vandq_s16(low, mask); + v.high = _vandq_s16(high, mask); + v +} + +#[inline(always)] +fn decompress_uint32x4_t(v: _uint32x4_t) -> _uint32x4_t { + let coeff = _vdupq_n_u32(1 << (COEFFICIENT_BITS - 1)); + let decompressed = _vmulq_n_u32(v, FIELD_MODULUS as u32); + let decompressed = _vaddq_u32(decompressed, coeff); + let decompressed = _vshrq_n_u32::(decompressed); + + decompressed +} + +#[inline(always)] +pub(crate) fn decompress_ciphertext_coefficient( + mut v: SIMD128Vector, +) -> SIMD128Vector { + let mask16 = _vdupq_n_u32(0xffff); + let low0 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); + let low1 = _vshrq_n_u32::<16>(_vreinterpretq_u32_s16(v.low)); + let high0 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); + let high1 = _vshrq_n_u32::<16>(_vreinterpretq_u32_s16(v.high)); + + let low0 = decompress_uint32x4_t::(low0); + let low1 = decompress_uint32x4_t::(low1); + let high0 = decompress_uint32x4_t::(high0); + let high1 = decompress_uint32x4_t::(high1); + + v.low = _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); + v.high = _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); + v +} \ No newline at end of file diff --git a/libcrux-ml-kem/src/vector/neon/ntt.rs b/libcrux-ml-kem/src/vector/neon/ntt.rs new file mode 100644 index 000000000..28eb2cb5a --- /dev/null +++ b/libcrux-ml-kem/src/vector/neon/ntt.rs @@ -0,0 +1,244 @@ +use super::vector_type::*; +use super::arithmetic::*; +use libcrux_intrinsics::arm64::*; + +#[inline(always)] +pub(crate) fn ntt_layer_1_step( + mut v: SIMD128Vector, + zeta1: i16, + zeta2: i16, + zeta3: i16, + zeta4: i16, +) -> SIMD128Vector { + // This is what we are trying to do, pointwise for every pair of elements: + // let t = simd::Vector::montgomery_multiply_fe_by_fer(b, zeta_r); + // b = simd::Vector::sub(a, &t); + // a = simd::Vector::add(a, &t); + + let zetas = [zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4]; + let zeta = _vld1q_s16(&zetas); + let dup_a = _vreinterpretq_s16_s32(_vtrn1q_s32( + _vreinterpretq_s32_s16(v.low), + _vreinterpretq_s32_s16(v.high), + )); + let dup_b = _vreinterpretq_s16_s32(_vtrn2q_s32( + _vreinterpretq_s32_s16(v.low), + _vreinterpretq_s32_s16(v.high), + )); + let t = montgomery_multiply_int16x8_t(dup_b, zeta); + let b = _vsubq_s16(dup_a, t); + let a = _vaddq_s16(dup_a, t); + + v.low = _vreinterpretq_s16_s32(_vtrn1q_s32( + _vreinterpretq_s32_s16(a), + _vreinterpretq_s32_s16(b), + )); + v.high = _vreinterpretq_s16_s32(_vtrn2q_s32( + _vreinterpretq_s32_s16(a), + _vreinterpretq_s32_s16(b), + )); + v +} + +#[inline(always)] +pub(crate) fn ntt_layer_2_step(mut v: SIMD128Vector, zeta1: i16, zeta2: i16) -> SIMD128Vector { + // This is what we are trying to do for every four elements: + // let t = simd::Vector::montgomery_multiply_fe_by_fer(b, zeta_r); + // b = simd::Vector::sub(a, &t); + // a = simd::Vector::add(a, &t); + + let zetas = [zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2]; + let zeta = _vld1q_s16(&zetas); + let dup_a = _vreinterpretq_s16_s64(_vtrn1q_s64( + _vreinterpretq_s64_s16(v.low), + _vreinterpretq_s64_s16(v.high), + )); + let dup_b = _vreinterpretq_s16_s64(_vtrn2q_s64( + _vreinterpretq_s64_s16(v.low), + _vreinterpretq_s64_s16(v.high), + )); + let t = montgomery_multiply_int16x8_t(dup_b, zeta); + let b = _vsubq_s16(dup_a, t); + let a = _vaddq_s16(dup_a, t); + + v.low = _vreinterpretq_s16_s64(_vtrn1q_s64( + _vreinterpretq_s64_s16(a), + _vreinterpretq_s64_s16(b), + )); + v.high = _vreinterpretq_s16_s64(_vtrn2q_s64( + _vreinterpretq_s64_s16(a), + _vreinterpretq_s64_s16(b), + )); + v +} + +#[inline(always)] +pub(crate) fn ntt_layer_3_step(mut v: SIMD128Vector, zeta: i16) -> SIMD128Vector { + // This is what we are trying to do for every four elements: + // let t = simd::Vector::montgomery_multiply_fe_by_fer(b, zeta_r); + // b = simd::Vector::sub(a, &t); + // a = simd::Vector::add(a, &t); + + let zeta = _vdupq_n_s16(zeta); + let t = montgomery_multiply_int16x8_t(v.high, zeta); + v.high = _vsubq_s16(v.low, t); + v.low = _vaddq_s16(v.low, t); + v +} + +#[inline(always)] +pub(crate) fn inv_ntt_layer_1_step( + mut v: SIMD128Vector, + zeta1: i16, + zeta2: i16, + zeta3: i16, + zeta4: i16, +) -> SIMD128Vector { + // This is what we are trying to do for every two elements: + //let a_minus_b = simd::Vector::sub(b, &a); + //a = simd::Vector::add(a, &b); + //b = simd::Vector::montgomery_multiply_fe_by_fer(a_minus_b, zeta_r); + //(a, b) + + let zetas = [zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4]; + let zeta = _vld1q_s16(&zetas); + + let a = _vreinterpretq_s16_s32(_vtrn1q_s32( + _vreinterpretq_s32_s16(v.low), + _vreinterpretq_s32_s16(v.high), + )); + let b = _vreinterpretq_s16_s32(_vtrn2q_s32( + _vreinterpretq_s32_s16(v.low), + _vreinterpretq_s32_s16(v.high), + )); + + let b_minus_a = _vsubq_s16(b, a); + let a = _vaddq_s16(a, b); + let a = barrett_reduce_int16x8_t(a); + let b = montgomery_multiply_int16x8_t(b_minus_a, zeta); + + v.low = _vreinterpretq_s16_s32(_vtrn1q_s32( + _vreinterpretq_s32_s16(a), + _vreinterpretq_s32_s16(b), + )); + v.high = _vreinterpretq_s16_s32(_vtrn2q_s32( + _vreinterpretq_s32_s16(a), + _vreinterpretq_s32_s16(b), + )); + v +} + +#[inline(always)] +pub(crate) fn inv_ntt_layer_2_step(mut v: SIMD128Vector, zeta1: i16, zeta2: i16) -> SIMD128Vector { + // This is what we are trying to do for every four elements: + //let a_minus_b = simd::Vector::sub(b, &a); + //a = simd::Vector::add(a, &b); + //b = simd::Vector::montgomery_multiply_fe_by_fer(a_minus_b, zeta_r); + //(a, b) + + let zetas = [zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2]; + let zeta = _vld1q_s16(&zetas); + + let a = _vreinterpretq_s16_s64(_vtrn1q_s64( + _vreinterpretq_s64_s16(v.low), + _vreinterpretq_s64_s16(v.high), + )); + let b = _vreinterpretq_s16_s64(_vtrn2q_s64( + _vreinterpretq_s64_s16(v.low), + _vreinterpretq_s64_s16(v.high), + )); + + let b_minus_a = _vsubq_s16(b, a); + let a = _vaddq_s16(a, b); + let b = montgomery_multiply_int16x8_t(b_minus_a, zeta); + + v.low = _vreinterpretq_s16_s64(_vtrn1q_s64( + _vreinterpretq_s64_s16(a), + _vreinterpretq_s64_s16(b), + )); + v.high = _vreinterpretq_s16_s64(_vtrn2q_s64( + _vreinterpretq_s64_s16(a), + _vreinterpretq_s64_s16(b), + )); + v +} + +#[inline(always)] +pub(crate) fn inv_ntt_layer_3_step(mut v: SIMD128Vector, zeta: i16) -> SIMD128Vector { + // This is what we are trying to do for every four elements: + //let a_minus_b = simd::Vector::sub(b, &a); + //a = simd::Vector::add(a, &b); + //b = simd::Vector::montgomery_multiply_fe_by_fer(a_minus_b, zeta_r); + //(a, b) + + let zeta = _vdupq_n_s16(zeta); + let b_minus_a = _vsubq_s16(v.high, v.low); + v.low = _vaddq_s16(v.low, v.high); + v.high = montgomery_multiply_int16x8_t(b_minus_a, zeta); + v +} + +#[inline(always)] +pub(crate) fn ntt_multiply( + lhs: &SIMD128Vector, + rhs: &SIMD128Vector, + zeta1: i16, + zeta2: i16, + zeta3: i16, + zeta4: i16, +) -> SIMD128Vector { + // This is what we are trying to do for pairs of two elements: + // montgomery_reduce(a0 * b0 + montgomery_reduce(a1 * b1) * zeta), + // montgomery_reduce(a0 * b1 + a1 * b0) + //let lhsp = crate::simd::portable::from_i16_array(to_i16_array(lhs.clone())); + //let rhsp = crate::simd::portable::from_i16_array(to_i16_array(rhs.clone())); + //let mulp = crate::simd::portable::ntt_multiply(&lhsp,&rhsp,zeta0,zeta1); + //from_i16_array(crate::simd::portable::to_i16_array(mulp)) + + let zetas: [i16; 8] = [zeta1, zeta3, -zeta1, -zeta3, zeta2, zeta4, -zeta2, -zeta4]; + let zeta = _vld1q_s16(&zetas); + + let a0 = _vtrn1q_s16(lhs.low, lhs.high); // a0, a8, a2, a10, ... + let a1 = _vtrn2q_s16(lhs.low, lhs.high); // a1, a9, a3, a11, ... + let b0 = _vtrn1q_s16(rhs.low, rhs.high); // b0, b8, b2, b10, ... + let b1 = _vtrn2q_s16(rhs.low, rhs.high); // b1, b9, b3, b11, ... + + let a1b1 = montgomery_multiply_int16x8_t(a1, b1); + let a1b1_low = _vmull_s16(_vget_low_s16(a1b1), _vget_low_s16(zeta)); // a1b1z, a9b9z, a3b3z, a11b11z + let a1b1_high = _vmull_high_s16(a1b1, zeta); // a5b5z, a13b13z, a7b7z, a15b15z + + let fst_low = + _vreinterpretq_s16_s32(_vmlal_s16(a1b1_low, _vget_low_s16(a0), _vget_low_s16(b0))); // 0, 8, 2, 10 + let fst_high = _vreinterpretq_s16_s32(_vmlal_high_s16(a1b1_high, a0, b0)); // 4, 12, 6, 14 + + let a0b1_low = _vmull_s16(_vget_low_s16(a0), _vget_low_s16(b1)); + let a0b1_high = _vmull_high_s16(a0, b1); + + let snd_low = + _vreinterpretq_s16_s32(_vmlal_s16(a0b1_low, _vget_low_s16(a1), _vget_low_s16(b0))); // 1, 9, 3, 11 + let snd_high = _vreinterpretq_s16_s32(_vmlal_high_s16(a0b1_high, a1, b0)); // 5, 13, 7, 15 + + let fst_low16 = _vtrn1q_s16(fst_low, fst_high); // 0,4,8,12,2,6,10,14 + let fst_high16 = _vtrn2q_s16(fst_low, fst_high); + let snd_low16 = _vtrn1q_s16(snd_low, snd_high); // 1,5,9,13,3,7,11,15 + let snd_high16 = _vtrn2q_s16(snd_low, snd_high); + + let fst = montgomery_reduce_int16x8_t(fst_low16, fst_high16); // 0,4,8,12,2,6,10,14 + let snd = montgomery_reduce_int16x8_t(snd_low16, snd_high16); // 1,5,9,13,3,7,11,15 + + let low0 = _vreinterpretq_s32_s16(_vtrn1q_s16(fst, snd)); // 0,1,8,9,2,3,10,11 + let high0 = _vreinterpretq_s32_s16(_vtrn2q_s16(fst, snd)); // 4,5,12,13,6,7,14,15 + + let low1 = _vreinterpretq_s16_s32(_vtrn1q_s32(low0, high0)); // 0,1,4,5,2,3,6,7 + let high1 = _vreinterpretq_s16_s32(_vtrn2q_s32(low0, high0)); // 8,9,12,13,10,11,14,15 + + let indexes: [u8; 16] = [0, 1, 2, 3, 8, 9, 10, 11, 4, 5, 6, 7, 12, 13, 14, 15]; + let index = _vld1q_u8(&indexes); + let low2 = _vreinterpretq_s16_u8(_vqtbl1q_u8(_vreinterpretq_u8_s16(low1), index)); + let high2 = _vreinterpretq_s16_u8(_vqtbl1q_u8(_vreinterpretq_u8_s16(high1), index)); + + SIMD128Vector { + low: low2, + high: high2, + } +} \ No newline at end of file diff --git a/libcrux-ml-kem/src/vector/neon/rejsample.rs b/libcrux-ml-kem/src/vector/neon/rejsample.rs new file mode 100644 index 000000000..393762719 --- /dev/null +++ b/libcrux-ml-kem/src/vector/neon/rejsample.rs @@ -0,0 +1,33 @@ +#![forbid(unsafe_code)] + +use super::intrinsics::*; +use crate::vector::rej_sample_table::REJECTION_SAMPLE_SHUFFLE_TABLE; + +#[inline(always)] +pub(crate) fn rej_sample(a: &[u8], out: &mut [i16]) -> usize { + let neon_bits: [u16; 8] = [0x1, 0x2, 0x4, 0x8, 0x10, 0x20, 0x40, 0x80]; + let bits = _vld1q_u16(&neon_bits); + let fm = _vdupq_n_s16(3328); + + let input = super::simd128ops::deserialize_12(a); + let mask0 = _vcleq_s16(input.low, fm); + let mask1 = _vcleq_s16(input.high, fm); + let masked = _vandq_u16(mask0, bits); + let used0 = _vaddvq_u16(masked); + let masked = _vandq_u16(mask1, bits); + let used1 = _vaddvq_u16(masked); + let pick0 = used0.count_ones(); + let pick1 = used1.count_ones(); + + // XXX: the indices used0 and used1 must be < 256. + let index_vec0 = _vld1q_u8(&REJECTION_SAMPLE_SHUFFLE_TABLE[(used0 as u8) as usize]); + let shifted0 = _vreinterpretq_s16_u8(_vqtbl1q_u8(_vreinterpretq_u8_s16(input.low), index_vec0)); + let index_vec1 = _vld1q_u8(&REJECTION_SAMPLE_SHUFFLE_TABLE[(used1 as u8) as usize]); + let shifted1 = + _vreinterpretq_s16_u8(_vqtbl1q_u8(_vreinterpretq_u8_s16(input.high), index_vec1)); + + let idx0 = pick0 as usize; + _vst1q_s16(&mut out[0..8], shifted0); + _vst1q_s16(&mut out[idx0..idx0 + 8], shifted1); + (pick0 + pick1) as usize +} diff --git a/libcrux-ml-kem/src/vector/neon/sampling.rs b/libcrux-ml-kem/src/vector/neon/sampling.rs new file mode 100644 index 000000000..393762719 --- /dev/null +++ b/libcrux-ml-kem/src/vector/neon/sampling.rs @@ -0,0 +1,33 @@ +#![forbid(unsafe_code)] + +use super::intrinsics::*; +use crate::vector::rej_sample_table::REJECTION_SAMPLE_SHUFFLE_TABLE; + +#[inline(always)] +pub(crate) fn rej_sample(a: &[u8], out: &mut [i16]) -> usize { + let neon_bits: [u16; 8] = [0x1, 0x2, 0x4, 0x8, 0x10, 0x20, 0x40, 0x80]; + let bits = _vld1q_u16(&neon_bits); + let fm = _vdupq_n_s16(3328); + + let input = super::simd128ops::deserialize_12(a); + let mask0 = _vcleq_s16(input.low, fm); + let mask1 = _vcleq_s16(input.high, fm); + let masked = _vandq_u16(mask0, bits); + let used0 = _vaddvq_u16(masked); + let masked = _vandq_u16(mask1, bits); + let used1 = _vaddvq_u16(masked); + let pick0 = used0.count_ones(); + let pick1 = used1.count_ones(); + + // XXX: the indices used0 and used1 must be < 256. + let index_vec0 = _vld1q_u8(&REJECTION_SAMPLE_SHUFFLE_TABLE[(used0 as u8) as usize]); + let shifted0 = _vreinterpretq_s16_u8(_vqtbl1q_u8(_vreinterpretq_u8_s16(input.low), index_vec0)); + let index_vec1 = _vld1q_u8(&REJECTION_SAMPLE_SHUFFLE_TABLE[(used1 as u8) as usize]); + let shifted1 = + _vreinterpretq_s16_u8(_vqtbl1q_u8(_vreinterpretq_u8_s16(input.high), index_vec1)); + + let idx0 = pick0 as usize; + _vst1q_s16(&mut out[0..8], shifted0); + _vst1q_s16(&mut out[idx0..idx0 + 8], shifted1); + (pick0 + pick1) as usize +} diff --git a/libcrux-ml-kem/src/vector/neon/serialize.rs b/libcrux-ml-kem/src/vector/neon/serialize.rs new file mode 100644 index 000000000..a010e9775 --- /dev/null +++ b/libcrux-ml-kem/src/vector/neon/serialize.rs @@ -0,0 +1,313 @@ +use super::vector_type::*; +use libcrux_intrinsics::arm64::*; + + +#[inline(always)] +pub(crate) fn serialize_1(v: SIMD128Vector) -> [u8; 2] { + let shifter: [i16; 8] = [0, 1, 2, 3, 4, 5, 6, 7]; + let shift = _vld1q_s16(&shifter); + let low = _vshlq_s16(v.low, shift); + let high = _vshlq_s16(v.high, shift); + let low = _vaddvq_s16(low); + let high = _vaddvq_s16(high); + [low as u8, high as u8] +} + +#[inline(always)] +pub(crate) fn deserialize_1(a: &[u8]) -> SIMD128Vector { + let one = _vdupq_n_s16(1); + let low = _vdupq_n_s16(a[0] as i16); + let high = _vdupq_n_s16(a[1] as i16); + let shifter: [i16; 8] = [0, 0xff, -2, -3, -4, -5, -6, -7]; + let shift = _vld1q_s16(&shifter); + let low = _vshlq_s16(low, shift); + let high = _vshlq_s16(high, shift); + SIMD128Vector { + low: _vandq_s16(low, one), + high: _vandq_s16(high, one), + } +} + +#[inline(always)] +pub(crate) fn serialize_4(v: SIMD128Vector) -> [u8; 8] { + let shifter: [i16; 8] = [0, 4, 8, 12, 0, 4, 8, 12]; + let shift = _vld1q_s16(&shifter); + let lowt = _vshlq_u16(_vreinterpretq_u16_s16(v.low), shift); + let hight = _vshlq_u16(_vreinterpretq_u16_s16(v.high), shift); + let sum0 = _vaddv_u16(_vget_low_u16(lowt)) as u64; + let sum1 = _vaddv_u16(_vget_high_u16(lowt)) as u64; + let sum2 = _vaddv_u16(_vget_low_u16(hight)) as u64; + let sum3 = _vaddv_u16(_vget_high_u16(hight)) as u64; + let sum = sum0 | (sum1 << 16) | (sum2 << 32) | (sum3 << 48); + sum.to_le_bytes() +} + +#[inline(always)] +pub(crate) fn deserialize_4(v: &[u8]) -> SIMD128Vector { + let input = u64::from_le_bytes(v.try_into().unwrap()); + let mut low = [0i16; 8]; + let mut high = [0i16; 8]; + low[0] = (input & 0x0f) as i16; + low[1] = ((input >> 4) & 0x0f) as i16; + low[2] = ((input >> 8) & 0x0f) as i16; + low[3] = ((input >> 12) & 0x0f) as i16; + low[4] = ((input >> 16) & 0x0f) as i16; + low[5] = ((input >> 20) & 0x0f) as i16; + low[6] = ((input >> 24) & 0x0f) as i16; + low[7] = ((input >> 28) & 0x0f) as i16; + high[0] = ((input >> 32) & 0x0f) as i16; + high[1] = ((input >> 36) & 0x0f) as i16; + high[2] = ((input >> 40) & 0x0f) as i16; + high[3] = ((input >> 44) & 0x0f) as i16; + high[4] = ((input >> 48) & 0x0f) as i16; + high[5] = ((input >> 52) & 0x0f) as i16; + high[6] = ((input >> 56) & 0x0f) as i16; + high[7] = ((input >> 60) & 0x0f) as i16; + SIMD128Vector { + low: _vld1q_s16(&low), + high: _vld1q_s16(&high), + } +} + +#[inline(always)] +pub(crate) fn serialize_5(v: SIMD128Vector) -> [u8; 10] { + let mut res = [0u8; 10]; + let out = to_i16_array(v); + res[0] = (out[0] | out[1] << 5) as u8; + res[1] = (out[1] >> 3 | out[2] << 2 | out[3] << 7) as u8; + res[2] = (out[3] >> 1 | out[4] << 4) as u8; + res[3] = (out[4] >> 4 | out[5] << 1 | out[6] << 6) as u8; + res[4] = (out[6] >> 2 | out[7] << 3) as u8; + res[5] = (out[8 + 0] | out[8 + 1] << 5) as u8; + res[6] = (out[8 + 1] >> 3 | out[8 + 2] << 2 | out[8 + 3] << 7) as u8; + res[7] = (out[8 + 3] >> 1 | out[8 + 4] << 4) as u8; + res[8] = (out[8 + 4] >> 4 | out[8 + 5] << 1 | out[8 + 6] << 6) as u8; + res[9] = (out[8 + 6] >> 2 | out[8 + 7] << 3) as u8; + res +} + +#[inline(always)] +pub(crate) fn deserialize_5(v: &[u8]) -> SIMD128Vector { + let mut input0 = [0u8; 8]; + input0[0..5].copy_from_slice(&v[0..5]); + let low64 = u64::from_le_bytes(input0); + let mut input1 = [0u8; 8]; + input1[0..5].copy_from_slice(&v[5..10]); + let high64 = u64::from_le_bytes(input1); + + let mut low = [0i16; 8]; + let mut high = [0i16; 8]; + + low[0] = (low64 & 0x1F) as i16; + low[1] = ((low64 >> 5) & 0x1F) as i16; + low[2] = ((low64 >> 10) & 0x1F) as i16; + low[3] = ((low64 >> 15) & 0x1F) as i16; + low[4] = ((low64 >> 20) & 0x1F) as i16; + low[5] = ((low64 >> 25) & 0x1F) as i16; + low[6] = ((low64 >> 30) & 0x1F) as i16; + low[7] = ((low64 >> 35) & 0x1F) as i16; + + high[0] = (high64 & 0x1F) as i16; + high[1] = ((high64 >> 5) & 0x1F) as i16; + high[2] = ((high64 >> 10) & 0x1F) as i16; + high[3] = ((high64 >> 15) & 0x1F) as i16; + high[4] = ((high64 >> 20) & 0x1F) as i16; + high[5] = ((high64 >> 25) & 0x1F) as i16; + high[6] = ((high64 >> 30) & 0x1F) as i16; + high[7] = ((high64 >> 35) & 0x1F) as i16; + + SIMD128Vector { + low: _vld1q_s16(&low), + high: _vld1q_s16(&high), + } +} + +#[inline(always)] +pub(crate) fn serialize_10(v: SIMD128Vector) -> [u8; 20] { + let low0 = _vreinterpretq_s32_s16(_vtrn1q_s16(v.low, v.low)); // a0, a0, a2, a2, a4, a4, a6, a6 + let low1 = _vreinterpretq_s32_s16(_vtrn2q_s16(v.low, v.low)); // a1, a1, a3, a3, a5, a5, a7, a7 + let mixt = _vsliq_n_s32::<10>(low0, low1); // a1a0, a3a2, a5a4, a7a6 + + let low0 = _vreinterpretq_s64_s32(_vtrn1q_s32(mixt, mixt)); // a1a0, a1a0, a5a4, a5a4 + let low1 = _vreinterpretq_s64_s32(_vtrn2q_s32(mixt, mixt)); // a3a2, a3a2, a7a6, a7a6 + let low_mix = _vsliq_n_s64::<20>(low0, low1); // a3a2a1a0, a7a6a5a4 + + let high0 = _vreinterpretq_s32_s16(_vtrn1q_s16(v.high, v.high)); // a0, a0, a2, a2, a4, a4, a6, a6 + let high1 = _vreinterpretq_s32_s16(_vtrn2q_s16(v.high, v.high)); // a1, a1, a3, a3, a5, a5, a7, a7 + let mixt = _vsliq_n_s32::<10>(high0, high1); // a1a0, a3a2, a5a4, a7a6 + + let high0 = _vreinterpretq_s64_s32(_vtrn1q_s32(mixt, mixt)); // a1a0, a1a0, a5a4, a5a4 + let high1 = _vreinterpretq_s64_s32(_vtrn2q_s32(mixt, mixt)); // a3a2, a3a2, a7a6, a7a6 + let high_mix = _vsliq_n_s64::<20>(high0, high1); // a3a2a1a0, a7a6a5a4 + + let mut result32 = [0u8; 32]; + _vst1q_u8(&mut result32[0..16], _vreinterpretq_u8_s64(low_mix)); + _vst1q_u8(&mut result32[16..32], _vreinterpretq_u8_s64(high_mix)); + let mut result = [0u8; 20]; + result[0..5].copy_from_slice(&result32[0..5]); + result[5..10].copy_from_slice(&result32[8..13]); + result[10..15].copy_from_slice(&result32[16..21]); + result[15..20].copy_from_slice(&result32[24..29]); + result +} + +#[inline(always)] +pub(crate) fn deserialize_10(v: &[u8]) -> SIMD128Vector { + let mut input0 = [0u8; 8]; + let mut input1 = [0u8; 8]; + let mut input2 = [0u8; 4]; + input0.copy_from_slice(&v[0..8]); + input1.copy_from_slice(&v[8..16]); + input2.copy_from_slice(&v[16..20]); + let input0 = u64::from_le_bytes(input0); + let input1 = u64::from_le_bytes(input1); + let input2 = u32::from_le_bytes(input2); + let mut low = [0i16; 8]; + let mut high = [0i16; 8]; + low[0] = (input0 & 0x3ff) as i16; + low[1] = ((input0 >> 10) & 0x3ff) as i16; + low[2] = ((input0 >> 20) & 0x3ff) as i16; + low[3] = ((input0 >> 30) & 0x3ff) as i16; + low[4] = ((input0 >> 40) & 0x3ff) as i16; + low[5] = ((input0 >> 50) & 0x3ff) as i16; + low[6] = (((input0 >> 60) | (input1 << 4)) & 0x3ff) as i16; + low[7] = ((input1 >> 6) & 0x3ff) as i16; + high[0] = ((input1 >> 16) & 0x3ff) as i16; + high[1] = ((input1 >> 26) & 0x3ff) as i16; + high[2] = ((input1 >> 36) & 0x3ff) as i16; + high[3] = ((input1 >> 46) & 0x3ff) as i16; + high[4] = ((((input1 >> 56) as u32) | (input2 << 8)) & 0x3ff) as i16; + high[5] = ((input2 >> 2) & 0x3ff) as i16; + high[6] = ((input2 >> 12) & 0x3ff) as i16; + high[7] = ((input2 >> 22) & 0x3ff) as i16; + + SIMD128Vector { + low: _vld1q_s16(&low), + high: _vld1q_s16(&high), + } +} + +#[inline(always)] +pub(crate) fn serialize_11(v: SIMD128Vector) -> [u8; 22] { + let input = to_i16_array(v); + let mut result = [0u8; 22]; + result[0] = input[0] as u8; // 3 left in 0 + result[1] = ((input[0] >> 8) | (input[1] << 3)) as u8; // 6 left in 1 + result[2] = ((input[1] >> 5) | (input[2] << 6)) as u8; // 9 left in 2 + result[3] = (input[2] >> 2) as u8; // 1 left in 2 + result[4] = ((input[2] >> 10) | (input[3] << 1)) as u8; // 4 left in 3 + result[5] = ((input[3] >> 7) | (input[4] << 4)) as u8; // 7 left in 4 + result[6] = ((input[4] >> 4) | (input[5] << 7)) as u8; // 10 left in 5 + result[7] = (input[5] >> 1) as u8; // 2 left in 5 + result[8] = ((input[5] >> 9) | (input[6] << 2)) as u8; // 5 left in 6 + result[9] = ((input[6] >> 6) | (input[7] << 5)) as u8; // 8 left in 7 + result[10] = (input[7] >> 3) as u8; + + result[11 + 0] = input[8 + 0] as u8; // 3 left in 0 + result[11 + 1] = ((input[8 + 0] >> 8) | (input[8 + 1] << 3)) as u8; // 6 left in 1 + result[11 + 2] = ((input[8 + 1] >> 5) | (input[8 + 2] << 6)) as u8; // 9 left in 2 + result[11 + 3] = (input[8 + 2] >> 2) as u8; // 1 left in 2 + result[11 + 4] = ((input[8 + 2] >> 10) | (input[8 + 3] << 1)) as u8; // 4 left in 3 + result[11 + 5] = ((input[8 + 3] >> 7) | (input[8 + 4] << 4)) as u8; // 7 left in 4 + result[11 + 6] = ((input[8 + 4] >> 4) | (input[8 + 5] << 7)) as u8; // 10 left in 5 + result[11 + 7] = (input[8 + 5] >> 1) as u8; // 2 left in 5 + result[11 + 8] = ((input[8 + 5] >> 9) | (input[8 + 6] << 2)) as u8; // 5 left in 6 + result[11 + 9] = ((input[8 + 6] >> 6) | (input[8 + 7] << 5)) as u8; // 8 left in 7 + result[11 + 10] = (input[8 + 7] >> 3) as u8; + result +} + +#[inline(always)] +pub(crate) fn deserialize_11(v: &[u8]) -> SIMD128Vector { + let mut input0 = [0u8; 8]; + let mut input1 = [0u8; 8]; + let mut input2 = [0u8; 8]; + input0.copy_from_slice(&v[0..8]); + input1.copy_from_slice(&v[8..16]); + input2[0..6].copy_from_slice(&v[16..22]); + let input0 = u64::from_le_bytes(input0); + let input1 = u64::from_le_bytes(input1); + let input2 = u64::from_le_bytes(input2); + + let mut low = [0i16; 8]; + let mut high = [0i16; 8]; + + low[0] = (input0 & 0x7FF) as i16; + low[1] = ((input0 >> 11) & 0x7FF) as i16; + low[2] = ((input0 >> 22) & 0x7FF) as i16; + low[3] = ((input0 >> 33) & 0x7FF) as i16; + low[4] = ((input0 >> 44) & 0x7FF) as i16; + low[5] = (((input0 >> 55) | (input1 << 9)) & 0x7FF) as i16; + low[6] = ((input1 >> 2) & 0x7FF) as i16; + low[7] = ((input1 >> 13) & 0x7FF) as i16; + + high[0] = ((input1 >> 24) & 0x7FF) as i16; + high[1] = ((input1 >> 35) & 0x7FF) as i16; + high[2] = ((input1 >> 46) & 0x7FF) as i16; + high[3] = (((input1 >> 57) | (input2 << 7)) & 0x7FF) as i16; + high[4] = ((input2 >> 4) & 0x7FF) as i16; + high[5] = ((input2 >> 15) & 0x7FF) as i16; + high[6] = ((input2 >> 26) & 0x7FF) as i16; + high[7] = ((input2 >> 37) & 0x7FF) as i16; + + SIMD128Vector { + low: _vld1q_s16(&low), + high: _vld1q_s16(&high), + } +} + +#[inline(always)] +pub(crate) fn serialize_12(v: SIMD128Vector) -> [u8; 24] { + let low0 = _vreinterpretq_s32_s16(_vtrn1q_s16(v.low, v.low)); // a0, a0, a2, a2, a4, a4, a6, a6 + let low1 = _vreinterpretq_s32_s16(_vtrn2q_s16(v.low, v.low)); // a1, a1, a3, a3, a5, a5, a7, a7 + let mixt = _vsliq_n_s32::<12>(low0, low1); // a1a0, a3a2, a5a4, a7a6 + + let low0 = _vreinterpretq_s64_s32(_vtrn1q_s32(mixt, mixt)); // a1a0, a1a0, a5a4, a5a4 + let low1 = _vreinterpretq_s64_s32(_vtrn2q_s32(mixt, mixt)); // a3a2, a3a2, a7a6, a7a6 + let low_mix = _vsliq_n_s64::<24>(low0, low1); // a3a2a1a0, a7a6a5a4 + + let high0 = _vreinterpretq_s32_s16(_vtrn1q_s16(v.high, v.high)); // a0, a0, a2, a2, a4, a4, a6, a6 + let high1 = _vreinterpretq_s32_s16(_vtrn2q_s16(v.high, v.high)); // a1, a1, a3, a3, a5, a5, a7, a7 + let mixt = _vsliq_n_s32::<12>(high0, high1); // a1a0, a3a2, a5a4, a7a6 + + let high0 = _vreinterpretq_s64_s32(_vtrn1q_s32(mixt, mixt)); // a1a0, a1a0, a5a4, a5a4 + let high1 = _vreinterpretq_s64_s32(_vtrn2q_s32(mixt, mixt)); // a3a2, a3a2, a7a6, a7a6 + let high_mix = _vsliq_n_s64::<24>(high0, high1); // a3a2a1a0, a7a6a5a4 + + let mut result32 = [0u8; 32]; + _vst1q_u8(&mut result32[0..16], _vreinterpretq_u8_s64(low_mix)); + _vst1q_u8(&mut result32[16..32], _vreinterpretq_u8_s64(high_mix)); + let mut result = [0u8; 24]; + result[0..6].copy_from_slice(&result32[0..6]); + result[6..12].copy_from_slice(&result32[8..14]); + result[12..18].copy_from_slice(&result32[16..22]); + result[18..24].copy_from_slice(&result32[24..30]); + result +} + +#[inline(always)] +pub(crate) fn deserialize_12(v: &[u8]) -> SIMD128Vector { + let indexes: [u8; 16] = [0, 1, 1, 2, 3, 4, 4, 5, 6, 7, 7, 8, 9, 10, 10, 11]; + let index_vec = _vld1q_u8(&indexes); + let shifts: [i16; 8] = [0, -4, 0, -4, 0, -4, 0, -4]; + let shift_vec = _vld1q_s16(&shifts); + let mask12 = _vdupq_n_u16(0xfff); + + let mut input0 = [0u8; 16]; + input0[0..12].copy_from_slice(&v[0..12]); + let input_vec0 = _vld1q_u8(&input0); + + let mut input1 = [0u8; 16]; + input1[0..12].copy_from_slice(&v[12..24]); + let input_vec1 = _vld1q_u8(&input1); + + let moved0 = _vreinterpretq_u16_u8(_vqtbl1q_u8(input_vec0, index_vec)); + let shifted0 = _vshlq_u16(moved0, shift_vec); + let low = _vreinterpretq_s16_u16(_vandq_u16(shifted0, mask12)); + + let moved1 = _vreinterpretq_u16_u8(_vqtbl1q_u8(input_vec1, index_vec)); + let shifted1 = _vshlq_u16(moved1, shift_vec); + let high = _vreinterpretq_s16_u16(_vandq_u16(shifted1, mask12)); + + SIMD128Vector { low, high } +} diff --git a/libcrux-ml-kem/src/vector/neon/vector_type.rs b/libcrux-ml-kem/src/vector/neon/vector_type.rs new file mode 100644 index 000000000..61b4d319d --- /dev/null +++ b/libcrux-ml-kem/src/vector/neon/vector_type.rs @@ -0,0 +1,31 @@ +use libcrux_intrinsics::arm64::*; +#[derive(Clone, Copy)] +pub struct SIMD128Vector { + pub low: _int16x8_t, + pub high: _int16x8_t, +} + +#[allow(non_snake_case)] +#[inline(always)] +pub(crate) fn ZERO() -> SIMD128Vector { + SIMD128Vector { + low: _vdupq_n_s16(0), + high: _vdupq_n_s16(0), + } +} + +#[inline(always)] +pub(crate) fn to_i16_array(v: SIMD128Vector) -> [i16; 16] { + let mut out = [0i16; 16]; + _vst1q_s16(&mut out[0..8], v.low); + _vst1q_s16(&mut out[8..16], v.high); + out +} + +#[inline(always)] +pub(crate) fn from_i16_array(array: &[i16]) -> SIMD128Vector { + SIMD128Vector { + low: _vld1q_s16(&array[0..8]), + high: _vld1q_s16(&array[8..16]), + } +} From 96018d08c12ff3e10b985b0296ed1ed787b25a4d Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 20 Jun 2024 10:45:00 +0200 Subject: [PATCH 3/7] restructured portable vector code --- libcrux-ml-kem/src/polynomial.rs | 4 +- libcrux-ml-kem/src/vector.rs | 1182 +---------------- libcrux-ml-kem/src/vector/neon.rs | 5 +- libcrux-ml-kem/src/vector/portable.rs | 158 +++ .../src/vector/portable/arithmetic.rs | 194 +++ .../src/vector/portable/compress.rs | 127 ++ libcrux-ml-kem/src/vector/portable/ntt.rs | 361 +++++ .../src/vector/portable/sampling.rs | 24 + .../src/vector/portable/serialize.rs | 324 +++++ .../src/vector/portable/vector_type.rs | 25 + 10 files changed, 1217 insertions(+), 1187 deletions(-) create mode 100644 libcrux-ml-kem/src/vector/portable.rs create mode 100644 libcrux-ml-kem/src/vector/portable/arithmetic.rs create mode 100644 libcrux-ml-kem/src/vector/portable/compress.rs create mode 100644 libcrux-ml-kem/src/vector/portable/ntt.rs create mode 100644 libcrux-ml-kem/src/vector/portable/sampling.rs create mode 100644 libcrux-ml-kem/src/vector/portable/serialize.rs create mode 100644 libcrux-ml-kem/src/vector/portable/vector_type.rs diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs index 479f409f6..79983309f 100644 --- a/libcrux-ml-kem/src/polynomial.rs +++ b/libcrux-ml-kem/src/polynomial.rs @@ -1,8 +1,8 @@ use crate::vector::{ - to_standard_domain, FieldElementTimesMontgomeryR, Operations, FIELD_ELEMENTS_IN_VECTOR, + to_standard_domain, Operations, FIELD_ELEMENTS_IN_VECTOR, }; -pub(crate) const ZETAS_TIMES_MONTGOMERY_R: [FieldElementTimesMontgomeryR; 128] = [ +pub(crate) const ZETAS_TIMES_MONTGOMERY_R: [i16; 128] = [ -1044, -758, -359, -1517, 1493, 1422, 287, 202, -171, 622, 1577, 182, 962, -1202, -1474, 1468, 573, -1325, 264, 383, -829, 1458, -1602, -130, -681, 1017, 732, 608, -1542, 411, -205, -1571, 1223, 652, -552, 1015, -1293, 1491, -282, -1544, 516, -8, -320, -666, -1618, -1162, 126, 1469, diff --git a/libcrux-ml-kem/src/vector.rs b/libcrux-ml-kem/src/vector.rs index 010cba802..e5ec42648 100644 --- a/libcrux-ml-kem/src/vector.rs +++ b/libcrux-ml-kem/src/vector.rs @@ -35,1186 +35,6 @@ mod avx2; #[cfg(feature = "simd256")] pub(crate) use avx2::SIMD256Vector; -/// Values having this type hold a representative 'x' of the Kyber field. -/// We use 'fe' as a shorthand for this type. -type FieldElement = i16; +pub mod portable; -/// If 'x' denotes a value of type `fe`, values having this type hold a -/// representative y ≡ x·MONTGOMERY_R^(-1) (mod FIELD_MODULUS). -/// We use 'mfe' as a shorthand for this type -pub type MontgomeryFieldElement = i16; -/// If 'x' denotes a value of type `fe`, values having this type hold a -/// representative y ≡ x·MONTGOMERY_R (mod FIELD_MODULUS). -/// We use 'fer' as a shorthand for this type. -pub type FieldElementTimesMontgomeryR = i16; - -pub(crate) const MONTGOMERY_SHIFT: u8 = 16; -pub(crate) const MONTGOMERY_R: i32 = 1 << MONTGOMERY_SHIFT; - -pub(crate) const BARRETT_SHIFT: i32 = 26; -pub(crate) const BARRETT_R: i32 = 1 << BARRETT_SHIFT; -/// This is calculated as ⌊(BARRETT_R / FIELD_MODULUS) + 1/2⌋ -pub(crate) const BARRETT_MULTIPLIER: i32 = 20159; - -#[cfg_attr(hax, hax_lib::requires(n == 4 || n == 5 || n == 10 || n == 11 || n == MONTGOMERY_SHIFT))] -#[cfg_attr(hax, hax_lib::ensures(|result| result < 2u32.pow(n.into())))] -#[inline(always)] -pub(crate) fn get_n_least_significant_bits(n: u8, value: u32) -> u32 { - // hax_debug_assert!(n == 4 || n == 5 || n == 10 || n == 11 || n == MONTGOMERY_SHIFT); - - value & ((1 << n) - 1) -} - -/// Signed Montgomery Reduction -/// -/// Given an input `value`, `montgomery_reduce` outputs a representative `o` -/// such that: -/// -/// - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) -/// - the absolute value of `o` is bound as follows: -/// -/// `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) -/// -/// In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · FIELD_MODULUS) / 2`. -#[cfg_attr(hax, hax_lib::requires(value >= -(FIELD_MODULUS as i32) * MONTGOMERY_R && value <= (FIELD_MODULUS as i32) * MONTGOMERY_R))] -#[cfg_attr(hax, hax_lib::ensures(|result| result >= -(3 * FIELD_MODULUS) / 2 && result <= (3 * FIELD_MODULUS) / 2))] -pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement { - // This forces hax to extract code for MONTGOMERY_R before it extracts code - // for this function. The removal of this line is being tracked in: - // https://github.com/cryspen/libcrux/issues/134 - let _ = MONTGOMERY_R; - - //hax_debug_assert!( - // value >= -FIELD_MODULUS * MONTGOMERY_R && value <= FIELD_MODULUS * MONTGOMERY_R, - // "value is {value}" - //); - - let k = (value as i16) as i32 * (INVERSE_OF_MODULUS_MOD_MONTGOMERY_R as i32); - let k_times_modulus = (k as i16 as i32) * (FIELD_MODULUS as i32); - - let c = (k_times_modulus >> MONTGOMERY_SHIFT) as i16; - let value_high = (value >> MONTGOMERY_SHIFT) as i16; - - value_high - c -} - -/// If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to -/// `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to -/// `x · y`, as follows: -/// -/// `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` -/// -/// `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a representative -/// `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod FIELD_MODULUS)`. -#[inline(always)] -pub(crate) fn montgomery_multiply_fe_by_fer( - fe: FieldElement, - fer: FieldElementTimesMontgomeryR, -) -> FieldElement { - montgomery_reduce_element((fe as i32) * (fer as i32)) -} - -#[inline(always)] -fn montgomery_multiply_by_constant(mut v: PortableVector, c: i16) -> PortableVector { - for i in 0..FIELD_ELEMENTS_IN_VECTOR { - v.elements[i] = montgomery_multiply_fe_by_fer(v.elements[i], c) - } - v -} - -/// The `compress_*` functions implement the `Compress` function specified in the NIST FIPS -/// 203 standard (Page 18, Expression 4.5), which is defined as: -/// -/// ```plaintext -/// Compress_d: ℤq -> ℤ_{2ᵈ} -/// Compress_d(x) = ⌈(2ᵈ/q)·x⌋ -/// ``` -/// -/// Since `⌈x⌋ = ⌊x + 1/2⌋` we have: -/// -/// ```plaintext -/// Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ -/// = ⌊(2^{d+1}·x + q) / 2q⌋ -/// ``` -/// -/// For further information about the function implementations, consult the -/// `implementation_notes.pdf` document in this directory. -/// -/// The NIST FIPS 203 standard can be found at -/// . -#[cfg_attr(hax, hax_lib::requires(fe < (FIELD_MODULUS as u16)))] -#[cfg_attr(hax, hax_lib::ensures(|result| - hax_lib::implies(833 <= fe && fe <= 2596, || result == 1) && - hax_lib::implies(!(833 <= fe && fe <= 2596), || result == 0) -))] -pub(crate) fn compress_message_coefficient(fe: u16) -> u8 { - // The approach used here is inspired by: - // https://github.com/cloudflare/circl/blob/main/pke/kyber/internal/common/poly.go#L150 - - // If 833 <= fe <= 2496, - // then -832 <= shifted <= 831 - let shifted: i16 = 1664 - (fe as i16); - - // If shifted < 0, then - // (shifted >> 15) ^ shifted = flip_bits(shifted) = -shifted - 1, and so - // if -832 <= shifted < 0 then 0 < shifted_positive <= 831 - // - // If shifted >= 0 then - // (shifted >> 15) ^ shifted = shifted, and so - // if 0 <= shifted <= 831 then 0 <= shifted_positive <= 831 - let mask = shifted >> 15; - let shifted_to_positive = mask ^ shifted; - - let shifted_positive_in_range = shifted_to_positive - 832; - - // If x <= 831, then x - 832 <= -1, and so x - 832 < 0, which means - // the most significant bit of shifted_positive_in_range will be 1. - ((shifted_positive_in_range >> 15) & 1) as u8 -} - -#[cfg_attr(hax, - hax_lib::requires( - (coefficient_bits == 4 || - coefficient_bits == 5 || - coefficient_bits == 10 || - coefficient_bits == 11) && - fe < (FIELD_MODULUS as u16)))] -#[cfg_attr(hax, - hax_lib::ensures( - |result| result >= 0 && result < 2i16.pow(coefficient_bits as u32)))] -pub(crate) fn compress_ciphertext_coefficient(coefficient_bits: u8, fe: u16) -> FieldElement { - // hax_debug_assert!( - // coefficient_bits == 4 - // || coefficient_bits == 5 - // || coefficient_bits == 10 - // || coefficient_bits == 11 - // ); - // hax_debug_assert!(fe <= (FIELD_MODULUS as u16)); - - // This has to be constant time due to: - // https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/ldX0ThYJuBo/m/ovODsdY7AwAJ - let mut compressed = (fe as u64) << coefficient_bits; - compressed += 1664 as u64; - - compressed *= 10_321_340; - compressed >>= 35; - - get_n_least_significant_bits(coefficient_bits, compressed as u32) as FieldElement -} - -pub(crate) mod portable { - - use super::*; - - #[derive(Clone, Copy)] - pub(crate) struct PortableVector { - pub(crate) elements: [FieldElement; FIELD_ELEMENTS_IN_VECTOR], - } -} - -use portable::*; - -#[allow(non_snake_case)] -#[inline(always)] -pub fn zero() -> PortableVector { - PortableVector { - elements: [0i16; FIELD_ELEMENTS_IN_VECTOR], - } -} - -#[inline(always)] -pub fn from_i16_array(array: &[i16]) -> PortableVector { - PortableVector { - elements: array[0..16].try_into().unwrap(), - } -} - -#[inline(always)] -pub fn add(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector { - for i in 0..FIELD_ELEMENTS_IN_VECTOR { - lhs.elements[i] += rhs.elements[i]; - } - - lhs -} - -#[inline(always)] -pub fn sub(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector { - for i in 0..FIELD_ELEMENTS_IN_VECTOR { - lhs.elements[i] -= rhs.elements[i]; - } - - lhs -} - -#[inline(always)] -pub fn multiply_by_constant(mut v: PortableVector, c: i16) -> PortableVector { - for i in 0..FIELD_ELEMENTS_IN_VECTOR { - v.elements[i] *= c; - } - - v -} - -#[inline(always)] -pub fn bitwise_and_with_constant(mut v: PortableVector, c: i16) -> PortableVector { - for i in 0..FIELD_ELEMENTS_IN_VECTOR { - v.elements[i] &= c; - } - - v -} - -#[inline(always)] -pub fn shift_right(mut v: PortableVector) -> PortableVector { - for i in 0..FIELD_ELEMENTS_IN_VECTOR { - v.elements[i] = v.elements[i] >> SHIFT_BY; - } - - v -} - -// #[inline(always)] -// pub fn shift_left(mut lhs: PortableVector) -> PortableVector { -// for i in 0..FIELD_ELEMENTS_IN_VECTOR { -// lhs.elements[i] = lhs.elements[i] << SHIFT_BY; -// } - -// lhs -// } - -#[inline(always)] -pub fn cond_subtract_3329(mut v: PortableVector) -> PortableVector { - for i in 0..FIELD_ELEMENTS_IN_VECTOR { - debug_assert!(v.elements[i] >= 0 && v.elements[i] < 4096); - if v.elements[i] >= 3329 { - v.elements[i] -= 3329 - } - } - v -} - -/// Signed Barrett Reduction -/// -/// Given an input `value`, `barrett_reduce` outputs a representative `result` -/// such that: -/// -/// - result ≡ value (mod FIELD_MODULUS) -/// - the absolute value of `result` is bound as follows: -/// -/// `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) -/// -/// In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. -#[cfg_attr(hax, hax_lib::requires((i32::from(value) > -BARRETT_R && i32::from(value) < BARRETT_R)))] -#[cfg_attr(hax, hax_lib::ensures(|result| result > -FIELD_MODULUS && result < FIELD_MODULUS))] -pub(crate) fn barrett_reduce_element(value: FieldElement) -> FieldElement { - // hax_debug_assert!( - // i32::from(value) > -BARRETT_R && i32::from(value) < BARRETT_R, - // "value is {value}" - // ); - - let t = (i32::from(value) * BARRETT_MULTIPLIER) + (BARRETT_R >> 1); - let quotient = (t >> BARRETT_SHIFT) as i16; - - let result = value - (quotient * FIELD_MODULUS); - - // hax_debug_assert!( - // result > -FIELD_MODULUS && result < FIELD_MODULUS, - // "value is {value}" - // ); - - result -} - -#[inline(always)] -fn barrett_reduce(mut v: PortableVector) -> PortableVector { - for i in 0..FIELD_ELEMENTS_IN_VECTOR { - v.elements[i] = barrett_reduce_element(v.elements[i]); - } - - v -} - -#[inline(always)] -fn compress_1(mut v: PortableVector) -> PortableVector { - for i in 0..FIELD_ELEMENTS_IN_VECTOR { - v.elements[i] = compress_message_coefficient(v.elements[i] as u16) as i16; - } - - v -} - -#[inline(always)] -fn compress(mut v: PortableVector) -> PortableVector { - for i in 0..FIELD_ELEMENTS_IN_VECTOR { - v.elements[i] = - compress_ciphertext_coefficient(COEFFICIENT_BITS as u8, v.elements[i] as u16) as i16; - } - v -} - -#[inline(always)] -fn decompress_ciphertext_coefficient( - mut v: PortableVector, -) -> PortableVector { - // debug_assert!(to_i16_array(v) - // .into_iter() - // .all(|coefficient| coefficient.abs() < 1 << COEFFICIENT_BITS)); - - for i in 0..FIELD_ELEMENTS_IN_VECTOR { - let mut decompressed = v.elements[i] as i32 * FIELD_MODULUS as i32; - decompressed = (decompressed << 1) + (1i32 << COEFFICIENT_BITS); - decompressed = decompressed >> (COEFFICIENT_BITS + 1); - v.elements[i] = decompressed as i16; - } - - // debug_assert!(to_i16_array(v) - // .into_iter() - // .all(|coefficient| coefficient.abs() as u16 <= 1 << 12)); - - v -} - -#[inline(always)] -fn ntt_layer_1_step( - mut v: PortableVector, - zeta0: i16, - zeta1: i16, - zeta2: i16, - zeta3: i16, -) -> PortableVector { - // First 8 elements. - let t = montgomery_multiply_fe_by_fer(v.elements[2], zeta0); - v.elements[2] = v.elements[0] - t; - v.elements[0] = v.elements[0] + t; - - let t = montgomery_multiply_fe_by_fer(v.elements[3], zeta0); - v.elements[3] = v.elements[1] - t; - v.elements[1] = v.elements[1] + t; - - let t = montgomery_multiply_fe_by_fer(v.elements[6], zeta1); - v.elements[6] = v.elements[4] - t; - v.elements[4] = v.elements[4] + t; - - let t = montgomery_multiply_fe_by_fer(v.elements[7], zeta1); - v.elements[7] = v.elements[5] - t; - v.elements[5] = v.elements[5] + t; - - // Next 8 elements. - let t = montgomery_multiply_fe_by_fer(v.elements[8 + 2], zeta2); - v.elements[8 + 2] = v.elements[8 + 0] - t; - v.elements[8 + 0] = v.elements[8 + 0] + t; - - let t = montgomery_multiply_fe_by_fer(v.elements[8 + 3], zeta2); - v.elements[8 + 3] = v.elements[8 + 1] - t; - v.elements[8 + 1] = v.elements[8 + 1] + t; - - let t = montgomery_multiply_fe_by_fer(v.elements[8 + 6], zeta3); - v.elements[8 + 6] = v.elements[8 + 4] - t; - v.elements[8 + 4] = v.elements[8 + 4] + t; - - let t = montgomery_multiply_fe_by_fer(v.elements[8 + 7], zeta3); - v.elements[8 + 7] = v.elements[8 + 5] - t; - v.elements[8 + 5] = v.elements[8 + 5] + t; - - v -} - -#[inline(always)] -fn ntt_layer_3_step(mut v: PortableVector, zeta: i16) -> PortableVector { - let t = montgomery_multiply_fe_by_fer(v.elements[8], zeta); - v.elements[8] = v.elements[0] - t; - v.elements[0] = v.elements[0] + t; - - let t = montgomery_multiply_fe_by_fer(v.elements[9], zeta); - v.elements[9] = v.elements[1] - t; - v.elements[1] = v.elements[1] + t; - - let t = montgomery_multiply_fe_by_fer(v.elements[10], zeta); - v.elements[10] = v.elements[2] - t; - v.elements[2] = v.elements[2] + t; - - let t = montgomery_multiply_fe_by_fer(v.elements[11], zeta); - v.elements[11] = v.elements[3] - t; - v.elements[3] = v.elements[3] + t; - - let t = montgomery_multiply_fe_by_fer(v.elements[12], zeta); - v.elements[12] = v.elements[4] - t; - v.elements[4] = v.elements[4] + t; - - let t = montgomery_multiply_fe_by_fer(v.elements[13], zeta); - v.elements[13] = v.elements[5] - t; - v.elements[5] = v.elements[5] + t; - - let t = montgomery_multiply_fe_by_fer(v.elements[14], zeta); - v.elements[14] = v.elements[6] - t; - v.elements[6] = v.elements[6] + t; - - let t = montgomery_multiply_fe_by_fer(v.elements[15], zeta); - v.elements[15] = v.elements[7] - t; - v.elements[7] = v.elements[7] + t; - - v -} - -#[inline(always)] -fn ntt_layer_2_step(mut v: PortableVector, zeta0: i16, zeta1: i16) -> PortableVector { - // First 8 elements. - let t = montgomery_multiply_fe_by_fer(v.elements[4], zeta0); - v.elements[4] = v.elements[0] - t; - v.elements[0] = v.elements[0] + t; - - let t = montgomery_multiply_fe_by_fer(v.elements[5], zeta0); - v.elements[5] = v.elements[1] - t; - v.elements[1] = v.elements[1] + t; - - let t = montgomery_multiply_fe_by_fer(v.elements[6], zeta0); - v.elements[6] = v.elements[2] - t; - v.elements[2] = v.elements[2] + t; - - let t = montgomery_multiply_fe_by_fer(v.elements[7], zeta0); - v.elements[7] = v.elements[3] - t; - v.elements[3] = v.elements[3] + t; - - // Next 8 elements. - let t = montgomery_multiply_fe_by_fer(v.elements[8 + 4], zeta1); - v.elements[8 + 4] = v.elements[8 + 0] - t; - v.elements[8 + 0] = v.elements[8 + 0] + t; - - let t = montgomery_multiply_fe_by_fer(v.elements[8 + 5], zeta1); - v.elements[8 + 5] = v.elements[8 + 1] - t; - v.elements[8 + 1] = v.elements[8 + 1] + t; - - let t = montgomery_multiply_fe_by_fer(v.elements[8 + 6], zeta1); - v.elements[8 + 6] = v.elements[8 + 2] - t; - v.elements[8 + 2] = v.elements[8 + 2] + t; - - let t = montgomery_multiply_fe_by_fer(v.elements[8 + 7], zeta1); - v.elements[8 + 7] = v.elements[8 + 3] - t; - v.elements[8 + 3] = v.elements[8 + 3] + t; - - v -} - -#[inline(always)] -fn inv_ntt_layer_1_step( - mut v: PortableVector, - zeta0: i16, - zeta1: i16, - zeta2: i16, - zeta3: i16, -) -> PortableVector { - // First 8 elements. - let a_minus_b = v.elements[2] - v.elements[0]; - v.elements[0] = barrett_reduce_element(v.elements[0] + v.elements[2]); - v.elements[2] = montgomery_multiply_fe_by_fer(a_minus_b, zeta0); - - let a_minus_b = v.elements[3] - v.elements[1]; - v.elements[1] = barrett_reduce_element(v.elements[1] + v.elements[3]); - v.elements[3] = montgomery_multiply_fe_by_fer(a_minus_b, zeta0); - - let a_minus_b = v.elements[6] - v.elements[4]; - v.elements[4] = barrett_reduce_element(v.elements[4] + v.elements[6]); - v.elements[6] = montgomery_multiply_fe_by_fer(a_minus_b, zeta1); - - let a_minus_b = v.elements[7] - v.elements[5]; - v.elements[5] = barrett_reduce_element(v.elements[5] + v.elements[7]); - v.elements[7] = montgomery_multiply_fe_by_fer(a_minus_b, zeta1); - - // Next 8 elements. - let a_minus_b = v.elements[8 + 2] - v.elements[8 + 0]; - v.elements[8 + 0] = barrett_reduce_element(v.elements[8 + 0] + v.elements[8 + 2]); - v.elements[8 + 2] = montgomery_multiply_fe_by_fer(a_minus_b, zeta2); - - let a_minus_b = v.elements[8 + 3] - v.elements[8 + 1]; - v.elements[8 + 1] = barrett_reduce_element(v.elements[8 + 1] + v.elements[8 + 3]); - v.elements[8 + 3] = montgomery_multiply_fe_by_fer(a_minus_b, zeta2); - - let a_minus_b = v.elements[8 + 6] - v.elements[8 + 4]; - v.elements[8 + 4] = barrett_reduce_element(v.elements[8 + 4] + v.elements[8 + 6]); - v.elements[8 + 6] = montgomery_multiply_fe_by_fer(a_minus_b, zeta3); - - let a_minus_b = v.elements[8 + 7] - v.elements[8 + 5]; - v.elements[8 + 5] = barrett_reduce_element(v.elements[8 + 5] + v.elements[8 + 7]); - v.elements[8 + 7] = montgomery_multiply_fe_by_fer(a_minus_b, zeta3); - - v -} - -#[inline(always)] -fn inv_ntt_layer_2_step(mut v: PortableVector, zeta0: i16, zeta1: i16) -> PortableVector { - // First 8 elements. - let a_minus_b = v.elements[4] - v.elements[0]; - v.elements[0] = v.elements[0] + v.elements[4]; - v.elements[4] = montgomery_multiply_fe_by_fer(a_minus_b, zeta0); - - let a_minus_b = v.elements[5] - v.elements[1]; - v.elements[1] = v.elements[1] + v.elements[5]; - v.elements[5] = montgomery_multiply_fe_by_fer(a_minus_b, zeta0); - - let a_minus_b = v.elements[6] - v.elements[2]; - v.elements[2] = v.elements[2] + v.elements[6]; - v.elements[6] = montgomery_multiply_fe_by_fer(a_minus_b, zeta0); - - let a_minus_b = v.elements[7] - v.elements[3]; - v.elements[3] = v.elements[3] + v.elements[7]; - v.elements[7] = montgomery_multiply_fe_by_fer(a_minus_b, zeta0); - - // Next 8 elements. - let a_minus_b = v.elements[8 + 4] - v.elements[8 + 0]; - v.elements[8 + 0] = v.elements[8 + 0] + v.elements[8 + 4]; - v.elements[8 + 4] = montgomery_multiply_fe_by_fer(a_minus_b, zeta1); - - let a_minus_b = v.elements[8 + 5] - v.elements[8 + 1]; - v.elements[8 + 1] = v.elements[8 + 1] + v.elements[8 + 5]; - v.elements[8 + 5] = montgomery_multiply_fe_by_fer(a_minus_b, zeta1); - - let a_minus_b = v.elements[8 + 6] - v.elements[8 + 2]; - v.elements[8 + 2] = v.elements[8 + 2] + v.elements[8 + 6]; - v.elements[8 + 6] = montgomery_multiply_fe_by_fer(a_minus_b, zeta1); - - let a_minus_b = v.elements[8 + 7] - v.elements[8 + 3]; - v.elements[8 + 3] = v.elements[8 + 3] + v.elements[8 + 7]; - v.elements[8 + 7] = montgomery_multiply_fe_by_fer(a_minus_b, zeta1); - - v -} - -#[inline(always)] -fn inv_ntt_layer_3_step(mut v: PortableVector, zeta: i16) -> PortableVector { - let a_minus_b = v.elements[8] - v.elements[0]; - v.elements[0] = v.elements[0] + v.elements[8]; - v.elements[8] = montgomery_multiply_fe_by_fer(a_minus_b, zeta); - - let a_minus_b = v.elements[9] - v.elements[1]; - v.elements[1] = v.elements[1] + v.elements[9]; - v.elements[9] = montgomery_multiply_fe_by_fer(a_minus_b, zeta); - - let a_minus_b = v.elements[10] - v.elements[2]; - v.elements[2] = v.elements[2] + v.elements[10]; - v.elements[10] = montgomery_multiply_fe_by_fer(a_minus_b, zeta); - - let a_minus_b = v.elements[11] - v.elements[3]; - v.elements[3] = v.elements[3] + v.elements[11]; - v.elements[11] = montgomery_multiply_fe_by_fer(a_minus_b, zeta); - - let a_minus_b = v.elements[12] - v.elements[4]; - v.elements[4] = v.elements[4] + v.elements[12]; - v.elements[12] = montgomery_multiply_fe_by_fer(a_minus_b, zeta); - - let a_minus_b = v.elements[13] - v.elements[5]; - v.elements[5] = v.elements[5] + v.elements[13]; - v.elements[13] = montgomery_multiply_fe_by_fer(a_minus_b, zeta); - - let a_minus_b = v.elements[14] - v.elements[6]; - v.elements[6] = v.elements[6] + v.elements[14]; - v.elements[14] = montgomery_multiply_fe_by_fer(a_minus_b, zeta); - - let a_minus_b = v.elements[15] - v.elements[7]; - v.elements[7] = v.elements[7] + v.elements[15]; - v.elements[15] = montgomery_multiply_fe_by_fer(a_minus_b, zeta); - - v -} - -/// Compute the product of two Kyber binomials with respect to the -/// modulus `X² - zeta`. -/// -/// This function almost implements Algorithm 11 of the -/// NIST FIPS 203 standard, which is reproduced below: -/// -/// ```plaintext -/// Input: a₀, a₁, b₀, b₁ ∈ ℤq. -/// Input: γ ∈ ℤq. -/// Output: c₀, c₁ ∈ ℤq. -/// -/// c₀ ← a₀·b₀ + a₁·b₁·γ -/// c₁ ← a₀·b₁ + a₁·b₀ -/// return c₀, c₁ -/// ``` -/// We say "almost" because the coefficients output by this function are in -/// the Montgomery domain (unlike in the specification). -/// -/// The NIST FIPS 203 standard can be found at -/// . -#[inline(always)] -pub(crate) fn ntt_multiply_binomials( - (a0, a1): (FieldElement, FieldElement), - (b0, b1): (FieldElement, FieldElement), - zeta: FieldElementTimesMontgomeryR, -) -> (MontgomeryFieldElement, MontgomeryFieldElement) { - ( - montgomery_reduce_element( - (a0 as i32) * (b0 as i32) - + (montgomery_reduce_element((a1 as i32) * (b1 as i32)) as i32) * (zeta as i32), - ), - montgomery_reduce_element((a0 as i32) * (b1 as i32) + (a1 as i32) * (b0 as i32)), - ) -} - -#[inline(always)] -fn ntt_multiply( - lhs: &PortableVector, - rhs: &PortableVector, - zeta0: i16, - zeta1: i16, - zeta2: i16, - zeta3: i16, -) -> PortableVector { - let mut out = zero(); - - // First 8 elements. - let product = ntt_multiply_binomials( - (lhs.elements[0], lhs.elements[1]), - (rhs.elements[0], rhs.elements[1]), - zeta0, - ); - out.elements[0] = product.0; - out.elements[1] = product.1; - - let product = ntt_multiply_binomials( - (lhs.elements[2], lhs.elements[3]), - (rhs.elements[2], rhs.elements[3]), - -zeta0, - ); - out.elements[2] = product.0; - out.elements[3] = product.1; - - let product = ntt_multiply_binomials( - (lhs.elements[4], lhs.elements[5]), - (rhs.elements[4], rhs.elements[5]), - zeta1, - ); - out.elements[4] = product.0; - out.elements[5] = product.1; - - let product = ntt_multiply_binomials( - (lhs.elements[6], lhs.elements[7]), - (rhs.elements[6], rhs.elements[7]), - -zeta1, - ); - out.elements[6] = product.0; - out.elements[7] = product.1; - - // Next 8 elements. - let product = ntt_multiply_binomials( - (lhs.elements[8 + 0], lhs.elements[8 + 1]), - (rhs.elements[8 + 0], rhs.elements[8 + 1]), - zeta2, - ); - out.elements[8 + 0] = product.0; - out.elements[8 + 1] = product.1; - - let product = ntt_multiply_binomials( - (lhs.elements[8 + 2], lhs.elements[8 + 3]), - (rhs.elements[8 + 2], rhs.elements[8 + 3]), - -zeta2, - ); - out.elements[8 + 2] = product.0; - out.elements[8 + 3] = product.1; - - let product = ntt_multiply_binomials( - (lhs.elements[8 + 4], lhs.elements[8 + 5]), - (rhs.elements[8 + 4], rhs.elements[8 + 5]), - zeta3, - ); - out.elements[8 + 4] = product.0; - out.elements[8 + 5] = product.1; - - let product = ntt_multiply_binomials( - (lhs.elements[8 + 6], lhs.elements[8 + 7]), - (rhs.elements[8 + 6], rhs.elements[8 + 7]), - -zeta3, - ); - out.elements[8 + 6] = product.0; - out.elements[8 + 7] = product.1; - - out -} - -#[inline(always)] -fn serialize_1(v: PortableVector) -> [u8; 2] { - let mut result = [0u8; 2]; - - for i in 0..8 { - result[0] |= (v.elements[i] as u8) << i; - } - - for i in 8..16 { - result[1] |= (v.elements[i] as u8) << (i - 8); - } - - result -} - -#[inline(always)] -fn deserialize_1(v: &[u8]) -> PortableVector { - let mut result = zero(); - - for i in 0..8 { - result.elements[i] = ((v[0] >> i) & 0x1) as i16; - } - for i in 8..FIELD_ELEMENTS_IN_VECTOR { - result.elements[i] = ((v[1] >> (i - 8)) & 0x1) as i16; - } - - result -} - -#[inline(always)] -fn serialize_4(v: PortableVector) -> [u8; 8] { - let mut result = [0u8; 8]; - - result[0] = ((v.elements[1] as u8) << 4) | (v.elements[0] as u8); - result[1] = ((v.elements[3] as u8) << 4) | (v.elements[2] as u8); - result[2] = ((v.elements[5] as u8) << 4) | (v.elements[4] as u8); - result[3] = ((v.elements[7] as u8) << 4) | (v.elements[6] as u8); - - result[4] = ((v.elements[8 + 1] as u8) << 4) | (v.elements[8 + 0] as u8); - result[5] = ((v.elements[8 + 3] as u8) << 4) | (v.elements[8 + 2] as u8); - result[6] = ((v.elements[8 + 5] as u8) << 4) | (v.elements[8 + 4] as u8); - result[7] = ((v.elements[8 + 7] as u8) << 4) | (v.elements[8 + 6] as u8); - - result -} - -#[inline(always)] -fn deserialize_4(bytes: &[u8]) -> PortableVector { - let mut v = zero(); - - v.elements[0] = (bytes[0] & 0x0F) as i16; - v.elements[1] = ((bytes[0] >> 4) & 0x0F) as i16; - v.elements[2] = (bytes[1] & 0x0F) as i16; - v.elements[3] = ((bytes[1] >> 4) & 0x0F) as i16; - v.elements[4] = (bytes[2] & 0x0F) as i16; - v.elements[5] = ((bytes[2] >> 4) & 0x0F) as i16; - v.elements[6] = (bytes[3] & 0x0F) as i16; - v.elements[7] = ((bytes[3] >> 4) & 0x0F) as i16; - - v.elements[8] = (bytes[4] & 0x0F) as i16; - v.elements[9] = ((bytes[4] >> 4) & 0x0F) as i16; - v.elements[10] = (bytes[5] & 0x0F) as i16; - v.elements[11] = ((bytes[5] >> 4) & 0x0F) as i16; - v.elements[12] = (bytes[6] & 0x0F) as i16; - v.elements[13] = ((bytes[6] >> 4) & 0x0F) as i16; - v.elements[14] = (bytes[7] & 0x0F) as i16; - v.elements[15] = ((bytes[7] >> 4) & 0x0F) as i16; - - v -} - -#[inline(always)] -fn serialize_5(v: PortableVector) -> [u8; 10] { - let mut result = [0u8; 10]; - - result[0] = ((v.elements[1] & 0x7) << 5 | v.elements[0]) as u8; - result[1] = (((v.elements[3] & 1) << 7) | (v.elements[2] << 2) | (v.elements[1] >> 3)) as u8; - result[2] = (((v.elements[4] & 0xF) << 4) | (v.elements[3] >> 1)) as u8; - result[3] = (((v.elements[6] & 0x3) << 6) | (v.elements[5] << 1) | (v.elements[4] >> 4)) as u8; - result[4] = ((v.elements[7] << 3) | (v.elements[6] >> 2)) as u8; - - result[5] = ((v.elements[8 + 1] & 0x7) << 5 | v.elements[8 + 0]) as u8; - result[6] = (((v.elements[8 + 3] & 1) << 7) - | (v.elements[8 + 2] << 2) - | (v.elements[8 + 1] >> 3)) as u8; - result[7] = (((v.elements[8 + 4] & 0xF) << 4) | (v.elements[8 + 3] >> 1)) as u8; - result[8] = (((v.elements[8 + 6] & 0x3) << 6) - | (v.elements[8 + 5] << 1) - | (v.elements[8 + 4] >> 4)) as u8; - result[9] = ((v.elements[8 + 7] << 3) | (v.elements[8 + 6] >> 2)) as u8; - - result -} - -#[inline(always)] -fn deserialize_5(bytes: &[u8]) -> PortableVector { - let mut v = zero(); - - v.elements[0] = (bytes[0] & 0x1F) as i16; - v.elements[1] = ((bytes[1] & 0x3) << 3 | (bytes[0] >> 5)) as i16; - v.elements[2] = ((bytes[1] >> 2) & 0x1F) as i16; - v.elements[3] = (((bytes[2] & 0xF) << 1) | (bytes[1] >> 7)) as i16; - v.elements[4] = (((bytes[3] & 1) << 4) | (bytes[2] >> 4)) as i16; - v.elements[5] = ((bytes[3] >> 1) & 0x1F) as i16; - v.elements[6] = (((bytes[4] & 0x7) << 2) | (bytes[3] >> 6)) as i16; - v.elements[7] = (bytes[4] >> 3) as i16; - - v.elements[8] = (bytes[5 + 0] & 0x1F) as i16; - v.elements[9] = ((bytes[5 + 1] & 0x3) << 3 | (bytes[5 + 0] >> 5)) as i16; - v.elements[10] = ((bytes[5 + 1] >> 2) & 0x1F) as i16; - v.elements[11] = (((bytes[5 + 2] & 0xF) << 1) | (bytes[5 + 1] >> 7)) as i16; - v.elements[12] = (((bytes[5 + 3] & 1) << 4) | (bytes[5 + 2] >> 4)) as i16; - v.elements[13] = ((bytes[5 + 3] >> 1) & 0x1F) as i16; - v.elements[14] = (((bytes[5 + 4] & 0x7) << 2) | (bytes[5 + 3] >> 6)) as i16; - v.elements[15] = (bytes[5 + 4] >> 3) as i16; - - v -} - -#[inline(always)] -fn serialize_10(v: PortableVector) -> [u8; 20] { - let mut result = [0u8; 20]; - - result[0] = (v.elements[0] & 0xFF) as u8; - result[1] = ((v.elements[1] & 0x3F) as u8) << 2 | ((v.elements[0] >> 8) & 0x03) as u8; - result[2] = ((v.elements[2] & 0x0F) as u8) << 4 | ((v.elements[1] >> 6) & 0x0F) as u8; - result[3] = ((v.elements[3] & 0x03) as u8) << 6 | ((v.elements[2] >> 4) & 0x3F) as u8; - result[4] = ((v.elements[3] >> 2) & 0xFF) as u8; - result[5] = (v.elements[4] & 0xFF) as u8; - result[6] = ((v.elements[5] & 0x3F) as u8) << 2 | ((v.elements[4] >> 8) & 0x03) as u8; - result[7] = ((v.elements[6] & 0x0F) as u8) << 4 | ((v.elements[5] >> 6) & 0x0F) as u8; - result[8] = ((v.elements[7] & 0x03) as u8) << 6 | ((v.elements[6] >> 4) & 0x3F) as u8; - result[9] = ((v.elements[7] >> 2) & 0xFF) as u8; - - result[10] = (v.elements[8 + 0] & 0xFF) as u8; - result[11] = ((v.elements[8 + 1] & 0x3F) as u8) << 2 | ((v.elements[8 + 0] >> 8) & 0x03) as u8; - result[12] = ((v.elements[8 + 2] & 0x0F) as u8) << 4 | ((v.elements[8 + 1] >> 6) & 0x0F) as u8; - result[13] = ((v.elements[8 + 3] & 0x03) as u8) << 6 | ((v.elements[8 + 2] >> 4) & 0x3F) as u8; - result[14] = ((v.elements[8 + 3] >> 2) & 0xFF) as u8; - result[15] = (v.elements[8 + 4] & 0xFF) as u8; - result[16] = ((v.elements[8 + 5] & 0x3F) as u8) << 2 | ((v.elements[8 + 4] >> 8) & 0x03) as u8; - result[17] = ((v.elements[8 + 6] & 0x0F) as u8) << 4 | ((v.elements[8 + 5] >> 6) & 0x0F) as u8; - result[18] = ((v.elements[8 + 7] & 0x03) as u8) << 6 | ((v.elements[8 + 6] >> 4) & 0x3F) as u8; - result[19] = ((v.elements[8 + 7] >> 2) & 0xFF) as u8; - - result -} - -#[inline(always)] -fn deserialize_10(bytes: &[u8]) -> PortableVector { - let mut result = zero(); - - result.elements[0] = ((bytes[1] as i16 & 0x03) << 8 | (bytes[0] as i16 & 0xFF)) as i16; - result.elements[1] = ((bytes[2] as i16 & 0x0F) << 6 | (bytes[1] as i16 >> 2)) as i16; - result.elements[2] = ((bytes[3] as i16 & 0x3F) << 4 | (bytes[2] as i16 >> 4)) as i16; - result.elements[3] = (((bytes[4] as i16) << 2) | (bytes[3] as i16 >> 6)) as i16; - result.elements[4] = ((bytes[6] as i16 & 0x03) << 8 | (bytes[5] as i16 & 0xFF)) as i16; - result.elements[5] = ((bytes[7] as i16 & 0x0F) << 6 | (bytes[6] as i16 >> 2)) as i16; - result.elements[6] = ((bytes[8] as i16 & 0x3F) << 4 | (bytes[7] as i16 >> 4)) as i16; - result.elements[7] = (((bytes[9] as i16) << 2) | (bytes[8] as i16 >> 6)) as i16; - - result.elements[8] = - ((bytes[10 + 1] as i16 & 0x03) << 8 | (bytes[10 + 0] as i16 & 0xFF)) as i16; - result.elements[9] = ((bytes[10 + 2] as i16 & 0x0F) << 6 | (bytes[10 + 1] as i16 >> 2)) as i16; - result.elements[10] = ((bytes[10 + 3] as i16 & 0x3F) << 4 | (bytes[10 + 2] as i16 >> 4)) as i16; - result.elements[11] = (((bytes[10 + 4] as i16) << 2) | (bytes[10 + 3] as i16 >> 6)) as i16; - result.elements[12] = - ((bytes[10 + 6] as i16 & 0x03) << 8 | (bytes[10 + 5] as i16 & 0xFF)) as i16; - result.elements[13] = ((bytes[10 + 7] as i16 & 0x0F) << 6 | (bytes[10 + 6] as i16 >> 2)) as i16; - result.elements[14] = ((bytes[10 + 8] as i16 & 0x3F) << 4 | (bytes[10 + 7] as i16 >> 4)) as i16; - result.elements[15] = (((bytes[10 + 9] as i16) << 2) | (bytes[10 + 8] as i16 >> 6)) as i16; - - result -} - -#[inline(always)] -fn serialize_11(v: PortableVector) -> [u8; 22] { - let mut result = [0u8; 22]; - - result[0] = v.elements[0] as u8; - result[1] = ((v.elements[1] & 0x1F) as u8) << 3 | ((v.elements[0] >> 8) as u8); - result[2] = ((v.elements[2] & 0x3) as u8) << 6 | ((v.elements[1] >> 5) as u8); - result[3] = ((v.elements[2] >> 2) & 0xFF) as u8; - result[4] = ((v.elements[3] & 0x7F) as u8) << 1 | (v.elements[2] >> 10) as u8; - result[5] = ((v.elements[4] & 0xF) as u8) << 4 | (v.elements[3] >> 7) as u8; - result[6] = ((v.elements[5] & 0x1) as u8) << 7 | (v.elements[4] >> 4) as u8; - result[7] = ((v.elements[5] >> 1) & 0xFF) as u8; - result[8] = ((v.elements[6] & 0x3F) as u8) << 2 | (v.elements[5] >> 9) as u8; - result[9] = ((v.elements[7] & 0x7) as u8) << 5 | (v.elements[6] >> 6) as u8; - result[10] = (v.elements[7] >> 3) as u8; - - result[11] = v.elements[8 + 0] as u8; - result[12] = ((v.elements[8 + 1] & 0x1F) as u8) << 3 | ((v.elements[8 + 0] >> 8) as u8); - result[13] = ((v.elements[8 + 2] & 0x3) as u8) << 6 | ((v.elements[8 + 1] >> 5) as u8); - result[14] = ((v.elements[8 + 2] >> 2) & 0xFF) as u8; - result[15] = ((v.elements[8 + 3] & 0x7F) as u8) << 1 | (v.elements[8 + 2] >> 10) as u8; - result[16] = ((v.elements[8 + 4] & 0xF) as u8) << 4 | (v.elements[8 + 3] >> 7) as u8; - result[17] = ((v.elements[8 + 5] & 0x1) as u8) << 7 | (v.elements[8 + 4] >> 4) as u8; - result[18] = ((v.elements[8 + 5] >> 1) & 0xFF) as u8; - result[19] = ((v.elements[8 + 6] & 0x3F) as u8) << 2 | (v.elements[8 + 5] >> 9) as u8; - result[20] = ((v.elements[8 + 7] & 0x7) as u8) << 5 | (v.elements[8 + 6] >> 6) as u8; - result[21] = (v.elements[8 + 7] >> 3) as u8; - - result -} - -#[inline(always)] -fn deserialize_11(bytes: &[u8]) -> PortableVector { - let mut result = zero(); - - result.elements[0] = ((bytes[1] as i16 & 0x7) << 8 | bytes[0] as i16) as i16; - result.elements[1] = ((bytes[2] as i16 & 0x3F) << 5 | (bytes[1] as i16 >> 3)) as i16; - result.elements[2] = ((bytes[4] as i16 & 0x1) << 10 - | ((bytes[3] as i16) << 2) - | ((bytes[2] as i16) >> 6)) as i16; - result.elements[3] = ((bytes[5] as i16 & 0xF) << 7 | (bytes[4] as i16 >> 1)) as i16; - result.elements[4] = ((bytes[6] as i16 & 0x7F) << 4 | (bytes[5] as i16 >> 4)) as i16; - result.elements[5] = - ((bytes[8] as i16 & 0x3) << 9 | ((bytes[7] as i16) << 1) | ((bytes[6] as i16) >> 7)) as i16; - result.elements[6] = ((bytes[9] as i16 & 0x1F) << 6 | (bytes[8] as i16 >> 2)) as i16; - result.elements[7] = (((bytes[10] as i16) << 3) | (bytes[9] as i16 >> 5)) as i16; - - result.elements[8] = ((bytes[11 + 1] as i16 & 0x7) << 8 | bytes[11 + 0] as i16) as i16; - result.elements[9] = ((bytes[11 + 2] as i16 & 0x3F) << 5 | (bytes[11 + 1] as i16 >> 3)) as i16; - result.elements[10] = ((bytes[11 + 4] as i16 & 0x1) << 10 - | ((bytes[11 + 3] as i16) << 2) - | ((bytes[11 + 2] as i16) >> 6)) as i16; - result.elements[11] = ((bytes[11 + 5] as i16 & 0xF) << 7 | (bytes[11 + 4] as i16 >> 1)) as i16; - result.elements[12] = ((bytes[11 + 6] as i16 & 0x7F) << 4 | (bytes[11 + 5] as i16 >> 4)) as i16; - result.elements[13] = ((bytes[11 + 8] as i16 & 0x3) << 9 - | ((bytes[11 + 7] as i16) << 1) - | ((bytes[11 + 6] as i16) >> 7)) as i16; - result.elements[14] = ((bytes[11 + 9] as i16 & 0x1F) << 6 | (bytes[11 + 8] as i16 >> 2)) as i16; - result.elements[15] = (((bytes[11 + 10] as i16) << 3) | (bytes[11 + 9] as i16 >> 5)) as i16; - - result -} - -#[inline(always)] -fn serialize_12(v: PortableVector) -> [u8; 24] { - let mut result = [0u8; 24]; - - result[0] = (v.elements[0] & 0xFF) as u8; - result[1] = ((v.elements[0] >> 8) | ((v.elements[1] & 0x0F) << 4)) as u8; - result[2] = ((v.elements[1] >> 4) & 0xFF) as u8; - result[3] = (v.elements[2] & 0xFF) as u8; - result[4] = ((v.elements[2] >> 8) | ((v.elements[3] & 0x0F) << 4)) as u8; - result[5] = ((v.elements[3] >> 4) & 0xFF) as u8; - result[6] = (v.elements[4] & 0xFF) as u8; - result[7] = ((v.elements[4] >> 8) | ((v.elements[5] & 0x0F) << 4)) as u8; - result[8] = ((v.elements[5] >> 4) & 0xFF) as u8; - result[9] = (v.elements[6] & 0xFF) as u8; - result[10] = ((v.elements[6] >> 8) | ((v.elements[7] & 0x0F) << 4)) as u8; - result[11] = ((v.elements[7] >> 4) & 0xFF) as u8; - - result[12] = (v.elements[8 + 0] & 0xFF) as u8; - result[13] = ((v.elements[8 + 0] >> 8) | ((v.elements[8 + 1] & 0x0F) << 4)) as u8; - result[14] = ((v.elements[8 + 1] >> 4) & 0xFF) as u8; - result[15] = (v.elements[8 + 2] & 0xFF) as u8; - result[16] = ((v.elements[8 + 2] >> 8) | ((v.elements[8 + 3] & 0x0F) << 4)) as u8; - result[17] = ((v.elements[8 + 3] >> 4) & 0xFF) as u8; - result[18] = (v.elements[8 + 4] & 0xFF) as u8; - result[19] = ((v.elements[8 + 4] >> 8) | ((v.elements[8 + 5] & 0x0F) << 4)) as u8; - result[20] = ((v.elements[8 + 5] >> 4) & 0xFF) as u8; - result[21] = (v.elements[8 + 6] & 0xFF) as u8; - result[22] = ((v.elements[8 + 6] >> 8) | ((v.elements[8 + 7] & 0x0F) << 4)) as u8; - result[23] = ((v.elements[8 + 7] >> 4) & 0xFF) as u8; - - result -} - -#[inline(always)] -fn deserialize_12(bytes: &[u8]) -> PortableVector { - let mut re = zero(); - - let byte0 = bytes[0] as i16; - let byte1 = bytes[1] as i16; - let byte2 = bytes[2] as i16; - let byte3 = bytes[3] as i16; - let byte4 = bytes[4] as i16; - let byte5 = bytes[5] as i16; - let byte6 = bytes[6] as i16; - let byte7 = bytes[7] as i16; - let byte8 = bytes[8] as i16; - let byte9 = bytes[9] as i16; - let byte10 = bytes[10] as i16; - let byte11 = bytes[11] as i16; - - re.elements[0] = (byte1 & 0x0F) << 8 | (byte0 & 0xFF); - re.elements[1] = (byte2 << 4) | ((byte1 >> 4) & 0x0F); - re.elements[2] = (byte4 & 0x0F) << 8 | (byte3 & 0xFF); - re.elements[3] = (byte5 << 4) | ((byte4 >> 4) & 0x0F); - re.elements[4] = (byte7 & 0x0F) << 8 | (byte6 & 0xFF); - re.elements[5] = (byte8 << 4) | ((byte7 >> 4) & 0x0F); - re.elements[6] = (byte10 & 0x0F) << 8 | (byte9 & 0xFF); - re.elements[7] = (byte11 << 4) | ((byte10 >> 4) & 0x0F); - - let byte12 = bytes[12] as i16; - let byte13 = bytes[13] as i16; - let byte14 = bytes[14] as i16; - let byte15 = bytes[15] as i16; - let byte16 = bytes[16] as i16; - let byte17 = bytes[17] as i16; - let byte18 = bytes[18] as i16; - let byte19 = bytes[19] as i16; - let byte20 = bytes[20] as i16; - let byte21 = bytes[21] as i16; - let byte22 = bytes[22] as i16; - let byte23 = bytes[23] as i16; - - re.elements[8] = (byte13 & 0x0F) << 8 | (byte12 & 0xFF); - re.elements[9] = (byte14 << 4) | ((byte13 >> 4) & 0x0F); - re.elements[10] = (byte16 & 0x0F) << 8 | (byte15 & 0xFF); - re.elements[11] = (byte17 << 4) | ((byte16 >> 4) & 0x0F); - re.elements[12] = (byte19 & 0x0F) << 8 | (byte18 & 0xFF); - re.elements[13] = (byte20 << 4) | ((byte19 >> 4) & 0x0F); - re.elements[14] = (byte22 & 0x0F) << 8 | (byte21 & 0xFF); - re.elements[15] = (byte23 << 4) | ((byte22 >> 4) & 0x0F); - - re -} - -#[inline(always)] -fn rej_sample(a: &[u8], result: &mut [i16]) -> usize { - let mut sampled = 0; - for bytes in a.chunks(3) { - let b1 = bytes[0] as i16; - let b2 = bytes[1] as i16; - let b3 = bytes[2] as i16; - - let d1 = ((b2 & 0xF) << 8) | b1; - let d2 = (b3 << 4) | (b2 >> 4); - - if d1 < FIELD_MODULUS && sampled < 16 { - result[sampled] = d1; - sampled += 1 - } - if d2 < FIELD_MODULUS && sampled < 16 { - result[sampled] = d2; - sampled += 1 - } - } - sampled -} - -impl Operations for PortableVector { - fn ZERO() -> Self { - zero() - } - - fn from_i16_array(array: &[i16]) -> Self { - from_i16_array(array) - } - - fn add(lhs: Self, rhs: &Self) -> Self { - add(lhs, rhs) - } - - fn sub(lhs: Self, rhs: &Self) -> Self { - sub(lhs, rhs) - } - - fn multiply_by_constant(v: Self, c: i16) -> Self { - multiply_by_constant(v, c) - } - - fn bitwise_and_with_constant(v: Self, c: i16) -> Self { - bitwise_and_with_constant(v, c) - } - - fn shift_right(v: Self) -> Self { - shift_right::<{ SHIFT_BY }>(v) - } - - fn cond_subtract_3329(v: Self) -> Self { - cond_subtract_3329(v) - } - - fn barrett_reduce(v: Self) -> Self { - barrett_reduce(v) - } - - fn montgomery_multiply_by_constant(v: Self, r: i16) -> Self { - montgomery_multiply_by_constant(v, r) - } - - fn compress_1(v: Self) -> Self { - compress_1(v) - } - - fn compress(v: Self) -> Self { - compress::(v) - } - - fn decompress_ciphertext_coefficient(v: Self) -> Self { - decompress_ciphertext_coefficient::(v) - } - - fn ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self { - ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3) - } - - fn ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self { - ntt_layer_2_step(a, zeta0, zeta1) - } - - fn ntt_layer_3_step(a: Self, zeta: i16) -> Self { - ntt_layer_3_step(a, zeta) - } - - fn inv_ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self { - inv_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3) - } - - fn inv_ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self { - inv_ntt_layer_2_step(a, zeta0, zeta1) - } - - fn inv_ntt_layer_3_step(a: Self, zeta: i16) -> Self { - inv_ntt_layer_3_step(a, zeta) - } - - fn ntt_multiply( - lhs: &Self, - rhs: &Self, - zeta0: i16, - zeta1: i16, - zeta2: i16, - zeta3: i16, - ) -> Self { - ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2, zeta3) - } - - fn serialize_1(a: Self) -> [u8; 2] { - serialize_1(a) - } - - fn deserialize_1(a: &[u8]) -> Self { - deserialize_1(a) - } - - fn serialize_4(a: Self) -> [u8; 8] { - serialize_4(a) - } - - fn deserialize_4(a: &[u8]) -> Self { - deserialize_4(a) - } - - fn serialize_5(a: Self) -> [u8; 10] { - serialize_5(a) - } - - fn deserialize_5(a: &[u8]) -> Self { - deserialize_5(a) - } - - fn serialize_10(a: Self) -> [u8; 20] { - serialize_10(a) - } - - fn deserialize_10(a: &[u8]) -> Self { - deserialize_10(a) - } - - fn serialize_11(a: Self) -> [u8; 22] { - serialize_11(a) - } - - fn deserialize_11(a: &[u8]) -> Self { - deserialize_11(a) - } - - fn serialize_12(a: Self) -> [u8; 24] { - serialize_12(a) - } - - fn deserialize_12(a: &[u8]) -> Self { - deserialize_12(a) - } - - fn rej_sample(a: &[u8], out: &mut [i16]) -> usize { - rej_sample(a, out) - } -} diff --git a/libcrux-ml-kem/src/vector/neon.rs b/libcrux-ml-kem/src/vector/neon.rs index 758f2e8d4..29e623d15 100644 --- a/libcrux-ml-kem/src/vector/neon.rs +++ b/libcrux-ml-kem/src/vector/neon.rs @@ -2,7 +2,7 @@ use super::{Operations, FIELD_MODULUS}; -// mod rejsample; +// mod sampling; mod vector_type; mod arithmetic; mod compress; @@ -16,9 +16,6 @@ use compress::*; use ntt::*; use serialize::*; -// This is an empty shell, calling into standalone functions in `simd128ops`. -// This is due to limitations in F* and hax to deal with large trait implementations -// See hacspec/hax#638 for more details. impl Operations for SIMD128Vector { #[inline(always)] fn ZERO() -> Self { diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs new file mode 100644 index 000000000..d7a61e923 --- /dev/null +++ b/libcrux-ml-kem/src/vector/portable.rs @@ -0,0 +1,158 @@ +use super::Operations; + +mod vector_type; +mod arithmetic; +mod compress; +mod ntt; +mod serialize; +mod sampling; + +use vector_type::*; +use arithmetic::*; +use compress::*; +use ntt::*; +use serialize::*; +use sampling::*; + +pub(crate) use vector_type::PortableVector; + +impl Operations for PortableVector { + fn ZERO() -> Self { + zero() + } + + fn from_i16_array(array: &[i16]) -> Self { + from_i16_array(array) + } + + fn add(lhs: Self, rhs: &Self) -> Self { + add(lhs, rhs) + } + + fn sub(lhs: Self, rhs: &Self) -> Self { + sub(lhs, rhs) + } + + fn multiply_by_constant(v: Self, c: i16) -> Self { + multiply_by_constant(v, c) + } + + fn bitwise_and_with_constant(v: Self, c: i16) -> Self { + bitwise_and_with_constant(v, c) + } + + fn shift_right(v: Self) -> Self { + shift_right::<{ SHIFT_BY }>(v) + } + + fn cond_subtract_3329(v: Self) -> Self { + cond_subtract_3329(v) + } + + fn barrett_reduce(v: Self) -> Self { + barrett_reduce(v) + } + + fn montgomery_multiply_by_constant(v: Self, r: i16) -> Self { + montgomery_multiply_by_constant(v, r) + } + + fn compress_1(v: Self) -> Self { + compress_1(v) + } + + fn compress(v: Self) -> Self { + compress::(v) + } + + fn decompress_ciphertext_coefficient(v: Self) -> Self { + decompress_ciphertext_coefficient::(v) + } + + fn ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self { + ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3) + } + + fn ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self { + ntt_layer_2_step(a, zeta0, zeta1) + } + + fn ntt_layer_3_step(a: Self, zeta: i16) -> Self { + ntt_layer_3_step(a, zeta) + } + + fn inv_ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self { + inv_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3) + } + + fn inv_ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self { + inv_ntt_layer_2_step(a, zeta0, zeta1) + } + + fn inv_ntt_layer_3_step(a: Self, zeta: i16) -> Self { + inv_ntt_layer_3_step(a, zeta) + } + + fn ntt_multiply( + lhs: &Self, + rhs: &Self, + zeta0: i16, + zeta1: i16, + zeta2: i16, + zeta3: i16, + ) -> Self { + ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2, zeta3) + } + + fn serialize_1(a: Self) -> [u8; 2] { + serialize_1(a) + } + + fn deserialize_1(a: &[u8]) -> Self { + deserialize_1(a) + } + + fn serialize_4(a: Self) -> [u8; 8] { + serialize_4(a) + } + + fn deserialize_4(a: &[u8]) -> Self { + deserialize_4(a) + } + + fn serialize_5(a: Self) -> [u8; 10] { + serialize_5(a) + } + + fn deserialize_5(a: &[u8]) -> Self { + deserialize_5(a) + } + + fn serialize_10(a: Self) -> [u8; 20] { + serialize_10(a) + } + + fn deserialize_10(a: &[u8]) -> Self { + deserialize_10(a) + } + + fn serialize_11(a: Self) -> [u8; 22] { + serialize_11(a) + } + + fn deserialize_11(a: &[u8]) -> Self { + deserialize_11(a) + } + + fn serialize_12(a: Self) -> [u8; 24] { + serialize_12(a) + } + + fn deserialize_12(a: &[u8]) -> Self { + deserialize_12(a) + } + + fn rej_sample(a: &[u8], out: &mut [i16]) -> usize { + rej_sample(a, out) + } +} diff --git a/libcrux-ml-kem/src/vector/portable/arithmetic.rs b/libcrux-ml-kem/src/vector/portable/arithmetic.rs new file mode 100644 index 000000000..0f2a7dca7 --- /dev/null +++ b/libcrux-ml-kem/src/vector/portable/arithmetic.rs @@ -0,0 +1,194 @@ +use crate::vector::{FIELD_MODULUS, INVERSE_OF_MODULUS_MOD_MONTGOMERY_R, + traits::FIELD_ELEMENTS_IN_VECTOR}; +use super::vector_type::*; + +/// If 'x' denotes a value of type `fe`, values having this type hold a +/// representative y ≡ x·MONTGOMERY_R^(-1) (mod FIELD_MODULUS). +/// We use 'mfe' as a shorthand for this type +pub type MontgomeryFieldElement = i16; + +/// If 'x' denotes a value of type `fe`, values having this type hold a +/// representative y ≡ x·MONTGOMERY_R (mod FIELD_MODULUS). +/// We use 'fer' as a shorthand for this type. +pub type FieldElementTimesMontgomeryR = i16; + +pub(crate) const MONTGOMERY_SHIFT: u8 = 16; +pub(crate) const MONTGOMERY_R: i32 = 1 << MONTGOMERY_SHIFT; + +pub(crate) const BARRETT_SHIFT: i32 = 26; +pub(crate) const BARRETT_R: i32 = 1 << BARRETT_SHIFT; +/// This is calculated as ⌊(BARRETT_R / FIELD_MODULUS) + 1/2⌋ +pub(crate) const BARRETT_MULTIPLIER: i32 = 20159; + +#[cfg_attr(hax, hax_lib::requires(n == 4 || n == 5 || n == 10 || n == 11 || n == MONTGOMERY_SHIFT))] +#[cfg_attr(hax, hax_lib::ensures(|result| result < 2u32.pow(n.into())))] +#[inline(always)] +pub(crate) fn get_n_least_significant_bits(n: u8, value: u32) -> u32 { + // hax_debug_assert!(n == 4 || n == 5 || n == 10 || n == 11 || n == MONTGOMERY_SHIFT); + + value & ((1 << n) - 1) +} + +#[inline(always)] +pub fn add(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector { + for i in 0..FIELD_ELEMENTS_IN_VECTOR { + lhs.elements[i] += rhs.elements[i]; + } + + lhs +} + +#[inline(always)] +pub fn sub(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector { + for i in 0..FIELD_ELEMENTS_IN_VECTOR { + lhs.elements[i] -= rhs.elements[i]; + } + + lhs +} + +#[inline(always)] +pub fn multiply_by_constant(mut v: PortableVector, c: i16) -> PortableVector { + for i in 0..FIELD_ELEMENTS_IN_VECTOR { + v.elements[i] *= c; + } + + v +} + +#[inline(always)] +pub fn bitwise_and_with_constant(mut v: PortableVector, c: i16) -> PortableVector { + for i in 0..FIELD_ELEMENTS_IN_VECTOR { + v.elements[i] &= c; + } + + v +} + +#[inline(always)] +pub fn shift_right(mut v: PortableVector) -> PortableVector { + for i in 0..FIELD_ELEMENTS_IN_VECTOR { + v.elements[i] = v.elements[i] >> SHIFT_BY; + } + + v +} + +// #[inline(always)] +// pub fn shift_left(mut lhs: PortableVector) -> PortableVector { +// for i in 0..FIELD_ELEMENTS_IN_VECTOR { +// lhs.elements[i] = lhs.elements[i] << SHIFT_BY; +// } + +// lhs +// } + +#[inline(always)] +pub fn cond_subtract_3329(mut v: PortableVector) -> PortableVector { + for i in 0..FIELD_ELEMENTS_IN_VECTOR { + debug_assert!(v.elements[i] >= 0 && v.elements[i] < 4096); + if v.elements[i] >= 3329 { + v.elements[i] -= 3329 + } + } + v +} + +/// Signed Barrett Reduction +/// +/// Given an input `value`, `barrett_reduce` outputs a representative `result` +/// such that: +/// +/// - result ≡ value (mod FIELD_MODULUS) +/// - the absolute value of `result` is bound as follows: +/// +/// `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) +/// +/// In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. +#[cfg_attr(hax, hax_lib::requires((i32::from(value) > -BARRETT_R && i32::from(value) < BARRETT_R)))] +#[cfg_attr(hax, hax_lib::ensures(|result| result > -FIELD_MODULUS && result < FIELD_MODULUS))] +pub(crate) fn barrett_reduce_element(value: FieldElement) -> FieldElement { + // hax_debug_assert!( + // i32::from(value) > -BARRETT_R && i32::from(value) < BARRETT_R, + // "value is {value}" + // ); + + let t = (i32::from(value) * BARRETT_MULTIPLIER) + (BARRETT_R >> 1); + let quotient = (t >> BARRETT_SHIFT) as i16; + + let result = value - (quotient * FIELD_MODULUS); + + // hax_debug_assert!( + // result > -FIELD_MODULUS && result < FIELD_MODULUS, + // "value is {value}" + // ); + + result +} + +#[inline(always)] +pub(crate) fn barrett_reduce(mut v: PortableVector) -> PortableVector { + for i in 0..FIELD_ELEMENTS_IN_VECTOR { + v.elements[i] = barrett_reduce_element(v.elements[i]); + } + + v +} + +/// Signed Montgomery Reduction +/// +/// Given an input `value`, `montgomery_reduce` outputs a representative `o` +/// such that: +/// +/// - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) +/// - the absolute value of `o` is bound as follows: +/// +/// `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) +/// +/// In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · FIELD_MODULUS) / 2`. +#[cfg_attr(hax, hax_lib::requires(value >= -(FIELD_MODULUS as i32) * MONTGOMERY_R && value <= (FIELD_MODULUS as i32) * MONTGOMERY_R))] +#[cfg_attr(hax, hax_lib::ensures(|result| result >= -(3 * FIELD_MODULUS) / 2 && result <= (3 * FIELD_MODULUS) / 2))] +pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement { + // This forces hax to extract code for MONTGOMERY_R before it extracts code + // for this function. The removal of this line is being tracked in: + // https://github.com/cryspen/libcrux/issues/134 + let _ = MONTGOMERY_R; + + //hax_debug_assert!( + // value >= -FIELD_MODULUS * MONTGOMERY_R && value <= FIELD_MODULUS * MONTGOMERY_R, + // "value is {value}" + //); + + let k = (value as i16) as i32 * (INVERSE_OF_MODULUS_MOD_MONTGOMERY_R as i32); + let k_times_modulus = (k as i16 as i32) * (FIELD_MODULUS as i32); + + let c = (k_times_modulus >> MONTGOMERY_SHIFT) as i16; + let value_high = (value >> MONTGOMERY_SHIFT) as i16; + + value_high - c +} + +/// If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to +/// `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to +/// `x · y`, as follows: +/// +/// `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` +/// +/// `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a representative +/// `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod FIELD_MODULUS)`. +#[inline(always)] +pub(crate) fn montgomery_multiply_fe_by_fer( + fe: FieldElement, + fer: FieldElementTimesMontgomeryR, +) -> FieldElement { + montgomery_reduce_element((fe as i32) * (fer as i32)) +} + +#[inline(always)] +pub(crate) fn montgomery_multiply_by_constant(mut v: PortableVector, c: i16) -> PortableVector { + for i in 0..FIELD_ELEMENTS_IN_VECTOR { + v.elements[i] = montgomery_multiply_fe_by_fer(v.elements[i], c) + } + v +} + diff --git a/libcrux-ml-kem/src/vector/portable/compress.rs b/libcrux-ml-kem/src/vector/portable/compress.rs new file mode 100644 index 000000000..4ca947c93 --- /dev/null +++ b/libcrux-ml-kem/src/vector/portable/compress.rs @@ -0,0 +1,127 @@ +use crate::vector::traits::FIELD_ELEMENTS_IN_VECTOR; +use crate::vector::FIELD_MODULUS; +use super::vector_type::*; +use super::arithmetic::*; + + +/// The `compress_*` functions implement the `Compress` function specified in the NIST FIPS +/// 203 standard (Page 18, Expression 4.5), which is defined as: +/// +/// ```plaintext +/// Compress_d: ℤq -> ℤ_{2ᵈ} +/// Compress_d(x) = ⌈(2ᵈ/q)·x⌋ +/// ``` +/// +/// Since `⌈x⌋ = ⌊x + 1/2⌋` we have: +/// +/// ```plaintext +/// Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ +/// = ⌊(2^{d+1}·x + q) / 2q⌋ +/// ``` +/// +/// For further information about the function implementations, consult the +/// `implementation_notes.pdf` document in this directory. +/// +/// The NIST FIPS 203 standard can be found at +/// . +#[cfg_attr(hax, hax_lib::requires(fe < (FIELD_MODULUS as u16)))] +#[cfg_attr(hax, hax_lib::ensures(|result| + hax_lib::implies(833 <= fe && fe <= 2596, || result == 1) && + hax_lib::implies(!(833 <= fe && fe <= 2596), || result == 0) +))] +pub(crate) fn compress_message_coefficient(fe: u16) -> u8 { + // The approach used here is inspired by: + // https://github.com/cloudflare/circl/blob/main/pke/kyber/internal/common/poly.go#L150 + + // If 833 <= fe <= 2496, + // then -832 <= shifted <= 831 + let shifted: i16 = 1664 - (fe as i16); + + // If shifted < 0, then + // (shifted >> 15) ^ shifted = flip_bits(shifted) = -shifted - 1, and so + // if -832 <= shifted < 0 then 0 < shifted_positive <= 831 + // + // If shifted >= 0 then + // (shifted >> 15) ^ shifted = shifted, and so + // if 0 <= shifted <= 831 then 0 <= shifted_positive <= 831 + let mask = shifted >> 15; + let shifted_to_positive = mask ^ shifted; + + let shifted_positive_in_range = shifted_to_positive - 832; + + // If x <= 831, then x - 832 <= -1, and so x - 832 < 0, which means + // the most significant bit of shifted_positive_in_range will be 1. + ((shifted_positive_in_range >> 15) & 1) as u8 +} + +#[cfg_attr(hax, + hax_lib::requires( + (coefficient_bits == 4 || + coefficient_bits == 5 || + coefficient_bits == 10 || + coefficient_bits == 11) && + fe < (FIELD_MODULUS as u16)))] +#[cfg_attr(hax, + hax_lib::ensures( + |result| result >= 0 && result < 2i16.pow(coefficient_bits as u32)))] +pub(crate) fn compress_ciphertext_coefficient(coefficient_bits: u8, fe: u16) -> FieldElement { + // hax_debug_assert!( + // coefficient_bits == 4 + // || coefficient_bits == 5 + // || coefficient_bits == 10 + // || coefficient_bits == 11 + // ); + // hax_debug_assert!(fe <= (FIELD_MODULUS as u16)); + + // This has to be constant time due to: + // https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/ldX0ThYJuBo/m/ovODsdY7AwAJ + let mut compressed = (fe as u64) << coefficient_bits; + compressed += 1664 as u64; + + compressed *= 10_321_340; + compressed >>= 35; + + get_n_least_significant_bits(coefficient_bits, compressed as u32) as FieldElement +} + + + +#[inline(always)] +pub(crate) fn compress_1(mut v: PortableVector) -> PortableVector { + for i in 0..FIELD_ELEMENTS_IN_VECTOR { + v.elements[i] = compress_message_coefficient(v.elements[i] as u16) as i16; + } + + v +} + +#[inline(always)] +pub(crate) fn compress(mut v: PortableVector) -> PortableVector { + for i in 0..FIELD_ELEMENTS_IN_VECTOR { + v.elements[i] = + compress_ciphertext_coefficient(COEFFICIENT_BITS as u8, v.elements[i] as u16) as i16; + } + v +} + +#[inline(always)] +pub(crate) fn decompress_ciphertext_coefficient( + mut v: PortableVector, +) -> PortableVector { + // debug_assert!(to_i16_array(v) + // .into_iter() + // .all(|coefficient| coefficient.abs() < 1 << COEFFICIENT_BITS)); + + for i in 0..FIELD_ELEMENTS_IN_VECTOR { + let mut decompressed = v.elements[i] as i32 * FIELD_MODULUS as i32; + decompressed = (decompressed << 1) + (1i32 << COEFFICIENT_BITS); + decompressed = decompressed >> (COEFFICIENT_BITS + 1); + v.elements[i] = decompressed as i16; + } + + // debug_assert!(to_i16_array(v) + // .into_iter() + // .all(|coefficient| coefficient.abs() as u16 <= 1 << 12)); + + v +} \ No newline at end of file diff --git a/libcrux-ml-kem/src/vector/portable/ntt.rs b/libcrux-ml-kem/src/vector/portable/ntt.rs new file mode 100644 index 000000000..7fda14317 --- /dev/null +++ b/libcrux-ml-kem/src/vector/portable/ntt.rs @@ -0,0 +1,361 @@ +use super::vector_type::*; +use super::arithmetic::*; + + + +#[inline(always)] +pub(crate) fn ntt_layer_1_step( + mut v: PortableVector, + zeta0: i16, + zeta1: i16, + zeta2: i16, + zeta3: i16, +) -> PortableVector { + // First 8 elements. + let t = montgomery_multiply_fe_by_fer(v.elements[2], zeta0); + v.elements[2] = v.elements[0] - t; + v.elements[0] = v.elements[0] + t; + + let t = montgomery_multiply_fe_by_fer(v.elements[3], zeta0); + v.elements[3] = v.elements[1] - t; + v.elements[1] = v.elements[1] + t; + + let t = montgomery_multiply_fe_by_fer(v.elements[6], zeta1); + v.elements[6] = v.elements[4] - t; + v.elements[4] = v.elements[4] + t; + + let t = montgomery_multiply_fe_by_fer(v.elements[7], zeta1); + v.elements[7] = v.elements[5] - t; + v.elements[5] = v.elements[5] + t; + + // Next 8 elements. + let t = montgomery_multiply_fe_by_fer(v.elements[8 + 2], zeta2); + v.elements[8 + 2] = v.elements[8 + 0] - t; + v.elements[8 + 0] = v.elements[8 + 0] + t; + + let t = montgomery_multiply_fe_by_fer(v.elements[8 + 3], zeta2); + v.elements[8 + 3] = v.elements[8 + 1] - t; + v.elements[8 + 1] = v.elements[8 + 1] + t; + + let t = montgomery_multiply_fe_by_fer(v.elements[8 + 6], zeta3); + v.elements[8 + 6] = v.elements[8 + 4] - t; + v.elements[8 + 4] = v.elements[8 + 4] + t; + + let t = montgomery_multiply_fe_by_fer(v.elements[8 + 7], zeta3); + v.elements[8 + 7] = v.elements[8 + 5] - t; + v.elements[8 + 5] = v.elements[8 + 5] + t; + + v +} + +#[inline(always)] +pub(crate) fn ntt_layer_3_step(mut v: PortableVector, zeta: i16) -> PortableVector { + let t = montgomery_multiply_fe_by_fer(v.elements[8], zeta); + v.elements[8] = v.elements[0] - t; + v.elements[0] = v.elements[0] + t; + + let t = montgomery_multiply_fe_by_fer(v.elements[9], zeta); + v.elements[9] = v.elements[1] - t; + v.elements[1] = v.elements[1] + t; + + let t = montgomery_multiply_fe_by_fer(v.elements[10], zeta); + v.elements[10] = v.elements[2] - t; + v.elements[2] = v.elements[2] + t; + + let t = montgomery_multiply_fe_by_fer(v.elements[11], zeta); + v.elements[11] = v.elements[3] - t; + v.elements[3] = v.elements[3] + t; + + let t = montgomery_multiply_fe_by_fer(v.elements[12], zeta); + v.elements[12] = v.elements[4] - t; + v.elements[4] = v.elements[4] + t; + + let t = montgomery_multiply_fe_by_fer(v.elements[13], zeta); + v.elements[13] = v.elements[5] - t; + v.elements[5] = v.elements[5] + t; + + let t = montgomery_multiply_fe_by_fer(v.elements[14], zeta); + v.elements[14] = v.elements[6] - t; + v.elements[6] = v.elements[6] + t; + + let t = montgomery_multiply_fe_by_fer(v.elements[15], zeta); + v.elements[15] = v.elements[7] - t; + v.elements[7] = v.elements[7] + t; + + v +} + +#[inline(always)] +pub(crate) fn ntt_layer_2_step(mut v: PortableVector, zeta0: i16, zeta1: i16) -> PortableVector { + // First 8 elements. + let t = montgomery_multiply_fe_by_fer(v.elements[4], zeta0); + v.elements[4] = v.elements[0] - t; + v.elements[0] = v.elements[0] + t; + + let t = montgomery_multiply_fe_by_fer(v.elements[5], zeta0); + v.elements[5] = v.elements[1] - t; + v.elements[1] = v.elements[1] + t; + + let t = montgomery_multiply_fe_by_fer(v.elements[6], zeta0); + v.elements[6] = v.elements[2] - t; + v.elements[2] = v.elements[2] + t; + + let t = montgomery_multiply_fe_by_fer(v.elements[7], zeta0); + v.elements[7] = v.elements[3] - t; + v.elements[3] = v.elements[3] + t; + + // Next 8 elements. + let t = montgomery_multiply_fe_by_fer(v.elements[8 + 4], zeta1); + v.elements[8 + 4] = v.elements[8 + 0] - t; + v.elements[8 + 0] = v.elements[8 + 0] + t; + + let t = montgomery_multiply_fe_by_fer(v.elements[8 + 5], zeta1); + v.elements[8 + 5] = v.elements[8 + 1] - t; + v.elements[8 + 1] = v.elements[8 + 1] + t; + + let t = montgomery_multiply_fe_by_fer(v.elements[8 + 6], zeta1); + v.elements[8 + 6] = v.elements[8 + 2] - t; + v.elements[8 + 2] = v.elements[8 + 2] + t; + + let t = montgomery_multiply_fe_by_fer(v.elements[8 + 7], zeta1); + v.elements[8 + 7] = v.elements[8 + 3] - t; + v.elements[8 + 3] = v.elements[8 + 3] + t; + + v +} + +#[inline(always)] +pub(crate) fn inv_ntt_layer_1_step( + mut v: PortableVector, + zeta0: i16, + zeta1: i16, + zeta2: i16, + zeta3: i16, +) -> PortableVector { + // First 8 elements. + let a_minus_b = v.elements[2] - v.elements[0]; + v.elements[0] = barrett_reduce_element(v.elements[0] + v.elements[2]); + v.elements[2] = montgomery_multiply_fe_by_fer(a_minus_b, zeta0); + + let a_minus_b = v.elements[3] - v.elements[1]; + v.elements[1] = barrett_reduce_element(v.elements[1] + v.elements[3]); + v.elements[3] = montgomery_multiply_fe_by_fer(a_minus_b, zeta0); + + let a_minus_b = v.elements[6] - v.elements[4]; + v.elements[4] = barrett_reduce_element(v.elements[4] + v.elements[6]); + v.elements[6] = montgomery_multiply_fe_by_fer(a_minus_b, zeta1); + + let a_minus_b = v.elements[7] - v.elements[5]; + v.elements[5] = barrett_reduce_element(v.elements[5] + v.elements[7]); + v.elements[7] = montgomery_multiply_fe_by_fer(a_minus_b, zeta1); + + // Next 8 elements. + let a_minus_b = v.elements[8 + 2] - v.elements[8 + 0]; + v.elements[8 + 0] = barrett_reduce_element(v.elements[8 + 0] + v.elements[8 + 2]); + v.elements[8 + 2] = montgomery_multiply_fe_by_fer(a_minus_b, zeta2); + + let a_minus_b = v.elements[8 + 3] - v.elements[8 + 1]; + v.elements[8 + 1] = barrett_reduce_element(v.elements[8 + 1] + v.elements[8 + 3]); + v.elements[8 + 3] = montgomery_multiply_fe_by_fer(a_minus_b, zeta2); + + let a_minus_b = v.elements[8 + 6] - v.elements[8 + 4]; + v.elements[8 + 4] = barrett_reduce_element(v.elements[8 + 4] + v.elements[8 + 6]); + v.elements[8 + 6] = montgomery_multiply_fe_by_fer(a_minus_b, zeta3); + + let a_minus_b = v.elements[8 + 7] - v.elements[8 + 5]; + v.elements[8 + 5] = barrett_reduce_element(v.elements[8 + 5] + v.elements[8 + 7]); + v.elements[8 + 7] = montgomery_multiply_fe_by_fer(a_minus_b, zeta3); + + v +} + +#[inline(always)] +pub(crate) fn inv_ntt_layer_2_step(mut v: PortableVector, zeta0: i16, zeta1: i16) -> PortableVector { + // First 8 elements. + let a_minus_b = v.elements[4] - v.elements[0]; + v.elements[0] = v.elements[0] + v.elements[4]; + v.elements[4] = montgomery_multiply_fe_by_fer(a_minus_b, zeta0); + + let a_minus_b = v.elements[5] - v.elements[1]; + v.elements[1] = v.elements[1] + v.elements[5]; + v.elements[5] = montgomery_multiply_fe_by_fer(a_minus_b, zeta0); + + let a_minus_b = v.elements[6] - v.elements[2]; + v.elements[2] = v.elements[2] + v.elements[6]; + v.elements[6] = montgomery_multiply_fe_by_fer(a_minus_b, zeta0); + + let a_minus_b = v.elements[7] - v.elements[3]; + v.elements[3] = v.elements[3] + v.elements[7]; + v.elements[7] = montgomery_multiply_fe_by_fer(a_minus_b, zeta0); + + // Next 8 elements. + let a_minus_b = v.elements[8 + 4] - v.elements[8 + 0]; + v.elements[8 + 0] = v.elements[8 + 0] + v.elements[8 + 4]; + v.elements[8 + 4] = montgomery_multiply_fe_by_fer(a_minus_b, zeta1); + + let a_minus_b = v.elements[8 + 5] - v.elements[8 + 1]; + v.elements[8 + 1] = v.elements[8 + 1] + v.elements[8 + 5]; + v.elements[8 + 5] = montgomery_multiply_fe_by_fer(a_minus_b, zeta1); + + let a_minus_b = v.elements[8 + 6] - v.elements[8 + 2]; + v.elements[8 + 2] = v.elements[8 + 2] + v.elements[8 + 6]; + v.elements[8 + 6] = montgomery_multiply_fe_by_fer(a_minus_b, zeta1); + + let a_minus_b = v.elements[8 + 7] - v.elements[8 + 3]; + v.elements[8 + 3] = v.elements[8 + 3] + v.elements[8 + 7]; + v.elements[8 + 7] = montgomery_multiply_fe_by_fer(a_minus_b, zeta1); + + v +} + +#[inline(always)] +pub(crate) fn inv_ntt_layer_3_step(mut v: PortableVector, zeta: i16) -> PortableVector { + let a_minus_b = v.elements[8] - v.elements[0]; + v.elements[0] = v.elements[0] + v.elements[8]; + v.elements[8] = montgomery_multiply_fe_by_fer(a_minus_b, zeta); + + let a_minus_b = v.elements[9] - v.elements[1]; + v.elements[1] = v.elements[1] + v.elements[9]; + v.elements[9] = montgomery_multiply_fe_by_fer(a_minus_b, zeta); + + let a_minus_b = v.elements[10] - v.elements[2]; + v.elements[2] = v.elements[2] + v.elements[10]; + v.elements[10] = montgomery_multiply_fe_by_fer(a_minus_b, zeta); + + let a_minus_b = v.elements[11] - v.elements[3]; + v.elements[3] = v.elements[3] + v.elements[11]; + v.elements[11] = montgomery_multiply_fe_by_fer(a_minus_b, zeta); + + let a_minus_b = v.elements[12] - v.elements[4]; + v.elements[4] = v.elements[4] + v.elements[12]; + v.elements[12] = montgomery_multiply_fe_by_fer(a_minus_b, zeta); + + let a_minus_b = v.elements[13] - v.elements[5]; + v.elements[5] = v.elements[5] + v.elements[13]; + v.elements[13] = montgomery_multiply_fe_by_fer(a_minus_b, zeta); + + let a_minus_b = v.elements[14] - v.elements[6]; + v.elements[6] = v.elements[6] + v.elements[14]; + v.elements[14] = montgomery_multiply_fe_by_fer(a_minus_b, zeta); + + let a_minus_b = v.elements[15] - v.elements[7]; + v.elements[7] = v.elements[7] + v.elements[15]; + v.elements[15] = montgomery_multiply_fe_by_fer(a_minus_b, zeta); + + v +} + +/// Compute the product of two Kyber binomials with respect to the +/// modulus `X² - zeta`. +/// +/// This function almost implements Algorithm 11 of the +/// NIST FIPS 203 standard, which is reproduced below: +/// +/// ```plaintext +/// Input: a₀, a₁, b₀, b₁ ∈ ℤq. +/// Input: γ ∈ ℤq. +/// Output: c₀, c₁ ∈ ℤq. +/// +/// c₀ ← a₀·b₀ + a₁·b₁·γ +/// c₁ ← a₀·b₁ + a₁·b₀ +/// return c₀, c₁ +/// ``` +/// We say "almost" because the coefficients output by this function are in +/// the Montgomery domain (unlike in the specification). +/// +/// The NIST FIPS 203 standard can be found at +/// . +#[inline(always)] +pub(crate) fn ntt_multiply_binomials( + (a0, a1): (FieldElement, FieldElement), + (b0, b1): (FieldElement, FieldElement), + zeta: FieldElementTimesMontgomeryR, +) -> (MontgomeryFieldElement, MontgomeryFieldElement) { + ( + montgomery_reduce_element( + (a0 as i32) * (b0 as i32) + + (montgomery_reduce_element((a1 as i32) * (b1 as i32)) as i32) * (zeta as i32), + ), + montgomery_reduce_element((a0 as i32) * (b1 as i32) + (a1 as i32) * (b0 as i32)), + ) +} + +#[inline(always)] +pub(crate) fn ntt_multiply( + lhs: &PortableVector, + rhs: &PortableVector, + zeta0: i16, + zeta1: i16, + zeta2: i16, + zeta3: i16, +) -> PortableVector { + let mut out = zero(); + + // First 8 elements. + let product = ntt_multiply_binomials( + (lhs.elements[0], lhs.elements[1]), + (rhs.elements[0], rhs.elements[1]), + zeta0, + ); + out.elements[0] = product.0; + out.elements[1] = product.1; + + let product = ntt_multiply_binomials( + (lhs.elements[2], lhs.elements[3]), + (rhs.elements[2], rhs.elements[3]), + -zeta0, + ); + out.elements[2] = product.0; + out.elements[3] = product.1; + + let product = ntt_multiply_binomials( + (lhs.elements[4], lhs.elements[5]), + (rhs.elements[4], rhs.elements[5]), + zeta1, + ); + out.elements[4] = product.0; + out.elements[5] = product.1; + + let product = ntt_multiply_binomials( + (lhs.elements[6], lhs.elements[7]), + (rhs.elements[6], rhs.elements[7]), + -zeta1, + ); + out.elements[6] = product.0; + out.elements[7] = product.1; + + // Next 8 elements. + let product = ntt_multiply_binomials( + (lhs.elements[8 + 0], lhs.elements[8 + 1]), + (rhs.elements[8 + 0], rhs.elements[8 + 1]), + zeta2, + ); + out.elements[8 + 0] = product.0; + out.elements[8 + 1] = product.1; + + let product = ntt_multiply_binomials( + (lhs.elements[8 + 2], lhs.elements[8 + 3]), + (rhs.elements[8 + 2], rhs.elements[8 + 3]), + -zeta2, + ); + out.elements[8 + 2] = product.0; + out.elements[8 + 3] = product.1; + + let product = ntt_multiply_binomials( + (lhs.elements[8 + 4], lhs.elements[8 + 5]), + (rhs.elements[8 + 4], rhs.elements[8 + 5]), + zeta3, + ); + out.elements[8 + 4] = product.0; + out.elements[8 + 5] = product.1; + + let product = ntt_multiply_binomials( + (lhs.elements[8 + 6], lhs.elements[8 + 7]), + (rhs.elements[8 + 6], rhs.elements[8 + 7]), + -zeta3, + ); + out.elements[8 + 6] = product.0; + out.elements[8 + 7] = product.1; + + out +} diff --git a/libcrux-ml-kem/src/vector/portable/sampling.rs b/libcrux-ml-kem/src/vector/portable/sampling.rs new file mode 100644 index 000000000..b6643d1a8 --- /dev/null +++ b/libcrux-ml-kem/src/vector/portable/sampling.rs @@ -0,0 +1,24 @@ +use crate::vector::FIELD_MODULUS; + +#[inline(always)] +pub(crate) fn rej_sample(a: &[u8], result: &mut [i16]) -> usize { + let mut sampled = 0; + for bytes in a.chunks(3) { + let b1 = bytes[0] as i16; + let b2 = bytes[1] as i16; + let b3 = bytes[2] as i16; + + let d1 = ((b2 & 0xF) << 8) | b1; + let d2 = (b3 << 4) | (b2 >> 4); + + if d1 < FIELD_MODULUS && sampled < 16 { + result[sampled] = d1; + sampled += 1 + } + if d2 < FIELD_MODULUS && sampled < 16 { + result[sampled] = d2; + sampled += 1 + } + } + sampled +} diff --git a/libcrux-ml-kem/src/vector/portable/serialize.rs b/libcrux-ml-kem/src/vector/portable/serialize.rs new file mode 100644 index 000000000..d228e6355 --- /dev/null +++ b/libcrux-ml-kem/src/vector/portable/serialize.rs @@ -0,0 +1,324 @@ +use crate::vector::traits::FIELD_ELEMENTS_IN_VECTOR; +use super::vector_type::*; + +#[inline(always)] +pub(crate) fn serialize_1(v: PortableVector) -> [u8; 2] { + let mut result = [0u8; 2]; + + for i in 0..8 { + result[0] |= (v.elements[i] as u8) << i; + } + + for i in 8..16 { + result[1] |= (v.elements[i] as u8) << (i - 8); + } + + result +} + +#[inline(always)] +pub(crate) fn deserialize_1(v: &[u8]) -> PortableVector { + let mut result = zero(); + + for i in 0..8 { + result.elements[i] = ((v[0] >> i) & 0x1) as i16; + } + for i in 8..FIELD_ELEMENTS_IN_VECTOR { + result.elements[i] = ((v[1] >> (i - 8)) & 0x1) as i16; + } + + result +} + +#[inline(always)] +pub(crate) fn serialize_4(v: PortableVector) -> [u8; 8] { + let mut result = [0u8; 8]; + + result[0] = ((v.elements[1] as u8) << 4) | (v.elements[0] as u8); + result[1] = ((v.elements[3] as u8) << 4) | (v.elements[2] as u8); + result[2] = ((v.elements[5] as u8) << 4) | (v.elements[4] as u8); + result[3] = ((v.elements[7] as u8) << 4) | (v.elements[6] as u8); + + result[4] = ((v.elements[8 + 1] as u8) << 4) | (v.elements[8 + 0] as u8); + result[5] = ((v.elements[8 + 3] as u8) << 4) | (v.elements[8 + 2] as u8); + result[6] = ((v.elements[8 + 5] as u8) << 4) | (v.elements[8 + 4] as u8); + result[7] = ((v.elements[8 + 7] as u8) << 4) | (v.elements[8 + 6] as u8); + + result +} + +#[inline(always)] +pub(crate) fn deserialize_4(bytes: &[u8]) -> PortableVector { + let mut v = zero(); + + v.elements[0] = (bytes[0] & 0x0F) as i16; + v.elements[1] = ((bytes[0] >> 4) & 0x0F) as i16; + v.elements[2] = (bytes[1] & 0x0F) as i16; + v.elements[3] = ((bytes[1] >> 4) & 0x0F) as i16; + v.elements[4] = (bytes[2] & 0x0F) as i16; + v.elements[5] = ((bytes[2] >> 4) & 0x0F) as i16; + v.elements[6] = (bytes[3] & 0x0F) as i16; + v.elements[7] = ((bytes[3] >> 4) & 0x0F) as i16; + + v.elements[8] = (bytes[4] & 0x0F) as i16; + v.elements[9] = ((bytes[4] >> 4) & 0x0F) as i16; + v.elements[10] = (bytes[5] & 0x0F) as i16; + v.elements[11] = ((bytes[5] >> 4) & 0x0F) as i16; + v.elements[12] = (bytes[6] & 0x0F) as i16; + v.elements[13] = ((bytes[6] >> 4) & 0x0F) as i16; + v.elements[14] = (bytes[7] & 0x0F) as i16; + v.elements[15] = ((bytes[7] >> 4) & 0x0F) as i16; + + v +} + +#[inline(always)] +pub(crate) fn serialize_5(v: PortableVector) -> [u8; 10] { + let mut result = [0u8; 10]; + + result[0] = ((v.elements[1] & 0x7) << 5 | v.elements[0]) as u8; + result[1] = (((v.elements[3] & 1) << 7) | (v.elements[2] << 2) | (v.elements[1] >> 3)) as u8; + result[2] = (((v.elements[4] & 0xF) << 4) | (v.elements[3] >> 1)) as u8; + result[3] = (((v.elements[6] & 0x3) << 6) | (v.elements[5] << 1) | (v.elements[4] >> 4)) as u8; + result[4] = ((v.elements[7] << 3) | (v.elements[6] >> 2)) as u8; + + result[5] = ((v.elements[8 + 1] & 0x7) << 5 | v.elements[8 + 0]) as u8; + result[6] = (((v.elements[8 + 3] & 1) << 7) + | (v.elements[8 + 2] << 2) + | (v.elements[8 + 1] >> 3)) as u8; + result[7] = (((v.elements[8 + 4] & 0xF) << 4) | (v.elements[8 + 3] >> 1)) as u8; + result[8] = (((v.elements[8 + 6] & 0x3) << 6) + | (v.elements[8 + 5] << 1) + | (v.elements[8 + 4] >> 4)) as u8; + result[9] = ((v.elements[8 + 7] << 3) | (v.elements[8 + 6] >> 2)) as u8; + + result +} + +#[inline(always)] +pub(crate) fn deserialize_5(bytes: &[u8]) -> PortableVector { + let mut v = zero(); + + v.elements[0] = (bytes[0] & 0x1F) as i16; + v.elements[1] = ((bytes[1] & 0x3) << 3 | (bytes[0] >> 5)) as i16; + v.elements[2] = ((bytes[1] >> 2) & 0x1F) as i16; + v.elements[3] = (((bytes[2] & 0xF) << 1) | (bytes[1] >> 7)) as i16; + v.elements[4] = (((bytes[3] & 1) << 4) | (bytes[2] >> 4)) as i16; + v.elements[5] = ((bytes[3] >> 1) & 0x1F) as i16; + v.elements[6] = (((bytes[4] & 0x7) << 2) | (bytes[3] >> 6)) as i16; + v.elements[7] = (bytes[4] >> 3) as i16; + + v.elements[8] = (bytes[5 + 0] & 0x1F) as i16; + v.elements[9] = ((bytes[5 + 1] & 0x3) << 3 | (bytes[5 + 0] >> 5)) as i16; + v.elements[10] = ((bytes[5 + 1] >> 2) & 0x1F) as i16; + v.elements[11] = (((bytes[5 + 2] & 0xF) << 1) | (bytes[5 + 1] >> 7)) as i16; + v.elements[12] = (((bytes[5 + 3] & 1) << 4) | (bytes[5 + 2] >> 4)) as i16; + v.elements[13] = ((bytes[5 + 3] >> 1) & 0x1F) as i16; + v.elements[14] = (((bytes[5 + 4] & 0x7) << 2) | (bytes[5 + 3] >> 6)) as i16; + v.elements[15] = (bytes[5 + 4] >> 3) as i16; + + v +} + +#[inline(always)] +pub(crate) fn serialize_10(v: PortableVector) -> [u8; 20] { + let mut result = [0u8; 20]; + + result[0] = (v.elements[0] & 0xFF) as u8; + result[1] = ((v.elements[1] & 0x3F) as u8) << 2 | ((v.elements[0] >> 8) & 0x03) as u8; + result[2] = ((v.elements[2] & 0x0F) as u8) << 4 | ((v.elements[1] >> 6) & 0x0F) as u8; + result[3] = ((v.elements[3] & 0x03) as u8) << 6 | ((v.elements[2] >> 4) & 0x3F) as u8; + result[4] = ((v.elements[3] >> 2) & 0xFF) as u8; + result[5] = (v.elements[4] & 0xFF) as u8; + result[6] = ((v.elements[5] & 0x3F) as u8) << 2 | ((v.elements[4] >> 8) & 0x03) as u8; + result[7] = ((v.elements[6] & 0x0F) as u8) << 4 | ((v.elements[5] >> 6) & 0x0F) as u8; + result[8] = ((v.elements[7] & 0x03) as u8) << 6 | ((v.elements[6] >> 4) & 0x3F) as u8; + result[9] = ((v.elements[7] >> 2) & 0xFF) as u8; + + result[10] = (v.elements[8 + 0] & 0xFF) as u8; + result[11] = ((v.elements[8 + 1] & 0x3F) as u8) << 2 | ((v.elements[8 + 0] >> 8) & 0x03) as u8; + result[12] = ((v.elements[8 + 2] & 0x0F) as u8) << 4 | ((v.elements[8 + 1] >> 6) & 0x0F) as u8; + result[13] = ((v.elements[8 + 3] & 0x03) as u8) << 6 | ((v.elements[8 + 2] >> 4) & 0x3F) as u8; + result[14] = ((v.elements[8 + 3] >> 2) & 0xFF) as u8; + result[15] = (v.elements[8 + 4] & 0xFF) as u8; + result[16] = ((v.elements[8 + 5] & 0x3F) as u8) << 2 | ((v.elements[8 + 4] >> 8) & 0x03) as u8; + result[17] = ((v.elements[8 + 6] & 0x0F) as u8) << 4 | ((v.elements[8 + 5] >> 6) & 0x0F) as u8; + result[18] = ((v.elements[8 + 7] & 0x03) as u8) << 6 | ((v.elements[8 + 6] >> 4) & 0x3F) as u8; + result[19] = ((v.elements[8 + 7] >> 2) & 0xFF) as u8; + + result +} + +#[inline(always)] +pub(crate) fn deserialize_10(bytes: &[u8]) -> PortableVector { + let mut result = zero(); + + result.elements[0] = ((bytes[1] as i16 & 0x03) << 8 | (bytes[0] as i16 & 0xFF)) as i16; + result.elements[1] = ((bytes[2] as i16 & 0x0F) << 6 | (bytes[1] as i16 >> 2)) as i16; + result.elements[2] = ((bytes[3] as i16 & 0x3F) << 4 | (bytes[2] as i16 >> 4)) as i16; + result.elements[3] = (((bytes[4] as i16) << 2) | (bytes[3] as i16 >> 6)) as i16; + result.elements[4] = ((bytes[6] as i16 & 0x03) << 8 | (bytes[5] as i16 & 0xFF)) as i16; + result.elements[5] = ((bytes[7] as i16 & 0x0F) << 6 | (bytes[6] as i16 >> 2)) as i16; + result.elements[6] = ((bytes[8] as i16 & 0x3F) << 4 | (bytes[7] as i16 >> 4)) as i16; + result.elements[7] = (((bytes[9] as i16) << 2) | (bytes[8] as i16 >> 6)) as i16; + + result.elements[8] = + ((bytes[10 + 1] as i16 & 0x03) << 8 | (bytes[10 + 0] as i16 & 0xFF)) as i16; + result.elements[9] = ((bytes[10 + 2] as i16 & 0x0F) << 6 | (bytes[10 + 1] as i16 >> 2)) as i16; + result.elements[10] = ((bytes[10 + 3] as i16 & 0x3F) << 4 | (bytes[10 + 2] as i16 >> 4)) as i16; + result.elements[11] = (((bytes[10 + 4] as i16) << 2) | (bytes[10 + 3] as i16 >> 6)) as i16; + result.elements[12] = + ((bytes[10 + 6] as i16 & 0x03) << 8 | (bytes[10 + 5] as i16 & 0xFF)) as i16; + result.elements[13] = ((bytes[10 + 7] as i16 & 0x0F) << 6 | (bytes[10 + 6] as i16 >> 2)) as i16; + result.elements[14] = ((bytes[10 + 8] as i16 & 0x3F) << 4 | (bytes[10 + 7] as i16 >> 4)) as i16; + result.elements[15] = (((bytes[10 + 9] as i16) << 2) | (bytes[10 + 8] as i16 >> 6)) as i16; + + result +} + +#[inline(always)] +pub(crate) fn serialize_11(v: PortableVector) -> [u8; 22] { + let mut result = [0u8; 22]; + + result[0] = v.elements[0] as u8; + result[1] = ((v.elements[1] & 0x1F) as u8) << 3 | ((v.elements[0] >> 8) as u8); + result[2] = ((v.elements[2] & 0x3) as u8) << 6 | ((v.elements[1] >> 5) as u8); + result[3] = ((v.elements[2] >> 2) & 0xFF) as u8; + result[4] = ((v.elements[3] & 0x7F) as u8) << 1 | (v.elements[2] >> 10) as u8; + result[5] = ((v.elements[4] & 0xF) as u8) << 4 | (v.elements[3] >> 7) as u8; + result[6] = ((v.elements[5] & 0x1) as u8) << 7 | (v.elements[4] >> 4) as u8; + result[7] = ((v.elements[5] >> 1) & 0xFF) as u8; + result[8] = ((v.elements[6] & 0x3F) as u8) << 2 | (v.elements[5] >> 9) as u8; + result[9] = ((v.elements[7] & 0x7) as u8) << 5 | (v.elements[6] >> 6) as u8; + result[10] = (v.elements[7] >> 3) as u8; + + result[11] = v.elements[8 + 0] as u8; + result[12] = ((v.elements[8 + 1] & 0x1F) as u8) << 3 | ((v.elements[8 + 0] >> 8) as u8); + result[13] = ((v.elements[8 + 2] & 0x3) as u8) << 6 | ((v.elements[8 + 1] >> 5) as u8); + result[14] = ((v.elements[8 + 2] >> 2) & 0xFF) as u8; + result[15] = ((v.elements[8 + 3] & 0x7F) as u8) << 1 | (v.elements[8 + 2] >> 10) as u8; + result[16] = ((v.elements[8 + 4] & 0xF) as u8) << 4 | (v.elements[8 + 3] >> 7) as u8; + result[17] = ((v.elements[8 + 5] & 0x1) as u8) << 7 | (v.elements[8 + 4] >> 4) as u8; + result[18] = ((v.elements[8 + 5] >> 1) & 0xFF) as u8; + result[19] = ((v.elements[8 + 6] & 0x3F) as u8) << 2 | (v.elements[8 + 5] >> 9) as u8; + result[20] = ((v.elements[8 + 7] & 0x7) as u8) << 5 | (v.elements[8 + 6] >> 6) as u8; + result[21] = (v.elements[8 + 7] >> 3) as u8; + + result +} + +#[inline(always)] +pub(crate) fn deserialize_11(bytes: &[u8]) -> PortableVector { + let mut result = zero(); + + result.elements[0] = ((bytes[1] as i16 & 0x7) << 8 | bytes[0] as i16) as i16; + result.elements[1] = ((bytes[2] as i16 & 0x3F) << 5 | (bytes[1] as i16 >> 3)) as i16; + result.elements[2] = ((bytes[4] as i16 & 0x1) << 10 + | ((bytes[3] as i16) << 2) + | ((bytes[2] as i16) >> 6)) as i16; + result.elements[3] = ((bytes[5] as i16 & 0xF) << 7 | (bytes[4] as i16 >> 1)) as i16; + result.elements[4] = ((bytes[6] as i16 & 0x7F) << 4 | (bytes[5] as i16 >> 4)) as i16; + result.elements[5] = + ((bytes[8] as i16 & 0x3) << 9 | ((bytes[7] as i16) << 1) | ((bytes[6] as i16) >> 7)) as i16; + result.elements[6] = ((bytes[9] as i16 & 0x1F) << 6 | (bytes[8] as i16 >> 2)) as i16; + result.elements[7] = (((bytes[10] as i16) << 3) | (bytes[9] as i16 >> 5)) as i16; + + result.elements[8] = ((bytes[11 + 1] as i16 & 0x7) << 8 | bytes[11 + 0] as i16) as i16; + result.elements[9] = ((bytes[11 + 2] as i16 & 0x3F) << 5 | (bytes[11 + 1] as i16 >> 3)) as i16; + result.elements[10] = ((bytes[11 + 4] as i16 & 0x1) << 10 + | ((bytes[11 + 3] as i16) << 2) + | ((bytes[11 + 2] as i16) >> 6)) as i16; + result.elements[11] = ((bytes[11 + 5] as i16 & 0xF) << 7 | (bytes[11 + 4] as i16 >> 1)) as i16; + result.elements[12] = ((bytes[11 + 6] as i16 & 0x7F) << 4 | (bytes[11 + 5] as i16 >> 4)) as i16; + result.elements[13] = ((bytes[11 + 8] as i16 & 0x3) << 9 + | ((bytes[11 + 7] as i16) << 1) + | ((bytes[11 + 6] as i16) >> 7)) as i16; + result.elements[14] = ((bytes[11 + 9] as i16 & 0x1F) << 6 | (bytes[11 + 8] as i16 >> 2)) as i16; + result.elements[15] = (((bytes[11 + 10] as i16) << 3) | (bytes[11 + 9] as i16 >> 5)) as i16; + + result +} + +#[inline(always)] +pub(crate) fn serialize_12(v: PortableVector) -> [u8; 24] { + let mut result = [0u8; 24]; + + result[0] = (v.elements[0] & 0xFF) as u8; + result[1] = ((v.elements[0] >> 8) | ((v.elements[1] & 0x0F) << 4)) as u8; + result[2] = ((v.elements[1] >> 4) & 0xFF) as u8; + result[3] = (v.elements[2] & 0xFF) as u8; + result[4] = ((v.elements[2] >> 8) | ((v.elements[3] & 0x0F) << 4)) as u8; + result[5] = ((v.elements[3] >> 4) & 0xFF) as u8; + result[6] = (v.elements[4] & 0xFF) as u8; + result[7] = ((v.elements[4] >> 8) | ((v.elements[5] & 0x0F) << 4)) as u8; + result[8] = ((v.elements[5] >> 4) & 0xFF) as u8; + result[9] = (v.elements[6] & 0xFF) as u8; + result[10] = ((v.elements[6] >> 8) | ((v.elements[7] & 0x0F) << 4)) as u8; + result[11] = ((v.elements[7] >> 4) & 0xFF) as u8; + + result[12] = (v.elements[8 + 0] & 0xFF) as u8; + result[13] = ((v.elements[8 + 0] >> 8) | ((v.elements[8 + 1] & 0x0F) << 4)) as u8; + result[14] = ((v.elements[8 + 1] >> 4) & 0xFF) as u8; + result[15] = (v.elements[8 + 2] & 0xFF) as u8; + result[16] = ((v.elements[8 + 2] >> 8) | ((v.elements[8 + 3] & 0x0F) << 4)) as u8; + result[17] = ((v.elements[8 + 3] >> 4) & 0xFF) as u8; + result[18] = (v.elements[8 + 4] & 0xFF) as u8; + result[19] = ((v.elements[8 + 4] >> 8) | ((v.elements[8 + 5] & 0x0F) << 4)) as u8; + result[20] = ((v.elements[8 + 5] >> 4) & 0xFF) as u8; + result[21] = (v.elements[8 + 6] & 0xFF) as u8; + result[22] = ((v.elements[8 + 6] >> 8) | ((v.elements[8 + 7] & 0x0F) << 4)) as u8; + result[23] = ((v.elements[8 + 7] >> 4) & 0xFF) as u8; + + result +} + +#[inline(always)] +pub(crate) fn deserialize_12(bytes: &[u8]) -> PortableVector { + let mut re = zero(); + + let byte0 = bytes[0] as i16; + let byte1 = bytes[1] as i16; + let byte2 = bytes[2] as i16; + let byte3 = bytes[3] as i16; + let byte4 = bytes[4] as i16; + let byte5 = bytes[5] as i16; + let byte6 = bytes[6] as i16; + let byte7 = bytes[7] as i16; + let byte8 = bytes[8] as i16; + let byte9 = bytes[9] as i16; + let byte10 = bytes[10] as i16; + let byte11 = bytes[11] as i16; + + re.elements[0] = (byte1 & 0x0F) << 8 | (byte0 & 0xFF); + re.elements[1] = (byte2 << 4) | ((byte1 >> 4) & 0x0F); + re.elements[2] = (byte4 & 0x0F) << 8 | (byte3 & 0xFF); + re.elements[3] = (byte5 << 4) | ((byte4 >> 4) & 0x0F); + re.elements[4] = (byte7 & 0x0F) << 8 | (byte6 & 0xFF); + re.elements[5] = (byte8 << 4) | ((byte7 >> 4) & 0x0F); + re.elements[6] = (byte10 & 0x0F) << 8 | (byte9 & 0xFF); + re.elements[7] = (byte11 << 4) | ((byte10 >> 4) & 0x0F); + + let byte12 = bytes[12] as i16; + let byte13 = bytes[13] as i16; + let byte14 = bytes[14] as i16; + let byte15 = bytes[15] as i16; + let byte16 = bytes[16] as i16; + let byte17 = bytes[17] as i16; + let byte18 = bytes[18] as i16; + let byte19 = bytes[19] as i16; + let byte20 = bytes[20] as i16; + let byte21 = bytes[21] as i16; + let byte22 = bytes[22] as i16; + let byte23 = bytes[23] as i16; + + re.elements[8] = (byte13 & 0x0F) << 8 | (byte12 & 0xFF); + re.elements[9] = (byte14 << 4) | ((byte13 >> 4) & 0x0F); + re.elements[10] = (byte16 & 0x0F) << 8 | (byte15 & 0xFF); + re.elements[11] = (byte17 << 4) | ((byte16 >> 4) & 0x0F); + re.elements[12] = (byte19 & 0x0F) << 8 | (byte18 & 0xFF); + re.elements[13] = (byte20 << 4) | ((byte19 >> 4) & 0x0F); + re.elements[14] = (byte22 & 0x0F) << 8 | (byte21 & 0xFF); + re.elements[15] = (byte23 << 4) | ((byte22 >> 4) & 0x0F); + + re +} diff --git a/libcrux-ml-kem/src/vector/portable/vector_type.rs b/libcrux-ml-kem/src/vector/portable/vector_type.rs new file mode 100644 index 000000000..546391181 --- /dev/null +++ b/libcrux-ml-kem/src/vector/portable/vector_type.rs @@ -0,0 +1,25 @@ +use crate::vector::traits::FIELD_ELEMENTS_IN_VECTOR; + +/// Values having this type hold a representative 'x' of the Kyber field. +/// We use 'fe' as a shorthand for this type. +pub(crate) type FieldElement = i16; + +#[derive(Clone, Copy)] +pub struct PortableVector { + pub(crate) elements: [FieldElement; FIELD_ELEMENTS_IN_VECTOR], +} + +#[allow(non_snake_case)] +#[inline(always)] +pub fn zero() -> PortableVector { + PortableVector { + elements: [0i16; FIELD_ELEMENTS_IN_VECTOR], + } +} + +#[inline(always)] +pub fn from_i16_array(array: &[i16]) -> PortableVector { + PortableVector { + elements: array[0..16].try_into().unwrap(), + } +} \ No newline at end of file From fe51b9243d458c9b0a5f9dc051c5678e4521b3a8 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 20 Jun 2024 11:45:25 +0200 Subject: [PATCH 4/7] fmt --- libcrux-ml-kem/src/polynomial.rs | 4 +--- libcrux-ml-kem/src/vector.rs | 2 -- libcrux-ml-kem/src/vector/neon.rs | 6 +++--- libcrux-ml-kem/src/vector/neon/arithmetic.rs | 5 ++--- libcrux-ml-kem/src/vector/neon/compress.rs | 2 +- libcrux-ml-kem/src/vector/neon/ntt.rs | 4 ++-- libcrux-ml-kem/src/vector/neon/serialize.rs | 1 - libcrux-ml-kem/src/vector/portable.rs | 8 ++++---- libcrux-ml-kem/src/vector/portable/arithmetic.rs | 6 +++--- libcrux-ml-kem/src/vector/portable/compress.rs | 9 +++------ libcrux-ml-kem/src/vector/portable/ntt.rs | 10 ++++++---- libcrux-ml-kem/src/vector/portable/serialize.rs | 2 +- libcrux-ml-kem/src/vector/portable/vector_type.rs | 2 +- 13 files changed, 27 insertions(+), 34 deletions(-) diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs index 79983309f..b686f8714 100644 --- a/libcrux-ml-kem/src/polynomial.rs +++ b/libcrux-ml-kem/src/polynomial.rs @@ -1,6 +1,4 @@ -use crate::vector::{ - to_standard_domain, Operations, FIELD_ELEMENTS_IN_VECTOR, -}; +use crate::vector::{to_standard_domain, Operations, FIELD_ELEMENTS_IN_VECTOR}; pub(crate) const ZETAS_TIMES_MONTGOMERY_R: [i16; 128] = [ -1044, -758, -359, -1517, 1493, 1422, 287, 202, -171, 622, 1577, 182, 962, -1202, -1474, 1468, diff --git a/libcrux-ml-kem/src/vector.rs b/libcrux-ml-kem/src/vector.rs index e5ec42648..069ab7c08 100644 --- a/libcrux-ml-kem/src/vector.rs +++ b/libcrux-ml-kem/src/vector.rs @@ -36,5 +36,3 @@ mod avx2; pub(crate) use avx2::SIMD256Vector; pub mod portable; - - diff --git a/libcrux-ml-kem/src/vector/neon.rs b/libcrux-ml-kem/src/vector/neon.rs index 29e623d15..82e1911c3 100644 --- a/libcrux-ml-kem/src/vector/neon.rs +++ b/libcrux-ml-kem/src/vector/neon.rs @@ -3,18 +3,18 @@ use super::{Operations, FIELD_MODULUS}; // mod sampling; -mod vector_type; mod arithmetic; mod compress; mod ntt; mod serialize; +mod vector_type; -pub(crate) use vector_type::SIMD128Vector; -use vector_type::*; use arithmetic::*; use compress::*; use ntt::*; use serialize::*; +pub(crate) use vector_type::SIMD128Vector; +use vector_type::*; impl Operations for SIMD128Vector { #[inline(always)] diff --git a/libcrux-ml-kem/src/vector/neon/arithmetic.rs b/libcrux-ml-kem/src/vector/neon/arithmetic.rs index b6cf1aecf..a01daba08 100644 --- a/libcrux-ml-kem/src/vector/neon/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/neon/arithmetic.rs @@ -1,8 +1,7 @@ -use crate::vector::{FIELD_MODULUS, INVERSE_OF_MODULUS_MOD_MONTGOMERY_R}; use super::vector_type::*; +use crate::vector::{FIELD_MODULUS, INVERSE_OF_MODULUS_MOD_MONTGOMERY_R}; use libcrux_intrinsics::arm64::*; - #[inline(always)] pub(crate) fn add(mut lhs: SIMD128Vector, rhs: &SIMD128Vector) -> SIMD128Vector { lhs.low = _vaddq_s16(lhs.low, rhs.low); @@ -143,4 +142,4 @@ pub(crate) fn montgomery_multiply_by_constant(mut v: SIMD128Vector, c: i16) -> S v.low = montgomery_multiply_by_constant_int16x8_t(v.low, c); v.high = montgomery_multiply_by_constant_int16x8_t(v.high, c); v -} \ No newline at end of file +} diff --git a/libcrux-ml-kem/src/vector/neon/compress.rs b/libcrux-ml-kem/src/vector/neon/compress.rs index d871d818b..e55eb671a 100644 --- a/libcrux-ml-kem/src/vector/neon/compress.rs +++ b/libcrux-ml-kem/src/vector/neon/compress.rs @@ -121,4 +121,4 @@ pub(crate) fn decompress_ciphertext_coefficient( v.low = _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); v.high = _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); v -} \ No newline at end of file +} diff --git a/libcrux-ml-kem/src/vector/neon/ntt.rs b/libcrux-ml-kem/src/vector/neon/ntt.rs index 28eb2cb5a..9919965ab 100644 --- a/libcrux-ml-kem/src/vector/neon/ntt.rs +++ b/libcrux-ml-kem/src/vector/neon/ntt.rs @@ -1,5 +1,5 @@ -use super::vector_type::*; use super::arithmetic::*; +use super::vector_type::*; use libcrux_intrinsics::arm64::*; #[inline(always)] @@ -241,4 +241,4 @@ pub(crate) fn ntt_multiply( low: low2, high: high2, } -} \ No newline at end of file +} diff --git a/libcrux-ml-kem/src/vector/neon/serialize.rs b/libcrux-ml-kem/src/vector/neon/serialize.rs index a010e9775..7575c6b27 100644 --- a/libcrux-ml-kem/src/vector/neon/serialize.rs +++ b/libcrux-ml-kem/src/vector/neon/serialize.rs @@ -1,7 +1,6 @@ use super::vector_type::*; use libcrux_intrinsics::arm64::*; - #[inline(always)] pub(crate) fn serialize_1(v: SIMD128Vector) -> [u8; 2] { let shifter: [i16; 8] = [0, 1, 2, 3, 4, 5, 6, 7]; diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs index d7a61e923..7ecfa2259 100644 --- a/libcrux-ml-kem/src/vector/portable.rs +++ b/libcrux-ml-kem/src/vector/portable.rs @@ -1,18 +1,18 @@ use super::Operations; -mod vector_type; mod arithmetic; mod compress; mod ntt; -mod serialize; mod sampling; +mod serialize; +mod vector_type; -use vector_type::*; use arithmetic::*; use compress::*; use ntt::*; -use serialize::*; use sampling::*; +use serialize::*; +use vector_type::*; pub(crate) use vector_type::PortableVector; diff --git a/libcrux-ml-kem/src/vector/portable/arithmetic.rs b/libcrux-ml-kem/src/vector/portable/arithmetic.rs index 0f2a7dca7..ec2a1cbe7 100644 --- a/libcrux-ml-kem/src/vector/portable/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/portable/arithmetic.rs @@ -1,6 +1,7 @@ -use crate::vector::{FIELD_MODULUS, INVERSE_OF_MODULUS_MOD_MONTGOMERY_R, - traits::FIELD_ELEMENTS_IN_VECTOR}; use super::vector_type::*; +use crate::vector::{ + traits::FIELD_ELEMENTS_IN_VECTOR, FIELD_MODULUS, INVERSE_OF_MODULUS_MOD_MONTGOMERY_R, +}; /// If 'x' denotes a value of type `fe`, values having this type hold a /// representative y ≡ x·MONTGOMERY_R^(-1) (mod FIELD_MODULUS). @@ -191,4 +192,3 @@ pub(crate) fn montgomery_multiply_by_constant(mut v: PortableVector, c: i16) -> } v } - diff --git a/libcrux-ml-kem/src/vector/portable/compress.rs b/libcrux-ml-kem/src/vector/portable/compress.rs index 4ca947c93..dab3e8190 100644 --- a/libcrux-ml-kem/src/vector/portable/compress.rs +++ b/libcrux-ml-kem/src/vector/portable/compress.rs @@ -1,8 +1,7 @@ +use super::arithmetic::*; +use super::vector_type::*; use crate::vector::traits::FIELD_ELEMENTS_IN_VECTOR; use crate::vector::FIELD_MODULUS; -use super::vector_type::*; -use super::arithmetic::*; - /// The `compress_*` functions implement the `Compress` function specified in the NIST FIPS /// 203 standard (Page 18, Expression 4.5), which is defined as: @@ -84,8 +83,6 @@ pub(crate) fn compress_ciphertext_coefficient(coefficient_bits: u8, fe: u16) -> get_n_least_significant_bits(coefficient_bits, compressed as u32) as FieldElement } - - #[inline(always)] pub(crate) fn compress_1(mut v: PortableVector) -> PortableVector { for i in 0..FIELD_ELEMENTS_IN_VECTOR { @@ -124,4 +121,4 @@ pub(crate) fn decompress_ciphertext_coefficient( // .all(|coefficient| coefficient.abs() as u16 <= 1 << 12)); v -} \ No newline at end of file +} diff --git a/libcrux-ml-kem/src/vector/portable/ntt.rs b/libcrux-ml-kem/src/vector/portable/ntt.rs index 7fda14317..d375e311a 100644 --- a/libcrux-ml-kem/src/vector/portable/ntt.rs +++ b/libcrux-ml-kem/src/vector/portable/ntt.rs @@ -1,7 +1,5 @@ -use super::vector_type::*; use super::arithmetic::*; - - +use super::vector_type::*; #[inline(always)] pub(crate) fn ntt_layer_1_step( @@ -170,7 +168,11 @@ pub(crate) fn inv_ntt_layer_1_step( } #[inline(always)] -pub(crate) fn inv_ntt_layer_2_step(mut v: PortableVector, zeta0: i16, zeta1: i16) -> PortableVector { +pub(crate) fn inv_ntt_layer_2_step( + mut v: PortableVector, + zeta0: i16, + zeta1: i16, +) -> PortableVector { // First 8 elements. let a_minus_b = v.elements[4] - v.elements[0]; v.elements[0] = v.elements[0] + v.elements[4]; diff --git a/libcrux-ml-kem/src/vector/portable/serialize.rs b/libcrux-ml-kem/src/vector/portable/serialize.rs index d228e6355..8b03c266e 100644 --- a/libcrux-ml-kem/src/vector/portable/serialize.rs +++ b/libcrux-ml-kem/src/vector/portable/serialize.rs @@ -1,5 +1,5 @@ -use crate::vector::traits::FIELD_ELEMENTS_IN_VECTOR; use super::vector_type::*; +use crate::vector::traits::FIELD_ELEMENTS_IN_VECTOR; #[inline(always)] pub(crate) fn serialize_1(v: PortableVector) -> [u8; 2] { diff --git a/libcrux-ml-kem/src/vector/portable/vector_type.rs b/libcrux-ml-kem/src/vector/portable/vector_type.rs index 546391181..d841f35f1 100644 --- a/libcrux-ml-kem/src/vector/portable/vector_type.rs +++ b/libcrux-ml-kem/src/vector/portable/vector_type.rs @@ -22,4 +22,4 @@ pub fn from_i16_array(array: &[i16]) -> PortableVector { PortableVector { elements: array[0..16].try_into().unwrap(), } -} \ No newline at end of file +} From 8963a3532855170d0beec9d92f79d31ecbc90132 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 20 Jun 2024 14:05:50 +0200 Subject: [PATCH 5/7] fix for C warning->error (implicit conversion from 'int' to 'short' changes value from 32768 to -32768) --- libcrux-ml-kem/src/vector/avx2/serialize.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libcrux-ml-kem/src/vector/avx2/serialize.rs b/libcrux-ml-kem/src/vector/avx2/serialize.rs index 4192e95b9..cfd2f94e9 100644 --- a/libcrux-ml-kem/src/vector/avx2/serialize.rs +++ b/libcrux-ml-kem/src/vector/avx2/serialize.rs @@ -98,7 +98,7 @@ pub(crate) fn deserialize_1(bytes: &[u8]) -> Vec256 { 1 << 12, 1 << 13, 1 << 14, - 1 << 15, + -32768, 1 << 8, 1 << 9, 1 << 10, @@ -106,7 +106,7 @@ pub(crate) fn deserialize_1(bytes: &[u8]) -> Vec256 { 1 << 12, 1 << 13, 1 << 14, - 1 << 15, + -32768, ); let coefficients_in_msb = mm256_mullo_epi16(coefficients, shift_lsb_to_msb); From a844017b4580525716ec98a08a20ca40cf4968fb Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 26 Jun 2024 20:31:37 +0200 Subject: [PATCH 6/7] c code update --- libcrux-ml-kem/c/code_gen.txt | 4 +- libcrux-ml-kem/c/internal/libcrux_core.h | 55 +- .../c/internal/libcrux_mlkem_neon.h | 74 + .../c/internal/libcrux_mlkem_portable.h | 30 +- .../c/internal/libcrux_sha3_internal.h | 6 +- libcrux-ml-kem/c/libcrux_core.c | 48 +- libcrux-ml-kem/c/libcrux_core.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.c | 55 + libcrux-ml-kem/c/libcrux_mlkem1024_neon.h | 40 + libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.c | 163 + libcrux-ml-kem/c/libcrux_mlkem512_neon.h | 89 + libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 30 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.c | 54 + libcrux-ml-kem/c/libcrux_mlkem768_neon.h | 40 + libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 7571 +++++++++++++++++ libcrux-ml-kem/c/libcrux_mlkem_neon.h | 301 + libcrux-ml-kem/c/libcrux_mlkem_portable.c | 3707 ++++---- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 386 +- libcrux-ml-kem/c/libcrux_sha3.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2119 +---- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 38 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 6 +- .../c/libcrux_sha3_libcrux_ml_kem.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 3038 ++++++- libcrux-ml-kem/c/libcrux_sha3_neon.h | 32 +- 33 files changed, 13364 insertions(+), 4588 deletions(-) create mode 100644 libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem1024_neon.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem1024_neon.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem512_neon.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem512_neon.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem768_neon.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem768_neon.h create mode 100644 libcrux-ml-kem/c/libcrux_mlkem_neon.c create mode 100644 libcrux-ml-kem/c/libcrux_mlkem_neon.h diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index aa3d27d42..43e3c72b6 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,5 +1,5 @@ This code was generated with the following tools: Charon: ae55966c01a1a4b185a1a34da7861ba5db74c8ad Eurydice: bbfd102bbfbc3e4c362953f093dbfd65e2fbc10c -Karamel: 409fe4552f8f46351241cba1decfaa4d9fa6ffea -F*: +Karamel: 018dcd1d71f37472c517822aa6bd275263a6dcaa +F*: 0e2a116da266fbe1dbb81b414002d0afac6819b3 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 0fb3b23dd..c17768e9b 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __internal_libcrux_core_H @@ -23,7 +23,7 @@ extern core_fmt_Arguments core_fmt__core__fmt__Arguments__a__2__new_v1( #define CORE_NUM__U32_8__BITS (32U) -static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); +static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t x0[4U]); #define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) @@ -177,45 +177,6 @@ void libcrux_ml_kem_utils_into_padded_array___800size_t(Eurydice_slice slice, void libcrux_ml_kem_utils_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]); -typedef struct - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[24U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError; - -void core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError self, - uint8_t ret[24U]); - -typedef struct - core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[20U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError; - -void core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError self, - uint8_t ret[20U]); - -typedef struct - core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[10U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError; - -void core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError self, - uint8_t ret[10U]); - typedef struct core_option_Option__Eurydice_slice_uint8_t_s { core_option_Option__size_t_tags tag; Eurydice_slice f0; @@ -235,10 +196,10 @@ void core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_arr int16_t ret[16U]); typedef struct - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t__s { - Eurydice_slice fst[4U]; - Eurydice_slice snd[4U]; -} K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_; + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t__s { + Eurydice_slice fst[2U]; + Eurydice_slice snd[2U]; +} K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h new file mode 100644 index 000000000..8915c212b --- /dev/null +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h @@ -0,0 +1,74 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d + */ + +#ifndef __internal_libcrux_mlkem_neon_H +#define __internal_libcrux_mlkem_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "../libcrux_mlkem_neon.h" +#include "eurydice_glue.h" +#include "internal/libcrux_core.h" +#include "internal/libcrux_mlkem_portable.h" + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1152size_t_1184size_t( + uint8_t *public_key); + +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1536size_t_1568size_t( + uint8_t *public_key); + +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_800size_t( + uint8_t *public_key); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_mlkem_neon_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 5e2ab8b96..26297a0f9 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __internal_libcrux_mlkem_portable_H @@ -23,51 +23,51 @@ extern const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U]; (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / \ LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR) -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t_1568size_t( uint8_t *public_key); libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]); K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]); -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t_1184size_t( uint8_t *public_key); libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]); K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]); -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_800size_t( uint8_t *public_key); libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( uint8_t randomness[64U]); K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]); -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 9bc61dfff..0363128b2 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index fcd3a82b0..cc1359abb 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #include "internal/libcrux_core.h" @@ -338,48 +338,6 @@ void libcrux_ml_kem_utils_into_padded_array___64size_t(Eurydice_slice slice, memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } -void core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError self, - uint8_t ret[24U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[24U]; - memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -void core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError self, - uint8_t ret[20U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[20U]; - memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -void core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError self, - uint8_t ret[10U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[10U]; - memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - void core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( core_result_Result__int16_t_16size_t__core_array_TryFromSliceError self, int16_t ret[16U]) { diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index ec93700b3..8bccd9104 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index e11fc760b..035bc1287 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c new file mode 100644 index 000000000..b7cd6975a --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c @@ -0,0 +1,55 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d + */ + +#include "libcrux_mlkem1024_neon.h" + +void libcrux_ml_kem_mlkem1024_neon_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_neon_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____0); +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ +libcrux_ml_kem_mlkem1024_neon_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key) { + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ + uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___4size_t_1536size_t_1568size_t( + public_key.value)) { + uu____0 = (CLITERAL( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_Some, .f0 = public_key}); + } else { + uu____0 = (CLITERAL( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_None}); + } + return uu____0; +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h new file mode 100644 index 000000000..a4ee49a6d --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h @@ -0,0 +1,40 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d + */ + +#ifndef __libcrux_mlkem1024_neon_H +#define __libcrux_mlkem1024_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" +#include "libcrux_core.h" +#include "libcrux_mlkem512_neon.h" + +void libcrux_ml_kem_mlkem1024_neon_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_neon_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]); + +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ +libcrux_ml_kem_mlkem1024_neon_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem1024_neon_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index b8bcb998e..0676f1b45 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 86d286194..1cc43ae7e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 438b35f44..7277f70d8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c new file mode 100644 index 000000000..46ec1bb1b --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c @@ -0,0 +1,163 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d + */ + +#include "libcrux_mlkem512_neon.h" + +#include "internal/libcrux_mlkem_neon.h" + +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_mlkem512_neon_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____0, uu____1); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_neon_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____0, uu____1); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____0); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____0); +} + +bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___2size_t_768size_t_800size_t( + uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_800size_t( + public_key); +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ +libcrux_ml_kem_mlkem512_neon_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key) { + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___2size_t_768size_t_800size_t( + public_key.value)) { + uu____0 = (CLITERAL( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_Some, .f0 = public_key}); + } else { + uu____0 = (CLITERAL( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_None}); + } + return uu____0; +} + +bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1152size_t_1184size_t( + public_key); +} + +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___4size_t_1536size_t_1568size_t( + uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1536size_t_1568size_t( + public_key); +} + +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____0); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h new file mode 100644 index 000000000..869fc7a62 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h @@ -0,0 +1,89 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d + */ + +#ifndef __libcrux_mlkem512_neon_H +#define __libcrux_mlkem512_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" +#include "libcrux_core.h" + +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + +void libcrux_ml_kem_mlkem512_neon_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_neon_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]); + +bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___2size_t_768size_t_800size_t( + uint8_t *public_key); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ +libcrux_ml_kem_mlkem512_neon_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key); + +bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key); + +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + +bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___4size_t_1536size_t_1568size_t( + uint8_t *public_key); + +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem512_neon_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index d69cddf1a..6f4c9236d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #include "libcrux_mlkem512_portable.h" @@ -14,7 +14,7 @@ void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632si libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]) { uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( private_key, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -36,7 +36,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_8 libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( uu____0, uu____1); } @@ -56,7 +56,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768siz uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( uu____0); } @@ -70,7 +70,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_800size_t( public_key); } @@ -93,7 +93,7 @@ libcrux_ml_kem_mlkem512_portable_validate_public_key( bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t_1568size_t( public_key); } @@ -102,7 +102,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536si uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uu____0); } @@ -113,7 +113,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_ libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( uu____0, uu____1); } @@ -122,14 +122,14 @@ void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168si libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( private_key, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t_1184size_t( public_key); } @@ -138,7 +138,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152si uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uu____0); } @@ -149,7 +149,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_ libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( uu____0, uu____1); } @@ -157,7 +157,7 @@ void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400si libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( private_key, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 269a4ac23..6aa5da039 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index e2ef0eebc..7dab3285d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c new file mode 100644 index 000000000..eccf2c366 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c @@ -0,0 +1,54 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d + */ + +#include "libcrux_mlkem768_neon.h" + +void libcrux_ml_kem_mlkem768_neon_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_neon_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_neon_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key) { + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ + uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___3size_t_1152size_t_1184size_t( + public_key.value)) { + uu____0 = (CLITERAL( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_Some, .f0 = public_key}); + } else { + uu____0 = (CLITERAL( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_None}); + } + return uu____0; +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h new file mode 100644 index 000000000..1c5ff9ad4 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h @@ -0,0 +1,40 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d + */ + +#ifndef __libcrux_mlkem768_neon_H +#define __libcrux_mlkem768_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" +#include "libcrux_core.h" +#include "libcrux_mlkem512_neon.h" + +void libcrux_ml_kem_mlkem768_neon_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_neon_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]); + +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_neon_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem768_neon_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 58dd5ea2f..e0102fe71 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 2cd183b3c..ec7de6074 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c new file mode 100644 index 000000000..3f1c6d45c --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -0,0 +1,7571 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d + */ + +#include "internal/libcrux_mlkem_neon.h" + +#include "internal/libcrux_core.h" +#include "internal/libcrux_mlkem_portable.h" + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_ZERO(void) { + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = uu____0, + .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0)}); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO( + void) { + return libcrux_ml_kem_vector_neon_vector_type_ZERO(); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array) { + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice( + array, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)8U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = uu____0, + .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice( + array, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice))}); +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___from_i16_array( + Eurydice_slice array) { + return libcrux_ml_kem_vector_neon_vector_type_from_i16_array(array); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_add( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); + return lhs; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___add( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + return libcrux_ml_kem_vector_neon_arithmetic_add(lhs, rhs); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_sub( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); + return lhs; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___sub( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + return libcrux_ml_kem_vector_neon_arithmetic_sub(lhs, rhs); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); + v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); + return v; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant(v, c); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + core_core_arch_arm_shared_neon_int16x8_t c0 = + libcrux_intrinsics_arm64__vdupq_n_s16(c); + v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); + return v; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant(v, c); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t c = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); + core_core_arch_arm_shared_neon_uint16x8_t m0 = + libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); + core_core_arch_arm_shared_neon_uint16x8_t m1 = + libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = c; + core_core_arch_arm_shared_neon_int16x8_t c0 = + libcrux_intrinsics_arm64__vandq_s16( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = c; + core_core_arch_arm_shared_neon_int16x8_t c1 = + libcrux_intrinsics_arm64__vandq_s16( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); + v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); + return v; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___cond_subtract_3329( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329(v); +} + +inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v) { + core_core_arch_arm_shared_neon_int16x8_t adder = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); + core_core_arch_arm_shared_neon_int16x8_t vec = + libcrux_intrinsics_arm64__vqdmulhq_n_s16( + v, LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER); + core_core_arch_arm_shared_neon_int16x8_t vec0 = + libcrux_intrinsics_arm64__vaddq_s16(vec, adder); + core_core_arch_arm_shared_neon_int16x8_t quotient = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)11, vec0, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t sub = + libcrux_intrinsics_arm64__vmulq_n_s16( + quotient, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_intrinsics_arm64__vsubq_s16(v, sub); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + v.low = libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.low); + v.high = + libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.high); + return v; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___barrett_reduce( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce(v); +} + +inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t low, + core_core_arch_arm_shared_neon_int16x8_t high) { + core_core_arch_arm_shared_neon_int16x8_t k = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vmulq_n_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), + (uint16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_arm_shared_neon_int16x8_t c = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, + libcrux_intrinsics_arm64__vqdmulhq_n_s16( + k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_intrinsics_arm64__vsubq_s16(high, c); +} + +inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, int16_t c) { + core_core_arch_arm_shared_neon_int16x8_t v_low = + libcrux_intrinsics_arm64__vmulq_n_s16(v, c); + core_core_arch_arm_shared_neon_int16x8_t v_high = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + v_low, v_high); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + v.low = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + v.low, c); + v.high = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + v.high, c); + return v; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + v, c); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t half = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); + core_core_arch_arm_shared_neon_int16x8_t quarter = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); + core_core_arch_arm_shared_neon_int16x8_t shifted = + libcrux_intrinsics_arm64__vsubq_s16(half, v.low); + core_core_arch_arm_shared_neon_int16x8_t mask0 = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, shifted, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive = + libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); + core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range = + libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vshrq_n_u16( + (int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16( + shifted_positive_in_range), + core_core_arch_arm_shared_neon_uint16x8_t)); + core_core_arch_arm_shared_neon_int16x8_t shifted0 = + libcrux_intrinsics_arm64__vsubq_s16(half, v.high); + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, shifted0, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive0 = + libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); + core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range0 = + libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vshrq_n_u16( + (int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16( + shifted_positive_in_range0), + core_core_arch_arm_shared_neon_uint16x8_t)); + return v; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___compress_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_compress_1(v); +} + +inline int16_t +libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + int16_t coefficient_bits) { + int16_t uu____0; + switch (coefficient_bits) { + case 4: { + uu____0 = (int16_t)15; + break; + } + case 5: { + uu____0 = (int16_t)31; + break; + } + case 10: { + uu____0 = (int16_t)1023; + break; + } + case 11: { + uu____0 = (int16_t)2047; + break; + } + default: { + int16_t x = coefficient_bits; + uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; + } + } + return uu____0; +} + +inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, + core_core_arch_arm_shared_neon_int16x8_t c) { + core_core_arch_arm_shared_neon_int16x8_t v_low = + libcrux_intrinsics_arm64__vmulq_s16(v, c); + core_core_arch_arm_shared_neon_int16x8_t v_high = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + v_low, v_high); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int32x4_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t dup_a = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int32x4_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t dup_b = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, + zeta); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int32x4_t uu____2 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + uu____2, libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + core_core_arch_arm_shared_neon_int32x4_t uu____3 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + uu____3, libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step(a, zeta1, zeta2, zeta3, + zeta4); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2) { + int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int64x2_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t dup_a = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int64x2_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t dup_b = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, + zeta); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int64x2_t uu____2 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + uu____2, libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + core_core_arch_arm_shared_neon_int64x2_t uu____3 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + uu____3, libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step(a, zeta1, zeta2); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { + core_core_arch_arm_shared_neon_int16x8_t zeta0 = + libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + v.high, zeta0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); + return v; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step(a, zeta); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int32x4_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int32x4_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + core_core_arch_arm_shared_neon_int16x8_t a1 = + libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(a); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta); + core_core_arch_arm_shared_neon_int32x4_t uu____2 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + uu____2, libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + core_core_arch_arm_shared_neon_int32x4_t uu____3 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + uu____3, libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step(a, zeta1, zeta2, + zeta3, zeta4); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2) { + int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int64x2_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int64x2_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta); + core_core_arch_arm_shared_neon_int64x2_t uu____2 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + uu____2, libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + core_core_arch_arm_shared_neon_int64x2_t uu____3 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + uu____3, libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step(a, zeta1, zeta2); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { + core_core_arch_arm_shared_neon_int16x8_t zeta0 = + libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); + v.high = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta0); + return v; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step(a, zeta); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_multiply( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta3, -zeta1, -zeta3, + zeta2, zeta4, -zeta2, -zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); + core_core_arch_arm_shared_neon_int16x8_t a1 = + libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); + core_core_arch_arm_shared_neon_int16x8_t b1 = + libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); + core_core_arch_arm_shared_neon_int16x8_t a1b1 = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(a1, + b1); + core_core_arch_arm_shared_neon_int16x4_t uu____0 = + libcrux_intrinsics_arm64__vget_low_s16(a1b1); + core_core_arch_arm_shared_neon_int32x4_t a1b1_low = + libcrux_intrinsics_arm64__vmull_s16( + uu____0, libcrux_intrinsics_arm64__vget_low_s16(zeta)); + core_core_arch_arm_shared_neon_int32x4_t a1b1_high = + libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); + core_core_arch_arm_shared_neon_int32x4_t uu____1 = a1b1_low; + core_core_arch_arm_shared_neon_int16x4_t uu____2 = + libcrux_intrinsics_arm64__vget_low_s16(a0); + core_core_arch_arm_shared_neon_int16x8_t fst_low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_s16( + uu____1, uu____2, libcrux_intrinsics_arm64__vget_low_s16(b0))); + core_core_arch_arm_shared_neon_int16x8_t fst_high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, a0, b0)); + core_core_arch_arm_shared_neon_int16x4_t uu____3 = + libcrux_intrinsics_arm64__vget_low_s16(a0); + core_core_arch_arm_shared_neon_int32x4_t a0b1_low = + libcrux_intrinsics_arm64__vmull_s16( + uu____3, libcrux_intrinsics_arm64__vget_low_s16(b1)); + core_core_arch_arm_shared_neon_int32x4_t a0b1_high = + libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); + core_core_arch_arm_shared_neon_int32x4_t uu____4 = a0b1_low; + core_core_arch_arm_shared_neon_int16x4_t uu____5 = + libcrux_intrinsics_arm64__vget_low_s16(a1); + core_core_arch_arm_shared_neon_int16x8_t snd_low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_s16( + uu____4, uu____5, libcrux_intrinsics_arm64__vget_low_s16(b0))); + core_core_arch_arm_shared_neon_int16x8_t snd_high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, a1, b0)); + core_core_arch_arm_shared_neon_int16x8_t fst_low16 = + libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); + core_core_arch_arm_shared_neon_int16x8_t fst_high16 = + libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); + core_core_arch_arm_shared_neon_int16x8_t snd_low16 = + libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); + core_core_arch_arm_shared_neon_int16x8_t snd_high16 = + libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); + core_core_arch_arm_shared_neon_int16x8_t fst = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + fst_low16, fst_high16); + core_core_arch_arm_shared_neon_int16x8_t snd = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + snd_low16, snd_high16); + core_core_arch_arm_shared_neon_int32x4_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); + core_core_arch_arm_shared_neon_int32x4_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); + core_core_arch_arm_shared_neon_int16x8_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(low0, high0)); + core_core_arch_arm_shared_neon_int16x8_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(low0, high0)); + uint8_t indexes[16U] = {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, + 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U}; + core_core_arch_arm_shared_neon_uint8x16_t index = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, indexes, uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low2 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8( + libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), index)); + core_core_arch_arm_shared_neon_int16x8_t high2 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8( + libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), index)); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = low2, .high = high2}); +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ntt_multiply( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_ntt_multiply(lhs, rhs, zeta1, zeta2, + zeta3, zeta4); +} + +inline void libcrux_ml_kem_vector_neon_serialize_serialize_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]) { + int16_t shifter[8U] = {(int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, + (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low0 = + libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); + core_core_arch_arm_shared_neon_int16x8_t high0 = + libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); + int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); + int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); + ret[0U] = (uint8_t)low; + ret[1U] = (uint8_t)high; +} + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]) { + uint8_t ret0[2U]; + libcrux_ml_kem_vector_neon_serialize_serialize_1(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a) { + core_core_arch_arm_shared_neon_int16x8_t one = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); + core_core_arch_arm_shared_neon_int16x8_t low0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( + a, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + core_core_arch_arm_shared_neon_int16x8_t high0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( + a, (size_t)1U, uint8_t, uint8_t *, uint8_t)); + int16_t shifter[8U] = {(int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, + (int16_t)-4, (int16_t)-5, (int16_t)-6, (int16_t)-7}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vshlq_s16(low0, shift); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vshlq_s16(high0, shift); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vandq_s16(low, one); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = uu____0, .high = libcrux_intrinsics_arm64__vandq_s16(high, one)}); +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_1( + Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_1(a); +} + +inline void libcrux_ml_kem_vector_neon_serialize_serialize_4( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]) { + int16_t shifter[8U] = {(int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, + (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t lowt = + libcrux_intrinsics_arm64__vshlq_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), shift); + core_core_arch_arm_shared_neon_uint16x8_t hight = + libcrux_intrinsics_arm64__vshlq_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), shift); + uint64_t sum0 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_low_u16(lowt)); + uint64_t sum1 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_high_u16(lowt)); + uint64_t sum2 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_low_u16(hight)); + uint64_t sum3 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_high_u16(hight)); + uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; + uint8_t ret0[8U]; + core_num__u64_9__to_le_bytes(sum, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_4( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]) { + uint8_t ret0[8U]; + libcrux_ml_kem_vector_neon_serialize_serialize_4(a, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v) { + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, v, Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret); + uint64_t input = core_num__u64_9__from_le_bytes(ret); + int16_t low[8U] = {0U}; + int16_t high[8U] = {0U}; + low[0U] = (int16_t)(input & 15ULL); + low[1U] = (int16_t)(input >> 4U & 15ULL); + low[2U] = (int16_t)(input >> 8U & 15ULL); + low[3U] = (int16_t)(input >> 12U & 15ULL); + low[4U] = (int16_t)(input >> 16U & 15ULL); + low[5U] = (int16_t)(input >> 20U & 15ULL); + low[6U] = (int16_t)(input >> 24U & 15ULL); + low[7U] = (int16_t)(input >> 28U & 15ULL); + high[0U] = (int16_t)(input >> 32U & 15ULL); + high[1U] = (int16_t)(input >> 36U & 15ULL); + high[2U] = (int16_t)(input >> 40U & 15ULL); + high[3U] = (int16_t)(input >> 44U & 15ULL); + high[4U] = (int16_t)(input >> 48U & 15ULL); + high[5U] = (int16_t)(input >> 52U & 15ULL); + high[6U] = (int16_t)(input >> 56U & 15ULL); + high[7U] = (int16_t)(input >> 60U & 15ULL); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, low, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, high, int16_t, Eurydice_slice)); + return lit; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_4( + Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_4(a); +} + +inline void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]) { + int16_t out[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_s16( + Eurydice_array_to_subslice((size_t)16U, out, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice), + v.low); + libcrux_intrinsics_arm64__vst1q_s16( + Eurydice_array_to_subslice((size_t)16U, out, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)8U, .end = (size_t)16U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice), + v.high); + memcpy(ret, out, (size_t)16U * sizeof(int16_t)); +} + +inline void libcrux_ml_kem_vector_neon_serialize_serialize_5( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]) { + uint8_t res[10U] = {0U}; + int16_t out[16U]; + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out); + res[0U] = (uint8_t)(out[0U] | out[1U] << 5U); + res[1U] = (uint8_t)((out[1U] >> 3U | out[2U] << 2U) | out[3U] << 7U); + res[2U] = (uint8_t)(out[3U] >> 1U | out[4U] << 4U); + res[3U] = (uint8_t)((out[4U] >> 4U | out[5U] << 1U) | out[6U] << 6U); + res[4U] = (uint8_t)(out[6U] >> 2U | out[7U] << 3U); + res[5U] = (uint8_t)(out[(size_t)8U + (size_t)0U] | + out[(size_t)8U + (size_t)1U] << 5U); + res[6U] = (uint8_t)((out[(size_t)8U + (size_t)1U] >> 3U | + out[(size_t)8U + (size_t)2U] << 2U) | + out[(size_t)8U + (size_t)3U] << 7U); + res[7U] = (uint8_t)(out[(size_t)8U + (size_t)3U] >> 1U | + out[(size_t)8U + (size_t)4U] << 4U); + res[8U] = (uint8_t)((out[(size_t)8U + (size_t)4U] >> 4U | + out[(size_t)8U + (size_t)5U] << 1U) | + out[(size_t)8U + (size_t)6U] << 6U); + res[9U] = (uint8_t)(out[(size_t)8U + (size_t)6U] >> 2U | + out[(size_t)8U + (size_t)7U] << 3U); + memcpy(ret, res, (size_t)10U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_5( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]) { + uint8_t ret0[10U]; + libcrux_ml_kem_vector_neon_serialize_serialize_5(a, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v) { + uint8_t input0[8U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)8U, input0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)5U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice(v, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)5U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + uint8_t uu____1[8U]; + memcpy(uu____1, input0, (size_t)8U * sizeof(uint8_t)); + uint64_t low64 = core_num__u64_9__from_le_bytes(uu____1); + uint8_t input1[8U] = {0U}; + Eurydice_slice uu____2 = Eurydice_array_to_subslice( + (size_t)8U, input1, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)5U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice(v, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)5U, .end = (size_t)10U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + uint8_t uu____3[8U]; + memcpy(uu____3, input1, (size_t)8U * sizeof(uint8_t)); + uint64_t high64 = core_num__u64_9__from_le_bytes(uu____3); + int16_t low[8U] = {0U}; + int16_t high[8U] = {0U}; + low[0U] = (int16_t)(low64 & 31ULL); + low[1U] = (int16_t)(low64 >> 5U & 31ULL); + low[2U] = (int16_t)(low64 >> 10U & 31ULL); + low[3U] = (int16_t)(low64 >> 15U & 31ULL); + low[4U] = (int16_t)(low64 >> 20U & 31ULL); + low[5U] = (int16_t)(low64 >> 25U & 31ULL); + low[6U] = (int16_t)(low64 >> 30U & 31ULL); + low[7U] = (int16_t)(low64 >> 35U & 31ULL); + high[0U] = (int16_t)(high64 & 31ULL); + high[1U] = (int16_t)(high64 >> 5U & 31ULL); + high[2U] = (int16_t)(high64 >> 10U & 31ULL); + high[3U] = (int16_t)(high64 >> 15U & 31ULL); + high[4U] = (int16_t)(high64 >> 20U & 31ULL); + high[5U] = (int16_t)(high64 >> 25U & 31ULL); + high[6U] = (int16_t)(high64 >> 30U & 31ULL); + high[7U] = (int16_t)(high64 >> 35U & 31ULL); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, low, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, high, int16_t, Eurydice_slice)); + return lit; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_5( + Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_5(a); +} + +inline void libcrux_ml_kem_vector_neon_serialize_serialize_10( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]) { + core_core_arch_arm_shared_neon_int32x4_t low00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t low10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t mixt = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)10, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)20, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); + core_core_arch_arm_shared_neon_int32x4_t high00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t high10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t mixt0 = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)10, high00, high10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)20, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); + uint8_t result32[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)32U, result32, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice uu____1 = Eurydice_array_to_subslice( + (size_t)32U, result32, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[20U] = {0U}; + Eurydice_slice uu____2 = Eurydice_array_to_subslice( + (size_t)20U, result, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)5U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice((size_t)32U, result32, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)5U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice( + (size_t)20U, result, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)5U, + .end = (size_t)10U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice((size_t)32U, result32, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)8U, .end = (size_t)13U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_array_to_subslice( + (size_t)20U, result, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)10U, + .end = (size_t)15U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice((size_t)32U, result32, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U, .end = (size_t)21U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice( + (size_t)20U, result, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)15U, + .end = (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice((size_t)32U, result32, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)24U, .end = (size_t)29U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_10( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]) { + uint8_t ret0[20U]; + libcrux_ml_kem_vector_neon_serialize_serialize_10(a, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v) { + uint8_t input0[8U] = {0U}; + uint8_t input1[8U] = {0U}; + uint8_t input2[4U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)8U, input0, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice(v, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)8U, input1, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice(v, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)8U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)4U, input2, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice(v, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U, .end = (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + uint8_t uu____3[8U]; + memcpy(uu____3, input0, (size_t)8U * sizeof(uint8_t)); + uint64_t input00 = core_num__u64_9__from_le_bytes(uu____3); + uint8_t uu____4[8U]; + memcpy(uu____4, input1, (size_t)8U * sizeof(uint8_t)); + uint64_t input10 = core_num__u64_9__from_le_bytes(uu____4); + uint8_t uu____5[4U]; + memcpy(uu____5, input2, (size_t)4U * sizeof(uint8_t)); + uint32_t input20 = core_num__u32_8__from_le_bytes(uu____5); + int16_t low[8U] = {0U}; + int16_t high[8U] = {0U}; + low[0U] = (int16_t)(input00 & 1023ULL); + low[1U] = (int16_t)(input00 >> 10U & 1023ULL); + low[2U] = (int16_t)(input00 >> 20U & 1023ULL); + low[3U] = (int16_t)(input00 >> 30U & 1023ULL); + low[4U] = (int16_t)(input00 >> 40U & 1023ULL); + low[5U] = (int16_t)(input00 >> 50U & 1023ULL); + low[6U] = (int16_t)((input00 >> 60U | input10 << 4U) & 1023ULL); + low[7U] = (int16_t)(input10 >> 6U & 1023ULL); + high[0U] = (int16_t)(input10 >> 16U & 1023ULL); + high[1U] = (int16_t)(input10 >> 26U & 1023ULL); + high[2U] = (int16_t)(input10 >> 36U & 1023ULL); + high[3U] = (int16_t)(input10 >> 46U & 1023ULL); + high[4U] = (int16_t)(((uint32_t)(input10 >> 56U) | input20 << 8U) & 1023U); + high[5U] = (int16_t)(input20 >> 2U & 1023U); + high[6U] = (int16_t)(input20 >> 12U & 1023U); + high[7U] = (int16_t)(input20 >> 22U & 1023U); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, low, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, high, int16_t, Eurydice_slice)); + return lit; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_10( + Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_10(a); +} + +inline void libcrux_ml_kem_vector_neon_serialize_serialize_11( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]) { + int16_t input[16U]; + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, input); + uint8_t result[22U] = {0U}; + result[0U] = (uint8_t)input[0U]; + result[1U] = (uint8_t)(input[0U] >> 8U | input[1U] << 3U); + result[2U] = (uint8_t)(input[1U] >> 5U | input[2U] << 6U); + result[3U] = (uint8_t)(input[2U] >> 2U); + result[4U] = (uint8_t)(input[2U] >> 10U | input[3U] << 1U); + result[5U] = (uint8_t)(input[3U] >> 7U | input[4U] << 4U); + result[6U] = (uint8_t)(input[4U] >> 4U | input[5U] << 7U); + result[7U] = (uint8_t)(input[5U] >> 1U); + result[8U] = (uint8_t)(input[5U] >> 9U | input[6U] << 2U); + result[9U] = (uint8_t)(input[6U] >> 6U | input[7U] << 5U); + result[10U] = (uint8_t)(input[7U] >> 3U); + result[(size_t)11U + (size_t)0U] = (uint8_t)input[(size_t)8U + (size_t)0U]; + result[(size_t)11U + (size_t)1U] = + (uint8_t)(input[(size_t)8U + (size_t)0U] >> 8U | + input[(size_t)8U + (size_t)1U] << 3U); + result[(size_t)11U + (size_t)2U] = + (uint8_t)(input[(size_t)8U + (size_t)1U] >> 5U | + input[(size_t)8U + (size_t)2U] << 6U); + result[(size_t)11U + (size_t)3U] = + (uint8_t)(input[(size_t)8U + (size_t)2U] >> 2U); + result[(size_t)11U + (size_t)4U] = + (uint8_t)(input[(size_t)8U + (size_t)2U] >> 10U | + input[(size_t)8U + (size_t)3U] << 1U); + result[(size_t)11U + (size_t)5U] = + (uint8_t)(input[(size_t)8U + (size_t)3U] >> 7U | + input[(size_t)8U + (size_t)4U] << 4U); + result[(size_t)11U + (size_t)6U] = + (uint8_t)(input[(size_t)8U + (size_t)4U] >> 4U | + input[(size_t)8U + (size_t)5U] << 7U); + result[(size_t)11U + (size_t)7U] = + (uint8_t)(input[(size_t)8U + (size_t)5U] >> 1U); + result[(size_t)11U + (size_t)8U] = + (uint8_t)(input[(size_t)8U + (size_t)5U] >> 9U | + input[(size_t)8U + (size_t)6U] << 2U); + result[(size_t)11U + (size_t)9U] = + (uint8_t)(input[(size_t)8U + (size_t)6U] >> 6U | + input[(size_t)8U + (size_t)7U] << 5U); + result[(size_t)11U + (size_t)10U] = + (uint8_t)(input[(size_t)8U + (size_t)7U] >> 3U); + memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_11( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]) { + uint8_t ret0[22U]; + libcrux_ml_kem_vector_neon_serialize_serialize_11(a, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v) { + uint8_t input0[8U] = {0U}; + uint8_t input1[8U] = {0U}; + uint8_t input2[8U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)8U, input0, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice(v, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)8U, input1, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice(v, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)8U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_array_to_subslice( + (size_t)8U, input2, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)6U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice(v, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U, .end = (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + uint8_t uu____3[8U]; + memcpy(uu____3, input0, (size_t)8U * sizeof(uint8_t)); + uint64_t input00 = core_num__u64_9__from_le_bytes(uu____3); + uint8_t uu____4[8U]; + memcpy(uu____4, input1, (size_t)8U * sizeof(uint8_t)); + uint64_t input10 = core_num__u64_9__from_le_bytes(uu____4); + uint8_t uu____5[8U]; + memcpy(uu____5, input2, (size_t)8U * sizeof(uint8_t)); + uint64_t input20 = core_num__u64_9__from_le_bytes(uu____5); + int16_t low[8U] = {0U}; + int16_t high[8U] = {0U}; + low[0U] = (int16_t)(input00 & 2047ULL); + low[1U] = (int16_t)(input00 >> 11U & 2047ULL); + low[2U] = (int16_t)(input00 >> 22U & 2047ULL); + low[3U] = (int16_t)(input00 >> 33U & 2047ULL); + low[4U] = (int16_t)(input00 >> 44U & 2047ULL); + low[5U] = (int16_t)((input00 >> 55U | input10 << 9U) & 2047ULL); + low[6U] = (int16_t)(input10 >> 2U & 2047ULL); + low[7U] = (int16_t)(input10 >> 13U & 2047ULL); + high[0U] = (int16_t)(input10 >> 24U & 2047ULL); + high[1U] = (int16_t)(input10 >> 35U & 2047ULL); + high[2U] = (int16_t)(input10 >> 46U & 2047ULL); + high[3U] = (int16_t)((input10 >> 57U | input20 << 7U) & 2047ULL); + high[4U] = (int16_t)(input20 >> 4U & 2047ULL); + high[5U] = (int16_t)(input20 >> 15U & 2047ULL); + high[6U] = (int16_t)(input20 >> 26U & 2047ULL); + high[7U] = (int16_t)(input20 >> 37U & 2047ULL); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, low, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, high, int16_t, Eurydice_slice)); + return lit; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_11( + Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_11(a); +} + +inline void libcrux_ml_kem_vector_neon_serialize_serialize_12( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]) { + core_core_arch_arm_shared_neon_int32x4_t low00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t low10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t mixt = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)12, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)24, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); + core_core_arch_arm_shared_neon_int32x4_t high00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t high10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t mixt0 = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)12, high00, high10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)24, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); + uint8_t result32[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)32U, result32, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice uu____1 = Eurydice_array_to_subslice( + (size_t)32U, result32, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[24U] = {0U}; + Eurydice_slice uu____2 = Eurydice_array_to_subslice( + (size_t)24U, result, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)6U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice((size_t)32U, result32, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)6U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice( + (size_t)24U, result, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)6U, + .end = (size_t)12U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice((size_t)32U, result32, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)8U, .end = (size_t)14U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_array_to_subslice( + (size_t)24U, result, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)12U, + .end = (size_t)18U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice((size_t)32U, result32, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U, .end = (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice( + (size_t)24U, result, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)18U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice((size_t)32U, result32, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)24U, .end = (size_t)30U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_12( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]) { + uint8_t ret0[24U]; + libcrux_ml_kem_vector_neon_serialize_serialize_12(a, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v) { + uint8_t indexes[16U] = {0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, + 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U}; + core_core_arch_arm_shared_neon_uint8x16_t index_vec = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, indexes, uint8_t, Eurydice_slice)); + int16_t shifts[8U] = {(int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, + (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4}; + core_core_arch_arm_shared_neon_int16x8_t shift_vec = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, shifts, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t mask12 = + libcrux_intrinsics_arm64__vdupq_n_u16(4095U); + uint8_t input0[16U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)16U, input0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)12U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice(v, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)12U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_arm_shared_neon_uint8x16_t input_vec0 = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, input0, uint8_t, Eurydice_slice)); + uint8_t input1[16U] = {0U}; + Eurydice_slice uu____1 = Eurydice_array_to_subslice( + (size_t)16U, input1, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)12U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice(v, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)12U, .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_arm_shared_neon_uint8x16_t input_vec1 = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, input1, uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t moved0 = + libcrux_intrinsics_arm64__vreinterpretq_u16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, index_vec)); + core_core_arch_arm_shared_neon_uint16x8_t shifted0 = + libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vandq_u16(shifted0, mask12)); + core_core_arch_arm_shared_neon_uint16x8_t moved1 = + libcrux_intrinsics_arm64__vreinterpretq_u16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, index_vec)); + core_core_arch_arm_shared_neon_uint16x8_t shifted1 = + libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vandq_u16(shifted1, mask12)); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = low, .high = high}); +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_12( + Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_12(a); +} + +inline size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, + Eurydice_slice result) { + size_t sampled = (size_t)0U; + core_slice_iter_Chunks iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + core_slice___Slice_T___chunks(a, (size_t)3U, uint8_t, + core_slice_iter_Chunks), + core_slice_iter_Chunks, core_slice_iter_Chunks); + while (true) { + core_option_Option__Eurydice_slice_uint8_t uu____0 = + core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next( + &iter, uint8_t, core_option_Option__Eurydice_slice_uint8_t); + if (uu____0.tag == core_option_None) { + break; + } else { + Eurydice_slice bytes = uu____0.f0; + int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____1; + int16_t uu____2; + bool uu____3; + size_t uu____4; + int16_t uu____5; + size_t uu____6; + int16_t uu____7; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { + if (sampled < (size_t)16U) { + int16_t uu____8 = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = + uu____8; + sampled++; + uu____2 = d2; + uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____1 = uu____2 < uu____7; + if (uu____1) { + uu____4 = sampled; + uu____3 = uu____4 < (size_t)16U; + if (uu____3) { + uu____5 = d2; + uu____6 = sampled; + Eurydice_slice_index(result, uu____6, int16_t, int16_t *, + int16_t) = uu____5; + sampled++; + continue; + } + } + continue; + } + } + uu____2 = d2; + uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____1 = uu____2 < uu____7; + if (uu____1) { + uu____4 = sampled; + uu____3 = uu____4 < (size_t)16U; + if (uu____3) { + uu____5 = d2; + uu____6 = sampled; + Eurydice_slice_index(result, uu____6, int16_t, int16_t *, int16_t) = + uu____5; + sampled++; + continue; + } + } + } + } + return sampled; +} + +size_t +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___rej_sample( + Eurydice_slice a, Eurydice_slice out) { + return libcrux_ml_kem_vector_neon_rej_sample(a, out); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type___core__clone__Clone_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___clone( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self) { + return self[0U]; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + lit; + lit.coefficients[0U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[1U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[2U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[3U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[4U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[5U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[6U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[7U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[8U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[9U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[10U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[11U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[12U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[13U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[14U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[15U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + return lit; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, .end = i0 * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_12( + bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___cond_subtract_3329( + coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_1184size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + deserialized_pk[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +shift_right___15int32_t( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + v.low = libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, v.low, core_core_arch_arm_shared_neon_int16x8_t); + v.high = libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, v.high, core_core_arch_arm_shared_neon_int16x8_t); + return v; +} + +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +shift_right___15int32_t0( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return shift_right___15int32_t(v); +} + +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +to_unsigned_representative__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = + shift_right___15int32_t0(a); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fm = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___bitwise_and_with_constant( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___add( + a, &fm); +} + +static inline void +serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re, + uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_12( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)384U, serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)24U * i0, .end = (size_t)24U * i0 + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1152size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + key[3U], + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1152U, out, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + t_as_ntt[3U], + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1184U, public_key_serialized, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)1152U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____1[3U]; + memcpy( + uu____1, t_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t ret0[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1152size_t( + uu____1, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); +} + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1152size_t_1184size_t( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + deserialized_pk[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_1184size_t_3size_t( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0[3U]; + memcpy( + uu____0, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1152size_t_1184size_t( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { + uint8_t digest[64U] = {0U}; + libcrux_sha3_neon_sha512( + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); +} + +static void +closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret0[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + memcpy( + ret, ret0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +typedef struct Simd128Hash_s { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + shake128_state[2U]; +} Simd128Hash; + +static inline Simd128Hash shake128_init_absorb___3size_t( + uint8_t input[3U][34U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + state[2U] = {uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____1 = state; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + uu____1, uu____2, + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____3 = &state[1U]; + Eurydice_slice uu____4 = + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + uu____3, uu____4, + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy( + lit.shake128_state, state, + (size_t)2U * + sizeof( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t)); + return lit; +} + +static inline void shake128_squeeze_three_blocks___3size_t( + Simd128Hash *self, uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = self->shake128_state; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + uu____0, uu____1, + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &self->shake128_state[1U]; + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + uu____2, uu____3, + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____4[504U]; + memcpy(uu____4, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____4, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____5[504U]; + memcpy(uu____5, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____5, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____6[504U]; + memcpy(uu____6, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____6, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_504size_t( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)504U, randomness[i1], + (CLITERAL(core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + (CLITERAL(core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static inline void shake128_squeeze_block___3size_t(Simd128Hash *self, + uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = self->shake128_state; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + uu____0, uu____1, + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &self->shake128_state[1U]; + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + uu____2, uu____3, + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____4[168U]; + memcpy(uu____4, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____4, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____5[168U]; + memcpy(uu____5, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____5, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____6[168U]; + memcpy(uu____6, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____6, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_168size_t( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)168U, randomness[i1], + (CLITERAL(core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + (CLITERAL(core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +from_i16_array__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___from_i16_array( + Eurydice_slice_subslice( + a, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)16U, + .end = (i0 + (size_t)1U) * (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + result.coefficients[i0] = uu____0; + } + return result; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t0( + int16_t s[272U]) { + return from_i16_array__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_array_to_subslice((size_t)272U, s, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)256U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb___3size_t(uu____0); + uint8_t randomness0[3U][504U]; + shake128_squeeze_three_blocks___3size_t(&xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_504size_t( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[3U][168U]; + shake128_squeeze_block___3size_t(&xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_168size_t( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret0[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t0( + uu____3[i]);); + memcpy( + ret, ret0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + A_transpose[3U][3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + A_transpose[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + sampled[3U]; + sample_from_xof__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + uu____1, sampled); + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy( + ret, A_transpose, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [3U])); +} + +typedef struct + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t__uint8_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + fst[3U]; + uint8_t snd; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t__uint8_t; + +static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____0, uu____1, uu____2, + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____3, uu____4, uu____5, + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____6[128U]; + memcpy(uu____6, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____6, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____7[128U]; + memcpy(uu____7, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____7, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____8[128U]; + memcpy(uu____8, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____8, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +sample_from_binomial_distribution_2__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice( + randomness, + (CLITERAL(core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)4U, + .end = chunk_number * (size_t)4U + (size_t)4U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index( + byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint32_t uu____1 = + uu____0 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, + uint8_t, uint8_t *, uint8_t) + << 8U; + uint32_t uu____2 = + uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, + uint8_t, uint8_t *, uint8_t) + << 16U; + uint32_t random_bits_as_u32 = + uu____2 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, + uint8_t, uint8_t *, uint8_t) + << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, + Eurydice_slice)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +sample_from_binomial_distribution_3__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice( + randomness, + (CLITERAL(core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)3U, + .end = chunk_number * (size_t)3U + (size_t)3U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index( + byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint32_t uu____1 = + uu____0 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, + uint8_t, uint8_t *, uint8_t) + << 8U; + uint32_t random_bits_as_u24 = + uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, + uint8_t, uint8_t *, uint8_t) + << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, + Eurydice_slice)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + Eurydice_slice randomness) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0; + uu____0 = + sample_from_binomial_distribution_2__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + randomness); + return uu____0; +} + +static inline void +ntt_at_layer_7__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re) { + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___multiply_by_constant( + re->coefficients[j + step], (int16_t)-1600); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___sub( + re->coefficients[j], &t); + re->coefficients[j + step] = uu____0; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___add( + re->coefficients[j], &t); + re->coefficients[j] = uu____1; + } +} + +typedef struct + __libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_s { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector snd; +} __libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector; + +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +montgomery_multiply_fe__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t fer) { + return libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___montgomery_multiply_by_constant( + v, fer); +} + +static inline __libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +ntt_layer_int_vec_step__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = + montgomery_multiply_fe__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + b, zeta_r); + b = libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___sub( + a, &t); + a = libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___add( + a, &t); + return (CLITERAL( + __libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .fst = a, .snd = b}); +} + +static inline void +ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + __libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + ntt_layer_int_vec_step__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R + [zeta_i[0U]]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +static inline void +ntt_at_layer_3__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ntt_layer_3_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +static inline void +ntt_at_layer_2__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ntt_layer_2_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); +} + +static inline void +ntt_at_layer_1__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ntt_layer_1_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); +} + +static inline void +poly_barrett_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *self) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___barrett_reduce( + self->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re) { + ntt_at_layer_7__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(re); + size_t zeta_i = (size_t)1U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(&zeta_i, + re); + ntt_at_layer_2__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(&zeta_i, + re); + ntt_at_layer_1__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(&zeta_i, + re); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(re); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____2[3U]; + memcpy( + uu____2, re_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + lit.snd = domain_separator; + return lit; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +ntt_multiply__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *rhs) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + out = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ntt_multiply( + &self->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + out.coefficients[i0] = uu____0; + } + return out; +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___add( + self->coefficients[i0], &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +to_standard_domain__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___montgomery_multiply_by_constant( + v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +static inline void +add_standard_error_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient_normal_form = + to_standard_domain__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + self->coefficients[j]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___barrett_reduce( + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___add( + coefficient_normal_form, &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ( + *matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + result[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [3U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *row = matrix_A[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + &result[i1], &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static libcrux_ml_kem_utils_extraction_helper_Keypair768 +generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G___3size_t(key_generation_seed, hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( + uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + error_as_ntt[3U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( + uu____3, domain_separator) + .fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + t_as_ntt[3U]; + compute_As_plus_e__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____4[3U]; + memcpy( + uu____4, t_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1152size_t_1184size_t( + uu____4, seed_for_A, public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____5[3U]; + memcpy( + uu____5, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1152size_t( + uu____5, secret_key_serialized); + uint8_t uu____6[1152U]; + memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____7[1184U]; + memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; + memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_neon_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____0, + (CLITERAL(core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____3, + (CLITERAL(core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)2400U, out, + (CLITERAL(core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[32U]; + H___3size_t(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____7, + (CLITERAL(core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len( + implicit_rejection_value, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); +} + +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = + generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + Eurydice_slice uu____1 = Eurydice_array_to_slice( + (size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t( + uu____1, + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____2[2400U]; + memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( + uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; + uint8_t uu____4[1184U]; + memcpy(uu____4, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( + uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( + uu____4)); +} + +static inline void +entropy_preprocess__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + Eurydice_slice randomness, uint8_t ret[32U]) { + uint8_t ret0[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + deserialized_pk[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + error_1[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + error_1[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____2[3U]; + memcpy( + uu____2, error_1, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + lit.snd = domain_separator; + return lit; +} + +static inline void PRF___3size_t_128size_t(Eurydice_slice input, + uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + uint8_t dummy[128U] = {0U}; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____0, uu____1, uu____2, + Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +static inline void +invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___inv_ntt_layer_1_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); +} + +static inline void +invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___inv_ntt_layer_2_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); +} + +static inline void +invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___inv_ntt_layer_3_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +static inline __libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a_minus_b = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___sub( + b, &a); + a = libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___barrett_reduce( + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___add( + a, &b)); + b = montgomery_multiply_fe__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + a_minus_b, zeta_r); + return (CLITERAL( + __libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .fst = a, .snd = b}); +} + +static inline void +invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + __libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R + [zeta_i[0U]]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(re); +} + +static inline void +add_error_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient_normal_form = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___montgomery_multiply_by_constant( + self->coefficients[j], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___barrett_reduce( + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___add( + coefficient_normal_form, &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ( + *a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + result[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [3U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *row = a_as_ntt[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + &result[i1], &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + &result[i1]); + add_error_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_1__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___bitwise_and_with_constant( + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___sub( + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(), + &v), + (int16_t)1665); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient_compressed = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_1( + Eurydice_array_to_subslice( + (size_t)32U, serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_1__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + coefficient_compressed); + re.coefficients[i0] = uu____0;); + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +add_message_error_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *message, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient_normal_form = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___montgomery_multiply_by_constant( + result.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___add( + self->coefficients[i0], &message->coefficients[i0]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___add( + coefficient_normal_form, &tmp); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___barrett_reduce( + tmp0); + result.coefficients[i0] = uu____0; + } + return result; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compute_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + &result); + result = + add_message_error_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + error_2, message, result); + return result; +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t___10int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)10, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + core_core_arch_arm_shared_neon_uint32x4_t compressed2 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); + return compressed2; +} + +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress___10int32_t(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)10)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + compress_int32x4_t___10int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + compress_int32x4_t___10int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + compress_int32x4_t___10int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + compress_int32x4_t___10int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress___10int32_t0(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress___10int32_t(v); +} + +static inline void +compress_then_serialize_10__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re, + uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + compress___10int32_t0( + to_unsigned_representative__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_10( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)320U, serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, .end = (size_t)20U * i0 + (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t___11int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)11, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + core_core_arch_arm_shared_neon_uint32x4_t compressed2 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); + return compressed2; +} + +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress___11int32_t(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)11)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + compress_int32x4_t___11int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + compress_int32x4_t___11int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + compress_int32x4_t___11int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + compress_int32x4_t___11int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress___11int32_t0(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress___11int32_t(v); +} + +static inline void +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re, + uint8_t ret[320U]) { + uint8_t uu____0[320U]; + compress_then_serialize_10__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_320size_t( + re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + input[3U], + Eurydice_slice out) { + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * ((size_t)960U / (size_t)3U), + .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_10size_t_320size_t( + &re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t___4int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)4, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + core_core_arch_arm_shared_neon_uint32x4_t compressed2 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); + return compressed2; +} + +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress___4int32_t(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)4)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + compress_int32x4_t___4int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + compress_int32x4_t___4int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + compress_int32x4_t___4int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + compress_int32x4_t___4int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress___4int32_t0(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress___4int32_t(v); +} + +static inline void +compress_then_serialize_4__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + compress___4int32_t0( + to_unsigned_representative__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_4( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_slice_subslice( + serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t___5int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)5, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + core_core_arch_arm_shared_neon_uint32x4_t compressed2 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); + return compressed2; +} + +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress___5int32_t(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)5)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + compress_int32x4_t___5int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + compress_int32x4_t___5int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + compress_int32x4_t___5int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + compress_int32x4_t___5int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress___5int32_t0(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress___5int32_t(v); +} + +static inline void +compress_then_serialize_5__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients = + compress___5int32_t0( + to_unsigned_representative__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_5( + coefficients, bytes); + Eurydice_slice uu____0 = Eurydice_slice_subslice( + serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)10U * i0, .end = (size_t)10U * i0 + (size_t)10U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re, + Eurydice_slice out) { + compress_then_serialize_4__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + re, out); +} + +static void +encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + t_as_ntt[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_1152size_t_3size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + A_transpose[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + ret0, false, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( + uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF___3size_t_128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + u[3U]; + compute_vector_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + A_transpose, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + v = compute_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + compress_then_serialize_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_960size_t_10size_t_320size_t( + uu____5, Eurydice_array_to_subslice( + (size_t)1088U, ciphertext, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)960U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_128size_t( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +static inline void +kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t( + Eurydice_slice shared_secret, uint8_t ret[32U]) { + uint8_t ret0[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H___3size_t( + Eurydice_array_to_slice( + (size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + public_key), + uint8_t, Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( + uu____4); + uint8_t shared_secret_array[32U]; + kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t( + shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t___10int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)10 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + core_core_arch_arm_shared_neon_uint32x4_t decompressed1 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)10, decompressed0, + core_core_arch_arm_shared_neon_uint32x4_t); + return decompressed1; +} + +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient___10int32_t( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + decompress_uint32x4_t___10int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + decompress_uint32x4_t___10int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + decompress_uint32x4_t___10int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + decompress_uint32x4_t___10int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient___10int32_t0( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient___10int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +deserialize_then_decompress_10__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)20U, .end = i0 * (size_t)20U + (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_10( + bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_ciphertext_coefficient___10int32_t0(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t___11int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)11 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + core_core_arch_arm_shared_neon_uint32x4_t decompressed1 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)11, decompressed0, + core_core_arch_arm_shared_neon_uint32x4_t); + return decompressed1; +} + +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient___11int32_t( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + decompress_uint32x4_t___11int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + decompress_uint32x4_t___11int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + decompress_uint32x4_t___11int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + decompress_uint32x4_t___11int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient___11int32_t0( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient___11int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +deserialize_then_decompress_11__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)22U, .end = i0 * (size_t)22U + (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_11( + bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_ciphertext_coefficient___11int32_t0(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_10size_t( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0; + uu____0 = + deserialize_then_decompress_10__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + serialized); + return uu____0; +} + +static inline void +ntt_vector_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(&zeta_i, + re); + ntt_at_layer_2__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(&zeta_i, + re); + ntt_at_layer_1__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(&zeta_i, + re); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(re); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1088size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + u_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + u_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice( + (size_t)1088U, ciphertext, + (CLITERAL(core_ops_range_Range__size_t){ + .start = + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_10size_t( + u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_10size_t( + &u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t___4int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)4 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + core_core_arch_arm_shared_neon_uint32x4_t decompressed1 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); + return decompressed1; +} + +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient___4int32_t( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + decompress_uint32x4_t___4int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + decompress_uint32x4_t___4int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + decompress_uint32x4_t___4int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + decompress_uint32x4_t___4int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient___4int32_t0( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient___4int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +deserialize_then_decompress_4__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)8U, .end = i0 * (size_t)8U + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_4( + bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_ciphertext_coefficient___4int32_t0(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t___5int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)5 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + core_core_arch_arm_shared_neon_uint32x4_t decompressed1 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)5, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); + return decompressed1; +} + +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient___5int32_t( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + decompress_uint32x4_t___5int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + decompress_uint32x4_t___5int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + decompress_uint32x4_t___5int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + decompress_uint32x4_t___5int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient___5int32_t0( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient___5int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +deserialize_then_decompress_5__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)10U, .end = i0 * (size_t)10U + (size_t)10U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_5( + bytes); + re.coefficients[i0] = uu____0; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = + decompress_ciphertext_coefficient___5int32_t0(re.coefficients[i0]); + re.coefficients[i0] = uu____1; + } + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0; + uu____0 = + deserialize_then_decompress_4__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + serialized); + return uu____0; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, .end = i0 * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_12( + bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + secret_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +subtract_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + b) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient_normal_form = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___montgomery_multiply_by_constant( + b.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___barrett_reduce( + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___sub( + self->coefficients[i0], &coefficient_normal_form)); + b.coefficients[i0] = uu____0; + } + return b; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compute_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + &result); + result = + subtract_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + v, result); + return result; +} + +static inline void +compress_then_serialize_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re, + uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + re.coefficients[i0]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient_compressed = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___compress_1( + coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_1( + coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)32U, serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, .end = (size_t)2U * i0 + (size_t)2U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *);); + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); +} + +static void +decrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + u_as_ntt[3U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1088size_t_10size_t( + ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + secret_as_ntt[3U]; + deserialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + message = + compute_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + &v, secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void PRF___3size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + uint8_t dummy[32U] = {0U}; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____0, uu____1, uu____2, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array___1120size_t(implicit_rejection_value, + to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF___3size_t_32size_t( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____5, uu____6, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + uu____7, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, + uint8_t, Eurydice_slice)); + uint8_t implicit_rejection_shared_secret[32U]; + kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t( + shared_secret0, shared_secret); + Eurydice_slice uu____9 = Eurydice_array_to_slice((size_t)32U, shared_secret, + uint8_t, Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____9, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_1568size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + deserialized_pk[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1536size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + key[4U], + uint8_t ret[1536U]) { + uint8_t out[1536U] = {0U}; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1536U, out, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1536size_t_1568size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + t_as_ntt[4U], + Eurydice_slice seed_for_a, uint8_t ret[1568U]) { + uint8_t public_key_serialized[1568U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1568U, public_key_serialized, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)1536U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____1[4U]; + memcpy( + uu____1, t_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t ret0[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1536size_t( + uu____1, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, + (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); +} + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1536size_t_1568size_t( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + deserialized_pk[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_1568size_t_4size_t( + Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0[4U]; + memcpy( + uu____0, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1536size_t_1568size_t( + uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { + uint8_t digest[64U] = {0U}; + libcrux_sha3_neon_sha512( + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); +} + +static void +closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret0[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + memcpy( + ret, ret0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline Simd128Hash shake128_init_absorb___4size_t( + uint8_t input[4U][34U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + state[2U] = {uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____1 = state; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + uu____1, uu____2, + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____3 = &state[1U]; + Eurydice_slice uu____4 = + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + uu____3, uu____4, + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy( + lit.shake128_state, state, + (size_t)2U * + sizeof( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t)); + return lit; +} + +static inline void shake128_squeeze_three_blocks___4size_t( + Simd128Hash *self, uint8_t ret[4U][504U]) { + uint8_t out[4U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = self->shake128_state; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + uu____0, uu____1, + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &self->shake128_state[1U]; + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + uu____2, uu____3, + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____4[504U]; + memcpy(uu____4, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____4, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____5[504U]; + memcpy(uu____5, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____5, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____6[504U]; + memcpy(uu____6, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____6, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____7[504U]; + memcpy(uu____7, out3, (size_t)504U * sizeof(uint8_t)); + memcpy(out[3U], uu____7, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_504size_t( + uint8_t randomness[4U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)504U, randomness[i1], + (CLITERAL(core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + (CLITERAL(core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static inline void shake128_squeeze_block___4size_t(Simd128Hash *self, + uint8_t ret[4U][168U]) { + uint8_t out[4U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = self->shake128_state; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + uu____0, uu____1, + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &self->shake128_state[1U]; + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + uu____2, uu____3, + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____4[168U]; + memcpy(uu____4, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____4, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____5[168U]; + memcpy(uu____5, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____5, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____6[168U]; + memcpy(uu____6, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____6, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____7[168U]; + memcpy(uu____7, out3, (size_t)168U * sizeof(uint8_t)); + memcpy(out[3U], uu____7, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_168size_t( + uint8_t randomness[4U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)168U, randomness[i1], + (CLITERAL(core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + (CLITERAL(core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t0( + int16_t s[272U]) { + return from_i16_array__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_array_to_subslice((size_t)272U, s, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)256U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[4U]) { + size_t sampled_coefficients[4U] = {0U}; + int16_t out[4U][272U] = {{0U}}; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb___4size_t(uu____0); + uint8_t randomness0[4U][504U]; + shake128_squeeze_three_blocks___4size_t(&xof_state, randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + bool done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_504size_t( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[4U][168U]; + shake128_squeeze_block___4size_t(&xof_state, randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_168size_t( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret0[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t0( + uu____3[i]);); + memcpy( + ret, ret0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[4U][4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + A_transpose[4U][4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + A_transpose[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + sampled[4U]; + sample_from_xof__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + uu____1, sampled); + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy( + ret, A_transpose, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [4U])); +} + +typedef struct + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t__uint8_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + fst[4U]; + uint8_t snd; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t__uint8_t; + +static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + uint8_t out[4U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____0, uu____1, uu____2, + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____3, uu____4, uu____5, + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____6[128U]; + memcpy(uu____6, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____6, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____7[128U]; + memcpy(uu____7, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____7, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____8[128U]; + memcpy(uu____8, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____8, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____9[128U]; + memcpy(uu____9, out3, (size_t)128U * sizeof(uint8_t)); + memcpy(out[3U], uu____9, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + re_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____2[4U]; + memcpy( + uu____2, re_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + lit.snd = domain_separator; + return lit; +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___add( + self->coefficients[i0], &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ( + *matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + result[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [4U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *row = matrix_A[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + &result[i1], &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 +generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G___4size_t(key_generation_seed, hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( + uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + secret_as_ntt[4U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + error_as_ntt[4U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( + uu____3, domain_separator) + .fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + t_as_ntt[4U]; + compute_As_plus_e__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____4[4U]; + memcpy( + uu____4, t_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1536size_t_1568size_t( + uu____4, seed_for_A, public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____5[4U]; + memcpy( + uu____5, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1536size_t( + uu____5, secret_key_serialized); + uint8_t uu____6[1536U]; + memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____7[1568U]; + memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; + memcpy(lit.fst, uu____6, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1568U * sizeof(uint8_t)); + return lit; +} + +static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_neon_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { + uint8_t out[3168U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)3168U, uu____0, + (CLITERAL(core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)3168U, uu____3, + (CLITERAL(core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)3168U, out, + (CLITERAL(core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[32U]; + H___4size_t(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)3168U, uu____7, + (CLITERAL(core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len( + implicit_rejection_value, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); +} + +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = + generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); + Eurydice_slice uu____1 = Eurydice_array_to_slice( + (size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[3168U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t( + uu____1, + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____2[3168U]; + memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( + uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; + uint8_t uu____4[1568U]; + memcpy(uu____4, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( + uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( + uu____4)); +} + +static inline void +entropy_preprocess__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + Eurydice_slice randomness, uint8_t ret[32U]) { + uint8_t ret0[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_1536size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + deserialized_pk[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + error_1[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + error_1[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____2[4U]; + memcpy( + uu____2, error_1, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + lit.snd = domain_separator; + return lit; +} + +static inline void PRF___4size_t_128size_t(Eurydice_slice input, + uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + uint8_t dummy[128U] = {0U}; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____0, uu____1, uu____2, + Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(re); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ( + *a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + result[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [4U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *row = a_as_ntt[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + &result[i1], &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + &result[i1]); + add_error_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compute_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + &result); + result = + add_message_error_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + error_2, message, result); + return result; +} + +static inline void +compress_then_serialize_11__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re, + uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + compress___11int32_t0( + to_unsigned_representative__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_11( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)352U, serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, .end = (size_t)22U * i0 + (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); +} + +static inline void +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re, + uint8_t ret[352U]) { + uint8_t uu____0[352U]; + compress_then_serialize_11__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_352size_t( + re, uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + input[4U], + Eurydice_slice out) { + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * ((size_t)1408U / (size_t)4U), + .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[352U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_11size_t_352size_t( + &re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_5size_t_160size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re, + Eurydice_slice out) { + compress_then_serialize_5__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + re, out); +} + +static void +encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1568U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + t_as_ntt[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_1536size_t_4size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + A_transpose[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + ret0, false, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( + uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + r_as_ntt[4U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + error_1[4U]; + memcpy( + error_1, uu____3.fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF___4size_t_128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + u[4U]; + compute_vector_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + A_transpose, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + v = compute_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1568U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____5[4U]; + memcpy( + uu____5, u, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + compress_then_serialize_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1408size_t_11size_t_352size_t( + uu____5, Eurydice_array_to_subslice( + (size_t)1568U, ciphertext, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)1408U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_5size_t_160size_t( + uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); +} + +static inline void +kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t( + Eurydice_slice shared_secret, uint8_t ret[32U]) { + uint8_t ret0[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H___4size_t( + Eurydice_array_to_slice( + (size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___4size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + public_key), + uint8_t, Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( + uu____4); + uint8_t shared_secret_array[32U]; + kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t( + shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_11size_t( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0; + uu____0 = + deserialize_then_decompress_11__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + serialized); + return uu____0; +} + +static inline void +ntt_vector_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_11size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(&zeta_i, + re); + ntt_at_layer_2__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(&zeta_i, + re); + ntt_at_layer_1__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(&zeta_i, + re); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(re); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1568size_t_11size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + u_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + u_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice( + (size_t)1568U, ciphertext, + (CLITERAL(core_ops_range_Range__size_t){ + .start = + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U), + .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_11size_t( + u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_11size_t( + &u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_5size_t( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0; + uu____0 = + deserialize_then_decompress_5__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + serialized); + return uu____0; +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + secret_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compute_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + &result); + result = + subtract_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + v, result); + return result; +} + +static void +decrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + u_as_ntt[4U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1568size_t_11size_t( + ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_5size_t( + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + secret_as_ntt[4U]; + deserialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + message = + compute_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + &v, secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void PRF___4size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + uint8_t dummy[32U] = {0U}; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____0, uu____1, uu____2, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1536U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)1568U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G___4size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array___1600size_t(implicit_rejection_value, + to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF___4size_t_32size_t( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____5, uu____6, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( + uu____7, Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, + uint8_t, Eurydice_slice)); + uint8_t implicit_rejection_shared_secret[32U]; + kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t( + shared_secret0, shared_secret); + Eurydice_slice uu____9 = Eurydice_array_to_slice((size_t)32U, shared_secret, + uint8_t, Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____9, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_800size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + deserialized_pk[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + key[2U], + uint8_t ret[768U]) { + uint8_t out[768U] = {0U}; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)768U, out, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_800size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + t_as_ntt[2U], + Eurydice_slice seed_for_a, uint8_t ret[800U]) { + uint8_t public_key_serialized[800U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)800U, public_key_serialized, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)768U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____1[2U]; + memcpy( + uu____1, t_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t ret0[768U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t( + uu____1, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, + (size_t)768U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); +} + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_800size_t( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + deserialized_pk[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_800size_t_2size_t( + Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0[2U]; + memcpy( + uu____0, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_800size_t( + uu____0, + Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { + uint8_t digest[64U] = {0U}; + libcrux_sha3_neon_sha512( + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); +} + +static void +closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret0[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + memcpy( + ret, ret0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline Simd128Hash shake128_init_absorb___2size_t( + uint8_t input[2U][34U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + state[2U] = {uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____1 = state; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + uu____1, uu____2, + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy( + lit.shake128_state, state, + (size_t)2U * + sizeof( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t)); + return lit; +} + +static inline void shake128_squeeze_three_blocks___2size_t( + Simd128Hash *self, uint8_t ret[2U][504U]) { + uint8_t out[2U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[504U], void *); + uint8_t out3[504U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[504U], void *); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = self->shake128_state; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + uu____0, uu____1, + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____2[504U]; + memcpy(uu____2, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____2, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____3[504U]; + memcpy(uu____3, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____3, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_504size_t( + uint8_t randomness[2U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)504U, randomness[i1], + (CLITERAL(core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + (CLITERAL(core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static inline void shake128_squeeze_block___2size_t(Simd128Hash *self, + uint8_t ret[2U][168U]) { + uint8_t out[2U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[168U], void *); + uint8_t out3[168U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[168U], void *); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = self->shake128_state; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + uu____0, uu____1, + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____2[168U]; + memcpy(uu____2, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____2, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____3[168U]; + memcpy(uu____3, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____3, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_168size_t( + uint8_t randomness[2U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)168U, randomness[i1], + (CLITERAL(core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + (CLITERAL(core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t0( + int16_t s[272U]) { + return from_i16_array__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_array_to_subslice((size_t)272U, s, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)256U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[2U]) { + size_t sampled_coefficients[2U] = {0U}; + int16_t out[2U][272U] = {{0U}}; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb___2size_t(uu____0); + uint8_t randomness0[2U][504U]; + shake128_squeeze_three_blocks___2size_t(&xof_state, randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + bool done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_504size_t( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[2U][168U]; + shake128_squeeze_block___2size_t(&xof_state, randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_168size_t( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret0[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t0( + uu____3[i]);); + memcpy( + ret, ret0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[2U][2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + A_transpose[2U][2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + A_transpose[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + sampled[2U]; + sample_from_xof__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + uu____1, sampled); + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy( + ret, A_transpose, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [2U])); +} + +typedef struct + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t__uint8_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + fst[2U]; + uint8_t snd; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t__uint8_t; + +static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + uint8_t out[2U][192U] = {{0U}}; + uint8_t out0[192U] = {0U}; + uint8_t out1[192U] = {0U}; + uint8_t out2[192U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[192U], void *); + uint8_t out3[192U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[192U], void *); + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____0, uu____1, uu____2, + Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____3[192U]; + memcpy(uu____3, out0, (size_t)192U * sizeof(uint8_t)); + memcpy(out[0U], uu____3, (size_t)192U * sizeof(uint8_t)); + uint8_t uu____4[192U]; + memcpy(uu____4, out1, (size_t)192U * sizeof(uint8_t)); + memcpy(out[1U], uu____4, (size_t)192U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + Eurydice_slice randomness) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0; + uu____0 = + sample_from_binomial_distribution_3__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + randomness); + return uu____0; +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + re_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][192U]; + PRFxN___2size_t_192size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____2[2U]; + memcpy( + uu____2, re_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + lit.snd = domain_separator; + return lit; +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___add( + self->coefficients[i0], &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ( + *matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + result[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [2U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *row = matrix_A[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + &result[i1], &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static libcrux_ml_kem_utils_extraction_helper_Keypair512 +generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G___2size_t(key_generation_seed, hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( + uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + secret_as_ntt[2U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + error_as_ntt[2U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( + uu____3, domain_separator) + .fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + t_as_ntt[2U]; + compute_As_plus_e__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____4[2U]; + memcpy( + uu____4, t_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_800size_t( + uu____4, seed_for_A, public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____5[2U]; + memcpy( + uu____5, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t secret_key_serialized[768U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t( + uu____5, secret_key_serialized); + uint8_t uu____6[768U]; + memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____7[800U]; + memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; + memcpy(lit.fst, uu____6, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)800U * sizeof(uint8_t)); + return lit; +} + +static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_neon_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { + uint8_t out[1632U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1632U, uu____0, + (CLITERAL(core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1632U, uu____3, + (CLITERAL(core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)1632U, out, + (CLITERAL(core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[32U]; + H___2size_t(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1632U, uu____7, + (CLITERAL(core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len( + implicit_rejection_value, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = + generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); + Eurydice_slice uu____1 = Eurydice_array_to_slice( + (size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[1632U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t( + uu____1, + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____2[1632U]; + memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( + uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; + uint8_t uu____4[800U]; + memcpy(uu____4, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( + uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( + uu____4)); +} + +static inline void +entropy_preprocess__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + Eurydice_slice randomness, uint8_t ret[32U]) { + uint8_t ret0[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_768size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + deserialized_pk[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + uint8_t out[2U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[128U], void *); + uint8_t out3[128U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[128U], void *); + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____0, uu____1, uu____2, + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____3[128U]; + memcpy(uu____3, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____3, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____4[128U]; + memcpy(uu____4, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____4, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_128size_t_2size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + error_1[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + error_1[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][128U]; + PRFxN___2size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____2[2U]; + memcpy( + uu____2, error_1, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + lit.snd = domain_separator; + return lit; +} + +static inline void PRF___2size_t_128size_t(Eurydice_slice input, + uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + uint8_t dummy[128U] = {0U}; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____0, uu____1, uu____2, + Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(re); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ( + *a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + result[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [2U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *row = a_as_ntt[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + &result[i1], &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + &result[i1]); + add_error_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compute_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + &result); + result = + add_message_error_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + error_2, message, result); + return result; +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + input[2U], + Eurydice_slice out) { + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * ((size_t)640U / (size_t)2U), + .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_10size_t_320size_t( + &re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static void +encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[768U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + t_as_ntt[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_768size_t_2size_t( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + A_transpose[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + ret0, false, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( + uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + r_as_ntt[2U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_128size_t_2size_t( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + error_1[2U]; + memcpy( + error_1, uu____3.fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF___2size_t_128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + u[2U]; + compute_vector_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + A_transpose, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + v = compute_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[768U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____5[2U]; + memcpy( + uu____5, u, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + compress_then_serialize_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_640size_t_10size_t_320size_t( + uu____5, Eurydice_array_to_subslice( + (size_t)768U, ciphertext, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)640U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_128size_t( + uu____6, + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); +} + +static inline void +kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t( + Eurydice_slice shared_secret, uint8_t ret[32U]) { + uint8_t ret0[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H___2size_t( + Eurydice_array_to_slice( + (size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___2size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + public_key), + uint8_t, Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t ciphertext0 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( + uu____4); + uint8_t shared_secret_array[32U]; + kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t( + shared_secret, shared_secret_array); + libcrux_ml_kem_types_MlKemCiphertext____768size_t uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + u_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + u_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice( + (size_t)768U, ciphertext, + (CLITERAL(core_ops_range_Range__size_t){ + .start = + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_10size_t( + u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_10size_t( + &u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + secret_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compute_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + &result); + result = + subtract_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + v, result); + return result; +} + +static void +decrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + u_as_ntt[2U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_10size_t( + ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + secret_as_ntt[2U]; + deserialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + message = + compute_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + &v, secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void PRF___2size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + uint8_t dummy[32U] = {0U}; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____0, uu____1, uu____2, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)768U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)800U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G___2size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array___800size_t(implicit_rejection_value, + to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF___2size_t_32size_t( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____5, uu____6, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( + uu____7, Eurydice_array_to_slice((size_t)768U, expected_ciphertext, + uint8_t, Eurydice_slice)); + uint8_t implicit_rejection_shared_secret[32U]; + kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t( + shared_secret0, shared_secret); + Eurydice_slice uu____9 = Eurydice_array_to_slice((size_t)32U, shared_secret, + uint8_t, Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____9, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h new file mode 100644 index 000000000..0d427dbd8 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -0,0 +1,301 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d + */ + +#ifndef __libcrux_mlkem_neon_H +#define __libcrux_mlkem_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" +#include "libcrux_core.h" +#include "libcrux_mlkem_portable.h" +#include "libcrux_sha3_neon.h" + +typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_s { + core_core_arch_arm_shared_neon_int16x8_t low; + core_core_arch_arm_shared_neon_int16x8_t high; +} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector; + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_ZERO(void); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO( + void); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___from_i16_array( + Eurydice_slice array); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_add( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___add( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_sub( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___sub( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___cond_subtract_3329( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +#define LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int16_t)20159) + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___barrett_reduce( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t low, + core_core_arch_arm_shared_neon_int16x8_t high); + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___compress_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +int16_t libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + int16_t coefficient_bits); + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, + core_core_arch_arm_shared_neon_int16x8_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_multiply( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ntt_multiply( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +void libcrux_ml_kem_vector_neon_serialize_serialize_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]); + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_1( + Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_4( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]); + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_4( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_4( + Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]); + +void libcrux_ml_kem_vector_neon_serialize_serialize_5( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]); + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_5( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_5( + Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_10( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]); + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_10( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_10( + Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_11( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]); + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_11( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_11( + Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_12( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]); + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_12( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_12( + Eurydice_slice a); + +size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, + Eurydice_slice result); + +size_t +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___rej_sample( + Eurydice_slice a, Eurydice_slice out); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type___core__clone__Clone_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___clone( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self); + +typedef struct + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_s { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector; + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem_neon_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 4e0f1677d..1c2f4d186 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #include "internal/libcrux_mlkem_portable.h" @@ -44,524 +44,9 @@ const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = { (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; -const uint8_t - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE - [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, - 255U, 255U, 255U}, - {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 255U, 255U}, - {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, - 15U, 255U, 255U}, - {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 14U, 15U}}; - -inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_zero( - void) { - libcrux_ml_kem_vector_portable_PortableVector lit; +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; lit.elements[0U] = (int16_t)0; lit.elements[1U] = (int16_t)0; lit.elements[2U] = (int16_t)0; @@ -581,15 +66,16 @@ inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_zero( return lit; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO( void) { - return libcrux_ml_kem_vector_zero(); + return libcrux_ml_kem_vector_portable_vector_type_zero(); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_from_i16_array(Eurydice_slice array) { - libcrux_ml_kem_vector_portable_PortableVector lit; +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_from_i16_array( + Eurydice_slice array) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; int16_t ret[16U]; core_result_Result__int16_t_16size_t__core_array_TryFromSliceError dst; Eurydice_slice_to_array2( @@ -606,15 +92,16 @@ libcrux_ml_kem_vector_from_i16_array(Eurydice_slice array) { return lit; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___from_i16_array( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___from_i16_array( Eurydice_slice array) { - return libcrux_ml_kem_vector_from_i16_array(array); + return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); } -inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_add( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -624,16 +111,17 @@ inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_add( return lhs; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs) { - return libcrux_ml_kem_vector_add(lhs, rhs); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + return libcrux_ml_kem_vector_portable_arithmetic_add(lhs, rhs); } -inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_sub( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_sub( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -643,16 +131,16 @@ inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_sub( return lhs; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs) { - return libcrux_ml_kem_vector_sub(lhs, rhs); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___sub( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + return libcrux_ml_kem_vector_portable_arithmetic_sub(lhs, rhs); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -662,15 +150,15 @@ libcrux_ml_kem_vector_multiply_by_constant( return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c) { - return libcrux_ml_kem_vector_multiply_by_constant(v, c); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(v, c); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -680,15 +168,16 @@ libcrux_ml_kem_vector_bitwise_and_with_constant( return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c) { - return libcrux_ml_kem_vector_bitwise_and_with_constant(v, c); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___bitwise_and_with_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + return libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(v, + c); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_cond_subtract_3329( - libcrux_ml_kem_vector_portable_PortableVector v) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( (CLITERAL(core_ops_range_Range__size_t){ @@ -711,78 +200,92 @@ libcrux_ml_kem_vector_cond_subtract_3329( } } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___cond_subtract_3329( - libcrux_ml_kem_vector_portable_PortableVector v) { - return libcrux_ml_kem_vector_cond_subtract_3329(v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___cond_subtract_3329( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); } -int16_t libcrux_ml_kem_vector_barrett_reduce_element(int16_t value) { - int32_t t = (int32_t)value * LIBCRUX_ML_KEM_VECTOR_BARRETT_MULTIPLIER + - (LIBCRUX_ML_KEM_VECTOR_BARRETT_R >> 1U); +int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + int16_t value) { + int32_t t = (int32_t)value * + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER + + (LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R >> 1U); int16_t quotient = - (int16_t)(t >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT); + (int16_t)(t >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT); return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_barrett_reduce( - libcrux_ml_kem_vector_portable_PortableVector v) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int16_t uu____0 = - libcrux_ml_kem_vector_barrett_reduce_element(v.elements[i0]); + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[i0]); v.elements[i0] = uu____0; } return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( - libcrux_ml_kem_vector_portable_PortableVector v) { - return libcrux_ml_kem_vector_barrett_reduce(v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); } -int16_t libcrux_ml_kem_vector_montgomery_reduce_element(int32_t value) { +int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + int32_t value) { int32_t k = (int32_t)(int16_t)value * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; int32_t k_times_modulus = (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - int16_t c = (int16_t)(k_times_modulus >> - (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT); + int16_t c = + (int16_t)(k_times_modulus >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); int16_t value_high = - (int16_t)(value >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT); + (int16_t)(value >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); return value_high - c; } -inline int16_t libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( +inline int16_t +libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer) { - return libcrux_ml_kem_vector_montgomery_reduce_element((int32_t)fe * - (int32_t)fer); + return libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)fe * (int32_t)fer); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int16_t uu____0 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[i0], c); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[i0], c); v.elements[i0] = uu____0; } return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t r) { - return libcrux_ml_kem_vector_montgomery_multiply_by_constant(v, r); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___montgomery_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r) { + return libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( + v, r); } -uint8_t libcrux_ml_kem_vector_compress_message_coefficient(uint16_t fe) { +uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( + uint16_t fe) { int16_t shifted = (int16_t)1664 - (int16_t)fe; int16_t mask = shifted >> 15U; int16_t shifted_to_positive = mask ^ shifted; @@ -790,80 +293,91 @@ uint8_t libcrux_ml_kem_vector_compress_message_coefficient(uint16_t fe) { return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_compress_1( - libcrux_ml_kem_vector_portable_PortableVector v) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_compress_compress_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - uint8_t uu____0 = libcrux_ml_kem_vector_compress_message_coefficient( - (uint16_t)v.elements[i0]); + uint8_t uu____0 = + libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( + (uint16_t)v.elements[i0]); v.elements[i0] = (int16_t)uu____0; } return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___compress_1( - libcrux_ml_kem_vector_portable_PortableVector v) { - return libcrux_ml_kem_vector_compress_1(v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___compress_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_compress_compress_1(v); } -inline uint32_t libcrux_ml_kem_vector_get_n_least_significant_bits( +inline uint32_t +libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( uint8_t n, uint32_t value) { return value & ((1U << (uint32_t)n) - 1U); } -int16_t libcrux_ml_kem_vector_compress_ciphertext_coefficient( +int16_t libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( uint8_t coefficient_bits, uint16_t fe) { uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; compressed = compressed + 1664ULL; compressed = compressed * 10321340ULL; compressed = compressed >> 35U; - return (int16_t)libcrux_ml_kem_vector_get_n_least_significant_bits( - coefficient_bits, (uint32_t)compressed); + return (int16_t) + libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( + coefficient_bits, (uint32_t)compressed); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - int16_t t = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[2U], zeta0); + int16_t t = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[2U], zeta0); v.elements[2U] = v.elements[0U] - t; v.elements[0U] = v.elements[0U] + t; - int16_t t0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[3U], zeta0); + int16_t t0 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[3U], zeta0); v.elements[3U] = v.elements[1U] - t0; v.elements[1U] = v.elements[1U] + t0; - int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[6U], zeta1); + int16_t t1 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[6U], zeta1); v.elements[6U] = v.elements[4U] - t1; v.elements[4U] = v.elements[4U] + t1; - int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[7U], zeta1); + int16_t t2 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[7U], zeta1); v.elements[7U] = v.elements[5U] - t2; v.elements[5U] = v.elements[5U] + t2; - int16_t t3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[(size_t)8U + (size_t)2U], zeta2); + int16_t t3 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)2U], zeta2); v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)0U] - t3; v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + t3; - int16_t t4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[(size_t)8U + (size_t)3U], zeta2); + int16_t t4 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)3U], zeta2); v.elements[(size_t)8U + (size_t)3U] = v.elements[(size_t)8U + (size_t)1U] - t4; v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + t4; - int16_t t5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[(size_t)8U + (size_t)6U], zeta3); + int16_t t5 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)6U], zeta3); v.elements[(size_t)8U + (size_t)6U] = v.elements[(size_t)8U + (size_t)4U] - t5; v.elements[(size_t)8U + (size_t)4U] = v.elements[(size_t)8U + (size_t)4U] + t5; - int16_t t6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[(size_t)8U + (size_t)7U], zeta3); + int16_t t6 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)7U], zeta3); v.elements[(size_t)8U + (size_t)7U] = v.elements[(size_t)8U + (size_t)5U] - t6; v.elements[(size_t)8U + (size_t)5U] = @@ -871,53 +385,62 @@ libcrux_ml_kem_vector_ntt_layer_1_step( return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3); + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(a, zeta0, zeta1, + zeta2, zeta3); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, int16_t zeta1) { - int16_t t = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[4U], zeta0); + int16_t t = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[4U], zeta0); v.elements[4U] = v.elements[0U] - t; v.elements[0U] = v.elements[0U] + t; - int16_t t0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[5U], zeta0); + int16_t t0 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[5U], zeta0); v.elements[5U] = v.elements[1U] - t0; v.elements[1U] = v.elements[1U] + t0; - int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[6U], zeta0); + int16_t t1 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[6U], zeta0); v.elements[6U] = v.elements[2U] - t1; v.elements[2U] = v.elements[2U] + t1; - int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[7U], zeta0); + int16_t t2 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[7U], zeta0); v.elements[7U] = v.elements[3U] - t2; v.elements[3U] = v.elements[3U] + t2; - int16_t t3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[(size_t)8U + (size_t)4U], zeta1); + int16_t t3 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)4U], zeta1); v.elements[(size_t)8U + (size_t)4U] = v.elements[(size_t)8U + (size_t)0U] - t3; v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + t3; - int16_t t4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[(size_t)8U + (size_t)5U], zeta1); + int16_t t4 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)5U], zeta1); v.elements[(size_t)8U + (size_t)5U] = v.elements[(size_t)8U + (size_t)1U] - t4; v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + t4; - int16_t t5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[(size_t)8U + (size_t)6U], zeta1); + int16_t t5 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)6U], zeta1); v.elements[(size_t)8U + (size_t)6U] = v.elements[(size_t)8U + (size_t)2U] - t5; v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)2U] + t5; - int16_t t6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[(size_t)8U + (size_t)7U], zeta1); + int16_t t6 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)7U], zeta1); v.elements[(size_t)8U + (size_t)7U] = v.elements[(size_t)8U + (size_t)3U] - t6; v.elements[(size_t)8U + (size_t)3U] = @@ -925,274 +448,320 @@ libcrux_ml_kem_vector_ntt_layer_2_step( return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1) { - return libcrux_ml_kem_vector_ntt_layer_2_step(a, zeta0, zeta1); + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(a, zeta0, zeta1); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { int16_t t = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[8U], zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[8U], zeta); v.elements[8U] = v.elements[0U] - t; v.elements[0U] = v.elements[0U] + t; int16_t t0 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[9U], zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[9U], zeta); v.elements[9U] = v.elements[1U] - t0; v.elements[1U] = v.elements[1U] + t0; - int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[10U], zeta); + int16_t t1 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[10U], zeta); v.elements[10U] = v.elements[2U] - t1; v.elements[2U] = v.elements[2U] + t1; - int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[11U], zeta); + int16_t t2 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[11U], zeta); v.elements[11U] = v.elements[3U] - t2; v.elements[3U] = v.elements[3U] + t2; - int16_t t3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[12U], zeta); + int16_t t3 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[12U], zeta); v.elements[12U] = v.elements[4U] - t3; v.elements[4U] = v.elements[4U] + t3; - int16_t t4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[13U], zeta); + int16_t t4 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[13U], zeta); v.elements[13U] = v.elements[5U] - t4; v.elements[5U] = v.elements[5U] + t4; - int16_t t5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[14U], zeta); + int16_t t5 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[14U], zeta); v.elements[14U] = v.elements[6U] - t5; v.elements[6U] = v.elements[6U] + t5; - int16_t t6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[15U], zeta); + int16_t t6 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[15U], zeta); v.elements[15U] = v.elements[7U] - t6; v.elements[7U] = v.elements[7U] + t6; return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta) { - return libcrux_ml_kem_vector_ntt_layer_3_step(a, zeta); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(a, zeta); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { int16_t a_minus_b = v.elements[2U] - v.elements[0U]; - int16_t uu____0 = libcrux_ml_kem_vector_barrett_reduce_element( - v.elements[0U] + v.elements[2U]); + int16_t uu____0 = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[0U] + v.elements[2U]); v.elements[0U] = uu____0; int16_t uu____1 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta0); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b, zeta0); v.elements[2U] = uu____1; int16_t a_minus_b0 = v.elements[3U] - v.elements[1U]; - int16_t uu____2 = libcrux_ml_kem_vector_barrett_reduce_element( - v.elements[1U] + v.elements[3U]); + int16_t uu____2 = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[1U] + v.elements[3U]); v.elements[1U] = uu____2; int16_t uu____3 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b0, zeta0); v.elements[3U] = uu____3; int16_t a_minus_b1 = v.elements[6U] - v.elements[4U]; - int16_t uu____4 = libcrux_ml_kem_vector_barrett_reduce_element( - v.elements[4U] + v.elements[6U]); + int16_t uu____4 = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[4U] + v.elements[6U]); v.elements[4U] = uu____4; int16_t uu____5 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta1); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b1, zeta1); v.elements[6U] = uu____5; int16_t a_minus_b2 = v.elements[7U] - v.elements[5U]; - int16_t uu____6 = libcrux_ml_kem_vector_barrett_reduce_element( - v.elements[5U] + v.elements[7U]); + int16_t uu____6 = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[5U] + v.elements[7U]); v.elements[5U] = uu____6; int16_t uu____7 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta1); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b2, zeta1); v.elements[7U] = uu____7; int16_t a_minus_b3 = v.elements[(size_t)8U + (size_t)2U] - v.elements[(size_t)8U + (size_t)0U]; - int16_t uu____8 = libcrux_ml_kem_vector_barrett_reduce_element( - v.elements[(size_t)8U + (size_t)0U] + - v.elements[(size_t)8U + (size_t)2U]); + int16_t uu____8 = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[(size_t)8U + (size_t)0U] + + v.elements[(size_t)8U + (size_t)2U]); v.elements[(size_t)8U + (size_t)0U] = uu____8; int16_t uu____9 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta2); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b3, zeta2); v.elements[(size_t)8U + (size_t)2U] = uu____9; int16_t a_minus_b4 = v.elements[(size_t)8U + (size_t)3U] - v.elements[(size_t)8U + (size_t)1U]; - int16_t uu____10 = libcrux_ml_kem_vector_barrett_reduce_element( - v.elements[(size_t)8U + (size_t)1U] + - v.elements[(size_t)8U + (size_t)3U]); + int16_t uu____10 = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[(size_t)8U + (size_t)1U] + + v.elements[(size_t)8U + (size_t)3U]); v.elements[(size_t)8U + (size_t)1U] = uu____10; int16_t uu____11 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta2); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b4, zeta2); v.elements[(size_t)8U + (size_t)3U] = uu____11; int16_t a_minus_b5 = v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)4U]; - int16_t uu____12 = libcrux_ml_kem_vector_barrett_reduce_element( - v.elements[(size_t)8U + (size_t)4U] + - v.elements[(size_t)8U + (size_t)6U]); + int16_t uu____12 = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[(size_t)8U + (size_t)4U] + + v.elements[(size_t)8U + (size_t)6U]); v.elements[(size_t)8U + (size_t)4U] = uu____12; int16_t uu____13 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta3); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b5, zeta3); v.elements[(size_t)8U + (size_t)6U] = uu____13; int16_t a_minus_b6 = v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)5U]; - int16_t uu____14 = libcrux_ml_kem_vector_barrett_reduce_element( - v.elements[(size_t)8U + (size_t)5U] + - v.elements[(size_t)8U + (size_t)7U]); + int16_t uu____14 = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[(size_t)8U + (size_t)5U] + + v.elements[(size_t)8U + (size_t)7U]); v.elements[(size_t)8U + (size_t)5U] = uu____14; int16_t uu____15 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta3); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b6, zeta3); v.elements[(size_t)8U + (size_t)7U] = uu____15; return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_inv_ntt_layer_1_step(a, zeta0, zeta1, zeta2, - zeta3); + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( + a, zeta0, zeta1, zeta2, zeta3); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, int16_t zeta1) { int16_t a_minus_b = v.elements[4U] - v.elements[0U]; v.elements[0U] = v.elements[0U] + v.elements[4U]; int16_t uu____0 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta0); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b, zeta0); v.elements[4U] = uu____0; int16_t a_minus_b0 = v.elements[5U] - v.elements[1U]; v.elements[1U] = v.elements[1U] + v.elements[5U]; int16_t uu____1 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b0, zeta0); v.elements[5U] = uu____1; int16_t a_minus_b1 = v.elements[6U] - v.elements[2U]; v.elements[2U] = v.elements[2U] + v.elements[6U]; int16_t uu____2 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta0); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b1, zeta0); v.elements[6U] = uu____2; int16_t a_minus_b2 = v.elements[7U] - v.elements[3U]; v.elements[3U] = v.elements[3U] + v.elements[7U]; int16_t uu____3 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta0); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b2, zeta0); v.elements[7U] = uu____3; int16_t a_minus_b3 = v.elements[(size_t)8U + (size_t)4U] - v.elements[(size_t)8U + (size_t)0U]; v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + v.elements[(size_t)8U + (size_t)4U]; int16_t uu____4 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta1); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b3, zeta1); v.elements[(size_t)8U + (size_t)4U] = uu____4; int16_t a_minus_b4 = v.elements[(size_t)8U + (size_t)5U] - v.elements[(size_t)8U + (size_t)1U]; v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + v.elements[(size_t)8U + (size_t)5U]; int16_t uu____5 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta1); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b4, zeta1); v.elements[(size_t)8U + (size_t)5U] = uu____5; int16_t a_minus_b5 = v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)2U]; v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)2U] + v.elements[(size_t)8U + (size_t)6U]; int16_t uu____6 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta1); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b5, zeta1); v.elements[(size_t)8U + (size_t)6U] = uu____6; int16_t a_minus_b6 = v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)3U]; v.elements[(size_t)8U + (size_t)3U] = v.elements[(size_t)8U + (size_t)3U] + v.elements[(size_t)8U + (size_t)7U]; int16_t uu____7 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta1); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b6, zeta1); v.elements[(size_t)8U + (size_t)7U] = uu____7; return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1) { - return libcrux_ml_kem_vector_inv_ntt_layer_2_step(a, zeta0, zeta1); + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(a, zeta0, + zeta1); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { int16_t a_minus_b = v.elements[8U] - v.elements[0U]; v.elements[0U] = v.elements[0U] + v.elements[8U]; int16_t uu____0 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b, zeta); v.elements[8U] = uu____0; int16_t a_minus_b0 = v.elements[9U] - v.elements[1U]; v.elements[1U] = v.elements[1U] + v.elements[9U]; int16_t uu____1 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b0, zeta); v.elements[9U] = uu____1; int16_t a_minus_b1 = v.elements[10U] - v.elements[2U]; v.elements[2U] = v.elements[2U] + v.elements[10U]; int16_t uu____2 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b1, zeta); v.elements[10U] = uu____2; int16_t a_minus_b2 = v.elements[11U] - v.elements[3U]; v.elements[3U] = v.elements[3U] + v.elements[11U]; int16_t uu____3 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b2, zeta); v.elements[11U] = uu____3; int16_t a_minus_b3 = v.elements[12U] - v.elements[4U]; v.elements[4U] = v.elements[4U] + v.elements[12U]; int16_t uu____4 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b3, zeta); v.elements[12U] = uu____4; int16_t a_minus_b4 = v.elements[13U] - v.elements[5U]; v.elements[5U] = v.elements[5U] + v.elements[13U]; int16_t uu____5 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b4, zeta); v.elements[13U] = uu____5; int16_t a_minus_b5 = v.elements[14U] - v.elements[6U]; v.elements[6U] = v.elements[6U] + v.elements[14U]; int16_t uu____6 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b5, zeta); v.elements[14U] = uu____6; int16_t a_minus_b6 = v.elements[15U] - v.elements[7U]; v.elements[7U] = v.elements[7U] + v.elements[15U]; int16_t uu____7 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b6, zeta); v.elements[15U] = uu____7; return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta) { - return libcrux_ml_kem_vector_inv_ntt_layer_3_step(a, zeta); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } -inline K___int16_t_int16_t libcrux_ml_kem_vector_ntt_multiply_binomials( +inline K___int16_t_int16_t +libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( K___int16_t_int16_t _, K___int16_t_int16_t _0, int16_t zeta) { int16_t a0 = _.fst; int16_t a1 = _.snd; int16_t b0 = _0.fst; int16_t b1 = _0.snd; int32_t uu____0 = (int32_t)a0 * (int32_t)b0; - int16_t uu____1 = libcrux_ml_kem_vector_montgomery_reduce_element( - uu____0 + (int32_t)libcrux_ml_kem_vector_montgomery_reduce_element( - (int32_t)a1 * (int32_t)b1) * - (int32_t)zeta); + int16_t uu____1 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + uu____0 + + (int32_t) + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a1 * (int32_t)b1) * + (int32_t)zeta); return (CLITERAL(K___int16_t_int16_t){ .fst = uu____1, - .snd = libcrux_ml_kem_vector_montgomery_reduce_element( - (int32_t)a0 * (int32_t)b1 + (int32_t)a1 * (int32_t)b0)}); -} - -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_ntt_multiply( - libcrux_ml_kem_vector_portable_PortableVector *lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_PortableVector out = - libcrux_ml_kem_vector_zero(); + .snd = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a0 * (int32_t)b1 + (int32_t)a1 * (int32_t)b0)}); +} + +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_multiply( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector out = + libcrux_ml_kem_vector_portable_vector_type_zero(); K___int16_t_int16_t lit0; lit0.fst = lhs->elements[0U]; lit0.snd = lhs->elements[1U]; @@ -1200,7 +769,8 @@ libcrux_ml_kem_vector_ntt_multiply( lit1.fst = rhs->elements[0U]; lit1.snd = rhs->elements[1U]; K___int16_t_int16_t product = - libcrux_ml_kem_vector_ntt_multiply_binomials(lit0, lit1, zeta0); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lit0, lit1, + zeta0); out.elements[0U] = product.fst; out.elements[1U] = product.snd; K___int16_t_int16_t lit2; @@ -1210,7 +780,8 @@ libcrux_ml_kem_vector_ntt_multiply( lit3.fst = rhs->elements[2U]; lit3.snd = rhs->elements[3U]; K___int16_t_int16_t product0 = - libcrux_ml_kem_vector_ntt_multiply_binomials(lit2, lit3, -zeta0); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lit2, lit3, + -zeta0); out.elements[2U] = product0.fst; out.elements[3U] = product0.snd; K___int16_t_int16_t lit4; @@ -1220,7 +791,8 @@ libcrux_ml_kem_vector_ntt_multiply( lit5.fst = rhs->elements[4U]; lit5.snd = rhs->elements[5U]; K___int16_t_int16_t product1 = - libcrux_ml_kem_vector_ntt_multiply_binomials(lit4, lit5, zeta1); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lit4, lit5, + zeta1); out.elements[4U] = product1.fst; out.elements[5U] = product1.snd; K___int16_t_int16_t lit6; @@ -1230,7 +802,8 @@ libcrux_ml_kem_vector_ntt_multiply( lit7.fst = rhs->elements[6U]; lit7.snd = rhs->elements[7U]; K___int16_t_int16_t product2 = - libcrux_ml_kem_vector_ntt_multiply_binomials(lit6, lit7, -zeta1); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lit6, lit7, + -zeta1); out.elements[6U] = product2.fst; out.elements[7U] = product2.snd; K___int16_t_int16_t lit8; @@ -1240,7 +813,8 @@ libcrux_ml_kem_vector_ntt_multiply( lit9.fst = rhs->elements[(size_t)8U + (size_t)0U]; lit9.snd = rhs->elements[(size_t)8U + (size_t)1U]; K___int16_t_int16_t product3 = - libcrux_ml_kem_vector_ntt_multiply_binomials(lit8, lit9, zeta2); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lit8, lit9, + zeta2); out.elements[(size_t)8U + (size_t)0U] = product3.fst; out.elements[(size_t)8U + (size_t)1U] = product3.snd; K___int16_t_int16_t lit10; @@ -1250,7 +824,8 @@ libcrux_ml_kem_vector_ntt_multiply( lit11.fst = rhs->elements[(size_t)8U + (size_t)2U]; lit11.snd = rhs->elements[(size_t)8U + (size_t)3U]; K___int16_t_int16_t product4 = - libcrux_ml_kem_vector_ntt_multiply_binomials(lit10, lit11, -zeta2); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lit10, lit11, + -zeta2); out.elements[(size_t)8U + (size_t)2U] = product4.fst; out.elements[(size_t)8U + (size_t)3U] = product4.snd; K___int16_t_int16_t lit12; @@ -1260,7 +835,8 @@ libcrux_ml_kem_vector_ntt_multiply( lit13.fst = rhs->elements[(size_t)8U + (size_t)4U]; lit13.snd = rhs->elements[(size_t)8U + (size_t)5U]; K___int16_t_int16_t product5 = - libcrux_ml_kem_vector_ntt_multiply_binomials(lit12, lit13, zeta3); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lit12, lit13, + zeta3); out.elements[(size_t)8U + (size_t)4U] = product5.fst; out.elements[(size_t)8U + (size_t)5U] = product5.snd; K___int16_t_int16_t lit14; @@ -1270,23 +846,25 @@ libcrux_ml_kem_vector_ntt_multiply( lit.fst = rhs->elements[(size_t)8U + (size_t)6U]; lit.snd = rhs->elements[(size_t)8U + (size_t)7U]; K___int16_t_int16_t product6 = - libcrux_ml_kem_vector_ntt_multiply_binomials(lit14, lit, -zeta3); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lit14, lit, + -zeta3); out.elements[(size_t)8U + (size_t)6U] = product6.fst; out.elements[(size_t)8U + (size_t)7U] = product6.snd; return out; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_multiply( - libcrux_ml_kem_vector_portable_PortableVector *lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2, - zeta3); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_multiply( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_portable_ntt_ntt_multiply(lhs, rhs, zeta0, zeta1, + zeta2, zeta3); } -inline void libcrux_ml_kem_vector_serialize_1( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[2U]) { +inline void libcrux_ml_kem_vector_portable_serialize_serialize_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[2U]) { uint8_t result[2U] = {0U}; KRML_MAYBE_FOR8( i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; @@ -1301,17 +879,18 @@ inline void libcrux_ml_kem_vector_serialize_1( memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); } -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_1( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[2U]) { +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[2U]) { uint8_t ret0[2U]; - libcrux_ml_kem_vector_serialize_1(a, ret0); + libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret0); memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t)); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_1(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_PortableVector result = - libcrux_ml_kem_vector_zero(); +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector result = + libcrux_ml_kem_vector_portable_vector_type_zero(); KRML_MAYBE_FOR8(i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; uint8_t *uu____0 = &Eurydice_slice_index( v, (size_t)0U, uint8_t, uint8_t *, uint8_t); @@ -1328,14 +907,15 @@ libcrux_ml_kem_vector_deserialize_1(Eurydice_slice v) { return result; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_1( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_1( Eurydice_slice a) { - return libcrux_ml_kem_vector_deserialize_1(a); + return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); } -inline void libcrux_ml_kem_vector_serialize_4( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[8U]) { +inline void libcrux_ml_kem_vector_portable_serialize_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[8U]) { uint8_t result[8U] = {0U}; result[0U] = (uint32_t)(uint8_t)v.elements[1U] << 4U | (uint32_t)(uint8_t)v.elements[0U]; @@ -1356,17 +936,18 @@ inline void libcrux_ml_kem_vector_serialize_4( memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); } -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_4( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[8U]) { +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]) { uint8_t ret0[8U]; - libcrux_ml_kem_vector_serialize_4(a, ret0); + libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_4(Eurydice_slice bytes) { - libcrux_ml_kem_vector_portable_PortableVector v = - libcrux_ml_kem_vector_zero(); +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 15U); @@ -1418,14 +999,15 @@ libcrux_ml_kem_vector_deserialize_4(Eurydice_slice bytes) { return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_4( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_4( Eurydice_slice a) { - return libcrux_ml_kem_vector_deserialize_4(a); + return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); } -inline void libcrux_ml_kem_vector_serialize_5( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[10U]) { +inline void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]) { uint8_t result[10U] = {0U}; result[0U] = (uint8_t)((v.elements[1U] & (int16_t)7) << 5U | v.elements[0U]); result[1U] = @@ -1456,17 +1038,18 @@ inline void libcrux_ml_kem_vector_serialize_5( memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); } -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_5( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[10U]) { +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]) { uint8_t ret0[10U]; - libcrux_ml_kem_vector_serialize_5(a, ret0); + libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_5(Eurydice_slice bytes) { - libcrux_ml_kem_vector_portable_PortableVector v = - libcrux_ml_kem_vector_zero(); +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 31U); @@ -1557,14 +1140,15 @@ libcrux_ml_kem_vector_deserialize_5(Eurydice_slice bytes) { return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_5( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_5( Eurydice_slice a) { - return libcrux_ml_kem_vector_deserialize_5(a); + return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); } -inline void libcrux_ml_kem_vector_serialize_10( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[20U]) { +inline void libcrux_ml_kem_vector_portable_serialize_serialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[20U]) { uint8_t result[20U] = {0U}; result[0U] = (uint8_t)(v.elements[0U] & (int16_t)255); result[1U] = (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)63) << 2U | @@ -1621,17 +1205,18 @@ inline void libcrux_ml_kem_vector_serialize_10( memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); } -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_10( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[20U]) { +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[20U]) { uint8_t ret0[20U]; - libcrux_ml_kem_vector_serialize_10(a, ret0); + libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_10(Eurydice_slice bytes) { - libcrux_ml_kem_vector_portable_PortableVector result = - libcrux_ml_kem_vector_zero(); +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector result = + libcrux_ml_kem_vector_portable_vector_type_zero(); int16_t uu____0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & (int16_t)3) @@ -1751,14 +1336,15 @@ libcrux_ml_kem_vector_deserialize_10(Eurydice_slice bytes) { return result; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_10( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_10( Eurydice_slice a) { - return libcrux_ml_kem_vector_deserialize_10(a); + return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); } -inline void libcrux_ml_kem_vector_serialize_11( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[22U]) { +inline void libcrux_ml_kem_vector_portable_serialize_serialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[22U]) { uint8_t result[22U] = {0U}; result[0U] = (uint8_t)v.elements[0U]; result[1U] = (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) << 3U | @@ -1815,17 +1401,18 @@ inline void libcrux_ml_kem_vector_serialize_11( memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); } -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_11( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[22U]) { +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[22U]) { uint8_t ret0[22U]; - libcrux_ml_kem_vector_serialize_11(a, ret0); + libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret0); memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_11(Eurydice_slice bytes) { - libcrux_ml_kem_vector_portable_PortableVector result = - libcrux_ml_kem_vector_zero(); +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector result = + libcrux_ml_kem_vector_portable_vector_type_zero(); int16_t uu____0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & (int16_t)7) @@ -1963,14 +1550,15 @@ libcrux_ml_kem_vector_deserialize_11(Eurydice_slice bytes) { return result; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_11( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_11( Eurydice_slice a) { - return libcrux_ml_kem_vector_deserialize_11(a); + return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); } -inline void libcrux_ml_kem_vector_serialize_12( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[24U]) { +inline void libcrux_ml_kem_vector_portable_serialize_serialize_12( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[24U]) { uint8_t result[24U] = {0U}; result[0U] = (uint8_t)(v.elements[0U] & (int16_t)255); result[1U] = @@ -2015,17 +1603,18 @@ inline void libcrux_ml_kem_vector_serialize_12( memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); } -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_12( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[24U]) { +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_12( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[24U]) { uint8_t ret0[24U]; - libcrux_ml_kem_vector_serialize_12(a, ret0); + libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_12(Eurydice_slice bytes) { - libcrux_ml_kem_vector_portable_PortableVector re = - libcrux_ml_kem_vector_zero(); +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector re = + libcrux_ml_kem_vector_portable_vector_type_zero(); int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, @@ -2093,14 +1682,14 @@ libcrux_ml_kem_vector_deserialize_12(Eurydice_slice bytes) { return re; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_12( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_12( Eurydice_slice a) { - return libcrux_ml_kem_vector_deserialize_12(a); + return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a); } -inline size_t libcrux_ml_kem_vector_rej_sample(Eurydice_slice a, - Eurydice_slice result) { +inline size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( + Eurydice_slice a, Eurydice_slice result) { size_t sampled = (size_t)0U; core_slice_iter_Chunks iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( @@ -2175,61 +1764,61 @@ inline size_t libcrux_ml_kem_vector_rej_sample(Eurydice_slice a, } size_t -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___rej_sample( Eurydice_slice a, Eurydice_slice out) { - return libcrux_ml_kem_vector_rej_sample(a, out); + return libcrux_ml_kem_vector_portable_sampling_rej_sample(a, out); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_portable___core__clone__Clone_for_libcrux_ml_kem__vector__portable__PortableVector___clone( - libcrux_ml_kem_vector_portable_PortableVector *self) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type___core__clone__Clone_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___clone( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *self) { return self[0U]; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -ZERO__libcrux_ml_kem_vector_portable_PortableVector(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; lit.coefficients[0U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[1U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[2U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[3U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[4U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[5U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[6U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[7U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[8U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[9U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[10U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[11U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[12U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[13U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[14U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[15U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); return lit; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -2240,11 +1829,11 @@ deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVect (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * (size_t)24U, .end = i0 * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_portable_PortableVector coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_12( + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_12( bytes); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___cond_subtract_3329( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___cond_subtract_3329( coefficient); re.coefficients[i0] = uu____0; } @@ -2252,15 +1841,16 @@ deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVect } static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1568size_t_4size_t( +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1568size_t_4size_t( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2273,9 +1863,9 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( ring_element); deserialized_pk[i0] = uu____0; } @@ -2283,11 +1873,12 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector ret, deserialized_pk, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static inline libcrux_ml_kem_vector_portable_PortableVector -shift_right___15int32_t(libcrux_ml_kem_vector_portable_PortableVector v) { +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +shift_right___15int32_t( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2296,36 +1887,38 @@ shift_right___15int32_t(libcrux_ml_kem_vector_portable_PortableVector v) { return v; } -static libcrux_ml_kem_vector_portable_PortableVector shift_right___15int32_t0( - libcrux_ml_kem_vector_portable_PortableVector v) { +static libcrux_ml_kem_vector_portable_vector_type_PortableVector +shift_right___15int32_t0( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return shift_right___15int32_t(v); } -static libcrux_ml_kem_vector_portable_PortableVector -to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_vector_portable_PortableVector a) { - libcrux_ml_kem_vector_portable_PortableVector t = shift_right___15int32_t0(a); - libcrux_ml_kem_vector_portable_PortableVector fm = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___bitwise_and_with_constant( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector +to_unsigned_representative__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector t = + shift_right___15int32_t0(a); + libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___bitwise_and_with_constant( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + return libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( a, &fm); } static inline void -serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient = - to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_portable_vector_type_PortableVector( re->coefficients[i0]); uint8_t bytes[24U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_12( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_12( coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)384U, serialized, @@ -2341,8 +1934,8 @@ serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVect } static inline void -serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector key[4U], uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2352,13 +1945,13 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536 core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)1536U, out, @@ -2368,7 +1961,7 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536 LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, @@ -2379,8 +1972,8 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536 } static inline void -serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t_1568size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector t_as_ntt[4U], Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; @@ -2389,15 +1982,15 @@ serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536 (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)1536U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1[4U]; memcpy( uu____1, t_as_ntt, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t ret0[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t( + serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t( uu____1, ret0); core_slice___Slice_T___copy_from_slice( uu____0, @@ -2411,23 +2004,23 @@ serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536 memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t_1568size_t( uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector deserialized_pk[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1568size_t_4size_t( + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1568size_t_4size_t( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0[4U]; memcpy( uu____0, deserialized_pk, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( + serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t_1568size_t( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), @@ -2445,19 +2038,20 @@ static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { } static void -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret0[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + ret0[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); memcpy( ret, ret0, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } typedef struct PortableHash____4size_t_s { @@ -2504,7 +2098,7 @@ static inline void shake128_squeeze_three_blocks___4size_t( } static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_4size_t_504size_t( +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_504size_t( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2520,7 +2114,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); size_t sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___rej_sample( uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], @@ -2558,7 +2152,7 @@ static inline void shake128_squeeze_block___4size_t( } static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_4size_t_168size_t( +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_168size_t( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2574,7 +2168,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); size_t sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___rej_sample( uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], @@ -2598,16 +2192,17 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe return done; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +from_i16_array__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + result = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___from_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___from_i16_array( Eurydice_slice_subslice( a, (CLITERAL(core_ops_range_Range__size_t){ @@ -2619,10 +2214,10 @@ from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( return result; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0( +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0( int16_t s[272U]) { - return from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( + return from_i16_array__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_array_to_subslice((size_t)272U, s, (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U}), @@ -2631,9 +2226,9 @@ closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct } static inline void -sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( +sample_from_xof__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; @@ -2645,7 +2240,7 @@ sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha uint8_t uu____1[4U][504U]; memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); bool done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_4size_t_504size_t( + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_504size_t( uu____1, sampled_coefficients, out); while (true) { if (done) { @@ -2656,36 +2251,36 @@ sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha uint8_t uu____2[4U][168U]; memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_4size_t_168size_t( + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_168size_t( uu____2, sampled_coefficients, out); } } int16_t uu____3[4U][272U]; memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret0[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, ret0[i] = - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0( + closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0( uu____3[i]);); memcpy( ret, ret0, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static inline void -sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( +sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[4U][4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[4U][4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; @@ -2698,9 +2293,9 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); uint8_t uu____1[4U][34U]; memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector sampled[4U]; - sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + sample_from_xof__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( uu____1, sampled); for ( size_t i = (size_t)0U; @@ -2708,13 +2303,13 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector sample = sampled[j]; if (transpose) { A_transpose[j][i1] = sample; @@ -2726,16 +2321,16 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha ret, A_transpose, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [4U])); } typedef struct - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector fst[4U]; uint8_t snd; -} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t; static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { @@ -2750,8 +2345,8 @@ static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -sample_from_binomial_distribution_2__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +sample_from_binomial_distribution_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -2793,13 +2388,13 @@ sample_from_binomial_distribution_2__libcrux_ml_kem_vector_portable_PortableVect sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( + return from_i16_array__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -sample_from_binomial_distribution_3__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +sample_from_binomial_distribution_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -2839,76 +2434,77 @@ sample_from_binomial_distribution_3__libcrux_ml_kem_vector_portable_PortableVect sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( + return from_i16_array__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_slice randomness) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0; uu____0 = - sample_from_binomial_distribution_2__libcrux_ml_kem_vector_portable_PortableVector( + sample_from_binomial_distribution_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( randomness); return uu____0; } static inline void -ntt_at_layer_7__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +ntt_at_layer_7__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { size_t j = i; - libcrux_ml_kem_vector_portable_PortableVector t = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector t = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___multiply_by_constant( re->coefficients[j + step], (int16_t)-1600); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___sub( re->coefficients[j], &t); re->coefficients[j + step] = uu____0; - libcrux_ml_kem_vector_portable_PortableVector uu____1 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( re->coefficients[j], &t); re->coefficients[j] = uu____1; } } typedef struct - __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector_s { - libcrux_ml_kem_vector_portable_PortableVector fst; - libcrux_ml_kem_vector_portable_PortableVector snd; -} __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector; - -static libcrux_ml_kem_vector_portable_PortableVector -montgomery_multiply_fe__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t fer) { - return libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( + __libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { + libcrux_ml_kem_vector_portable_vector_type_PortableVector fst; + libcrux_ml_kem_vector_portable_vector_type_PortableVector snd; +} __libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_vector_portable_vector_type_PortableVector; + +static libcrux_ml_kem_vector_portable_vector_type_PortableVector +montgomery_multiply_fe__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { + return libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___montgomery_multiply_by_constant( v, fer); } -static inline __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector -ntt_layer_int_vec_step__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_vector_portable_PortableVector a, - libcrux_ml_kem_vector_portable_PortableVector b, int16_t zeta_r) { - libcrux_ml_kem_vector_portable_PortableVector t = - montgomery_multiply_fe__libcrux_ml_kem_vector_portable_PortableVector( +static inline __libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_vector_portable_vector_type_PortableVector +ntt_layer_int_vec_step__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + libcrux_ml_kem_vector_portable_vector_type_PortableVector b, + int16_t zeta_r) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector t = + montgomery_multiply_fe__libcrux_ml_kem_vector_portable_vector_type_PortableVector( b, zeta_r); - b = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( + b = libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___sub( a, &t); - a = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + a = libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( a, &t); return (CLITERAL( - __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector){ + __libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_vector_portable_vector_type_PortableVector){ .fst = a, .snd = b}); } static inline void -ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( +ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2920,14 +2516,14 @@ ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( size_t step_vec = step / (size_t)16U; for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; - __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector + __libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - ntt_layer_int_vec_step__libcrux_ml_kem_vector_portable_PortableVector( + ntt_layer_int_vec_step__libcrux_ml_kem_vector_portable_vector_type_PortableVector( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R [zeta_i[0U]]); - libcrux_ml_kem_vector_portable_PortableVector x = uu____0.fst; - libcrux_ml_kem_vector_portable_PortableVector y = uu____0.snd; + libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; + libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd; re->coefficients[j] = x; re->coefficients[j + step_vec] = y; } @@ -2935,30 +2531,30 @@ ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( } static inline void -ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector( +ntt_at_layer_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_layer_3_step( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); re->coefficients[round] = uu____0;); } static inline void -ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector( +ntt_at_layer_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_layer_2_step( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + @@ -2967,15 +2563,15 @@ ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector( } static inline void -ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector( +ntt_at_layer_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_layer_1_step( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + @@ -2988,45 +2584,50 @@ ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector( } static inline void -poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +poly_barrett_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___barrett_reduce( self->coefficients[i0]); self->coefficients[i0] = uu____0; } } static inline void -ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { - ntt_at_layer_7__libcrux_ml_kem_vector_portable_PortableVector(re); + ntt_at_layer_7__libcrux_ml_kem_vector_portable_vector_type_PortableVector(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector(re); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + ntt_at_layer_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + re); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re_as_ntt[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + re_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -3040,45 +2641,45 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcru PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____2[4U]; memcpy( uu____2, re_as_ntt, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t lit; memcpy( lit.fst, uu____2, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); lit.snd = domain_separator; return lit; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - out = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + out = ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_multiply( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_multiply( &self->coefficients[i0], &rhs->coefficients[i0], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], @@ -3097,84 +2698,87 @@ ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( } static inline void -add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_PortableVector, Eurydice_slice), - libcrux_ml_kem_vector_portable_PortableVector, size_t); + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + size_t); i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( self->coefficients[i0], &rhs->coefficients[i0]); self->coefficients[i0] = uu____0; } } -static libcrux_ml_kem_vector_portable_PortableVector -to_standard_domain__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_vector_portable_PortableVector v) { - return libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector +to_standard_domain__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___montgomery_multiply_by_constant( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } static inline void -add_standard_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +add_standard_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient_normal_form = - to_standard_domain__libcrux_ml_kem_vector_portable_PortableVector( - self->coefficients[j]); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector + coefficient_normal_form = + to_standard_domain__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + self->coefficients[j]); + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( coefficient_normal_form, &error->coefficients[j])); self->coefficients[j] = uu____0; } } static inline void -compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ( +compute_As_plus_e__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ( *matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector result[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + result[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for ( size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [4U], Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [4U], size_t); i0++) { size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *row = matrix_A[i1]; for ( size_t i = (size_t)0U; @@ -3182,32 +2786,33 @@ compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_4size_t( core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( &result[i1], &product); } - add_standard_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + add_standard_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &result[i1], &error_as_ntt[i1]); } memcpy( ret, result, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static libcrux_ml_kem_utils_extraction_helper_Keypair1024 -generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( +generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___4size_t(key_generation_seed, hashed); @@ -3218,64 +2823,64 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[4U][4U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t domain_separator = uu____2.snd; uint8_t uu____3[33U]; memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( uu____3, domain_separator) .fst, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector t_as_ntt[4U]; - compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + compute_As_plus_e__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____4[4U]; memcpy( uu____4, t_as_ntt, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( + serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t_1568size_t( uu____4, seed_for_A, public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____5[4U]; memcpy( uu____5, secret_as_ntt, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t secret_key_serialized[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t( + serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t( uu____5, secret_key_serialized); uint8_t uu____6[1536U]; memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); @@ -3356,7 +2961,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___ } libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( (size_t)64U, randomness, @@ -3369,7 +2974,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_Portable LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); @@ -3410,15 +3015,16 @@ entropy_preprocess__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_ } static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1536size_t_4size_t( +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1536size_t_4size_t( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -3431,9 +3037,9 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( ring_element); deserialized_pk[i0] = uu____0; } @@ -3441,17 +3047,18 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector ret, deserialized_pk, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_1[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + error_1[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -3465,26 +3072,26 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_m PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____2[4U]; memcpy( uu____2, error_1, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t lit; memcpy( lit.fst, uu____2, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); lit.snd = domain_separator; return lit; } @@ -3499,15 +3106,15 @@ static inline void PRF___4size_t_128size_t(Eurydice_slice input, } static inline void -invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector( +invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___inv_ntt_layer_1_step( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - @@ -3520,15 +3127,15 @@ invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector( } static inline void -invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector( +invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___inv_ntt_layer_2_step( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - @@ -3537,41 +3144,42 @@ invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector( } static inline void -invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector( +invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___inv_ntt_layer_3_step( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); re->coefficients[round] = uu____0;); } -static inline __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector -inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_vector_portable_PortableVector a, - libcrux_ml_kem_vector_portable_PortableVector b, int16_t zeta_r) { - libcrux_ml_kem_vector_portable_PortableVector a_minus_b = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( +static inline __libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_vector_portable_vector_type_PortableVector +inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + libcrux_ml_kem_vector_portable_vector_type_PortableVector b, + int16_t zeta_r) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector a_minus_b = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___sub( b, &a); - a = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + a = libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( a, &b)); - b = montgomery_multiply_fe__libcrux_ml_kem_vector_portable_PortableVector( + b = montgomery_multiply_fe__libcrux_ml_kem_vector_portable_vector_type_PortableVector( a_minus_b, zeta_r); return (CLITERAL( - __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector){ + __libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_vector_portable_vector_type_PortableVector){ .fst = a, .snd = b}); } static inline void -invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( +invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3585,14 +3193,14 @@ invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; - __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector + __libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_portable_PortableVector( + inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R [zeta_i[0U]]); - libcrux_ml_kem_vector_portable_PortableVector x = uu____0.fst; - libcrux_ml_kem_vector_portable_PortableVector y = uu____0.snd; + libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; + libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd; re->coefficients[j] = x; re->coefficients[j + step_vec] = y; } @@ -3600,78 +3208,81 @@ invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( } static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector(re); + poly_barrett_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + re); } static inline void -add_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +add_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( - self->coefficients[j], (int16_t)1441); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector + coefficient_normal_form = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___montgomery_multiply_by_constant( + self->coefficients[j], (int16_t)1441); + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( coefficient_normal_form, &error->coefficients[j])); self->coefficients[j] = uu____0; } } static inline void -compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ( +compute_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ( *a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector result[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + result[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for ( size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [4U], Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [4U], size_t); i0++) { size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *row = a_as_ntt[i1]; for ( size_t i = (size_t)0U; @@ -3679,168 +3290,179 @@ compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t( core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( &result[i1], &product); } - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( &result[i1]); - add_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + add_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &result[i1], &error_1[i1]); } memcpy( ret, result, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static libcrux_ml_kem_vector_portable_PortableVector -decompress_1__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_vector_portable_PortableVector v) { - return libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___bitwise_and_with_constant( - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(), +static libcrux_ml_kem_vector_portable_vector_type_PortableVector +decompress_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___bitwise_and_with_constant( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___sub( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(), &v), (int16_t)1665); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector( uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient_compressed = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_1( - Eurydice_array_to_subslice( - (size_t)32U, serialized, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - decompress_1__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_vector_portable_vector_type_PortableVector + coefficient_compressed = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_1( + Eurydice_array_to_subslice( + (size_t)32U, serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + decompress_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -add_message_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +add_message_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *message, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector result) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( - result.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_portable_PortableVector tmp = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector + coefficient_normal_form = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___montgomery_multiply_by_constant( + result.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( self->coefficients[i0], &message->coefficients[i0]); - libcrux_ml_kem_vector_portable_PortableVector tmp0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( coefficient_normal_form, &tmp); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___barrett_reduce( tmp0); result.coefficients[i0] = uu____0; } return result; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +compute_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + result = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - &t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( &result); result = - add_message_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + add_message_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( error_2, message, result); return result; } -static inline libcrux_ml_kem_vector_portable_PortableVector -compress___10int32_t(libcrux_ml_kem_vector_portable_PortableVector v) { +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +compress___10int32_t( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t uu____0 = libcrux_ml_kem_vector_compress_ciphertext_coefficient( - (uint8_t)(int32_t)10, (uint16_t)v.elements[i0]); + int16_t uu____0 = + libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( + (uint8_t)(int32_t)10, (uint16_t)v.elements[i0]); v.elements[i0] = uu____0; } return v; } -static libcrux_ml_kem_vector_portable_PortableVector compress___10int32_t0( - libcrux_ml_kem_vector_portable_PortableVector v) { +static libcrux_ml_kem_vector_portable_vector_type_PortableVector +compress___10int32_t0( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return compress___10int32_t(v); } -static inline libcrux_ml_kem_vector_portable_PortableVector -compress___11int32_t(libcrux_ml_kem_vector_portable_PortableVector v) { +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +compress___11int32_t( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t uu____0 = libcrux_ml_kem_vector_compress_ciphertext_coefficient( - (uint8_t)(int32_t)11, (uint16_t)v.elements[i0]); + int16_t uu____0 = + libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( + (uint8_t)(int32_t)11, (uint16_t)v.elements[i0]); v.elements[i0] = uu____0; } return v; } -static libcrux_ml_kem_vector_portable_PortableVector compress___11int32_t0( - libcrux_ml_kem_vector_portable_PortableVector v) { +static libcrux_ml_kem_vector_portable_vector_type_PortableVector +compress___11int32_t0( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return compress___11int32_t(v); } static inline void -compress_then_serialize_11__libcrux_ml_kem_vector_portable_PortableVector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_11__libcrux_ml_kem_vector_portable_vector_type_PortableVector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient = + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = compress___11int32_t0( - to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( + to_unsigned_representative__libcrux_ml_kem_vector_portable_vector_type_PortableVector( re->coefficients[i0])); uint8_t bytes[22U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_11( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_11( coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)352U, serialized, @@ -3856,19 +3478,19 @@ compress_then_serialize_11__libcrux_ml_kem_vector_portable_PortableVector_352siz } static inline void -compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11__libcrux_ml_kem_vector_portable_PortableVector_352size_t( + compress_then_serialize_11__libcrux_ml_kem_vector_portable_vector_type_PortableVector_352size_t( re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } static void -compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1408size_t_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector input[4U], Eurydice_slice out) { for ( @@ -3877,13 +3499,13 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice( out, @@ -3892,7 +3514,7 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[352U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t_352size_t( + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_11size_t_352size_t( &re, ret); core_slice___Slice_T___copy_from_slice( uu____0, @@ -3901,37 +3523,40 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t } } -static inline libcrux_ml_kem_vector_portable_PortableVector compress___4int32_t( - libcrux_ml_kem_vector_portable_PortableVector v) { +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +compress___4int32_t( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t uu____0 = libcrux_ml_kem_vector_compress_ciphertext_coefficient( - (uint8_t)(int32_t)4, (uint16_t)v.elements[i0]); + int16_t uu____0 = + libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( + (uint8_t)(int32_t)4, (uint16_t)v.elements[i0]); v.elements[i0] = uu____0; } return v; } -static libcrux_ml_kem_vector_portable_PortableVector compress___4int32_t0( - libcrux_ml_kem_vector_portable_PortableVector v) { +static libcrux_ml_kem_vector_portable_vector_type_PortableVector +compress___4int32_t0( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return compress___4int32_t(v); } static inline void -compress_then_serialize_4__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_4__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient = + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = compress___4int32_t0( - to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( + to_unsigned_representative__libcrux_ml_kem_vector_portable_vector_type_PortableVector( re.coefficients[i0])); uint8_t bytes[8U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_4( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_4( coefficient, bytes); Eurydice_slice uu____0 = Eurydice_slice_subslice( serialized, @@ -3945,37 +3570,40 @@ compress_then_serialize_4__libcrux_ml_kem_vector_portable_PortableVector( } } -static inline libcrux_ml_kem_vector_portable_PortableVector compress___5int32_t( - libcrux_ml_kem_vector_portable_PortableVector v) { +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +compress___5int32_t( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t uu____0 = libcrux_ml_kem_vector_compress_ciphertext_coefficient( - (uint8_t)(int32_t)5, (uint16_t)v.elements[i0]); + int16_t uu____0 = + libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( + (uint8_t)(int32_t)5, (uint16_t)v.elements[i0]); v.elements[i0] = uu____0; } return v; } -static libcrux_ml_kem_vector_portable_PortableVector compress___5int32_t0( - libcrux_ml_kem_vector_portable_PortableVector v) { +static libcrux_ml_kem_vector_portable_vector_type_PortableVector +compress___5int32_t0( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return compress___5int32_t(v); } static inline void -compress_then_serialize_5__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_5__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficients = + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = compress___5int32_t0( - to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( + to_unsigned_representative__libcrux_ml_kem_vector_portable_vector_type_PortableVector( re.coefficients[i0])); uint8_t bytes[10U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_5( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_5( coefficients, bytes); Eurydice_slice uu____0 = Eurydice_slice_subslice( serialized, @@ -3990,102 +3618,102 @@ compress_then_serialize_5__libcrux_ml_kem_vector_portable_PortableVector( } static inline void -compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_5size_t_160size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_5size_t_160size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re, Eurydice_slice out) { - compress_then_serialize_5__libcrux_ml_kem_vector_portable_PortableVector(re, - out); + compress_then_serialize_5__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + re, out); } static void -encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( +encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector t_as_ntt[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1536size_t_4size_t( + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1536size_t_4size_t( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from( public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( ret0, false, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( + sample_ring_element_cbd__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_1[4U]; memcpy( error_1, uu____3.fst, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; PRF___4size_t_128size_t( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u[4U]; - compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + compute_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector( uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - v = compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + v = compute_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + compress_then_serialize_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1408size_t_11size_t_352size_t( uu____5, Eurydice_array_to_subslice( (size_t)1568U, ciphertext, (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_5size_t_160size_t( + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_5size_t_160size_t( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); @@ -4105,7 +3733,7 @@ kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_156 } K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -4151,7 +3779,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -4170,9 +3798,9 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto return lit; } -static inline libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_ciphertext_coefficient___10int32_t( - libcrux_ml_kem_vector_portable_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4185,17 +3813,17 @@ decompress_ciphertext_coefficient___10int32_t( return v; } -static libcrux_ml_kem_vector_portable_PortableVector +static libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_ciphertext_coefficient___10int32_t0( - libcrux_ml_kem_vector_portable_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return decompress_ciphertext_coefficient___10int32_t(v); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_then_decompress_10__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_then_decompress_10__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; @@ -4206,19 +3834,19 @@ deserialize_then_decompress_10__libcrux_ml_kem_vector_portable_PortableVector( (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * (size_t)20U, .end = i0 * (size_t)20U + (size_t)20U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_portable_PortableVector coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_10( bytes); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = decompress_ciphertext_coefficient___10int32_t0(coefficient); re.coefficients[i0] = uu____0; } return re; } -static inline libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_ciphertext_coefficient___11int32_t( - libcrux_ml_kem_vector_portable_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4231,17 +3859,17 @@ decompress_ciphertext_coefficient___11int32_t( return v; } -static libcrux_ml_kem_vector_portable_PortableVector +static libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_ciphertext_coefficient___11int32_t0( - libcrux_ml_kem_vector_portable_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return decompress_ciphertext_coefficient___11int32_t(v); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_then_decompress_11__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_then_decompress_11__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; @@ -4252,56 +3880,61 @@ deserialize_then_decompress_11__libcrux_ml_kem_vector_portable_PortableVector( (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * (size_t)22U, .end = i0 * (size_t)22U + (size_t)22U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_portable_PortableVector coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_11( bytes); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = decompress_ciphertext_coefficient___11int32_t0(coefficient); re.coefficients[i0] = uu____0; } return re; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_11size_t( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0; uu____0 = - deserialize_then_decompress_11__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_then_decompress_11__libcrux_ml_kem_vector_portable_vector_type_PortableVector( serialized); return uu____0; } static inline void -ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +ntt_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_11size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector(re); + ntt_at_layer_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + re); } static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_11size_t( +deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1568size_t_11size_t( uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u_as_ntt[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + u_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, @@ -4322,24 +3955,24 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_4si LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t( + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_11size_t( u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t( + ntt_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_11size_t( &u_as_ntt[i0]); } memcpy( ret, u_as_ntt, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static inline libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_ciphertext_coefficient___4int32_t( - libcrux_ml_kem_vector_portable_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4352,17 +3985,17 @@ decompress_ciphertext_coefficient___4int32_t( return v; } -static libcrux_ml_kem_vector_portable_PortableVector +static libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_ciphertext_coefficient___4int32_t0( - libcrux_ml_kem_vector_portable_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return decompress_ciphertext_coefficient___4int32_t(v); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_then_decompress_4__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_then_decompress_4__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; i++) { @@ -4372,19 +4005,19 @@ deserialize_then_decompress_4__libcrux_ml_kem_vector_portable_PortableVector( (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * (size_t)8U, .end = i0 * (size_t)8U + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_portable_PortableVector coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_4( bytes); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = decompress_ciphertext_coefficient___4int32_t0(coefficient); re.coefficients[i0] = uu____0; } return re; } -static inline libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_ciphertext_coefficient___5int32_t( - libcrux_ml_kem_vector_portable_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4397,17 +4030,17 @@ decompress_ciphertext_coefficient___5int32_t( return v; } -static libcrux_ml_kem_vector_portable_PortableVector +static libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_ciphertext_coefficient___5int32_t0( - libcrux_ml_kem_vector_portable_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return decompress_ciphertext_coefficient___5int32_t(v); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_then_decompress_5__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_then_decompress_5__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; @@ -4418,33 +4051,33 @@ deserialize_then_decompress_5__libcrux_ml_kem_vector_portable_PortableVector( (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * (size_t)10U, .end = i0 * (size_t)10U + (size_t)10U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_5( bytes); re.coefficients[i0] = uu____0; - libcrux_ml_kem_vector_portable_PortableVector uu____1 = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = decompress_ciphertext_coefficient___5int32_t0(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_5size_t( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_5size_t( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0; uu____0 = - deserialize_then_decompress_5__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_then_decompress_5__libcrux_ml_kem_vector_portable_vector_type_PortableVector( serialized); return uu____0; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -4455,8 +4088,8 @@ deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_Portabl (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * (size_t)24U, .end = i0 * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_12( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_12( bytes); re.coefficients[i0] = uu____0; } @@ -4464,15 +4097,16 @@ deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_Portabl } static inline void -deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t( +deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4485,9 +4119,9 @@ deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t( .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -4495,70 +4129,75 @@ deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t( ret, secret_as_ntt, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -subtract_reduce__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +subtract_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( - b.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( + libcrux_ml_kem_vector_portable_vector_type_PortableVector + coefficient_normal_form = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___montgomery_multiply_by_constant( + b.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___sub( self->coefficients[i0], &coefficient_normal_form)); b.coefficients[i0] = uu____0; } return b; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -compute_message__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +compute_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + result = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - &secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( &result); result = - subtract_reduce__libcrux_ml_kem_vector_portable_PortableVector(v, result); + subtract_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + v, result); return result; } static inline void -compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient = - to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_portable_vector_type_PortableVector( re.coefficients[i0]); - libcrux_ml_kem_vector_portable_PortableVector coefficient_compressed = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___compress_1( - coefficient); + libcrux_ml_kem_vector_portable_vector_type_PortableVector + coefficient_compressed = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___compress_1( + coefficient); uint8_t bytes[2U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_1( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_1( coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)32U, serialized, @@ -4573,27 +4212,27 @@ compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector( } static void -decrypt__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( +decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u_as_ntt[4U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_11size_t( + deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1568size_t_11size_t( ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_5size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_5size_t( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector secret_as_ntt[4U]; - deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector message = - compute_message__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + compute_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( &v, secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector( + compress_then_serialize_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector( message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4607,7 +4246,7 @@ static inline void PRF___4size_t_32size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -4632,7 +4271,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array___64size_t( @@ -4673,7 +4312,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( uu____5, uu____6, pseudorandomness, expected_ciphertext); Eurydice_slice uu____7 = libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( @@ -4702,15 +4341,16 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable } static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1184size_t_3size_t( +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1184size_t_3size_t( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4723,9 +4363,9 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( ring_element); deserialized_pk[i0] = uu____0; } @@ -4733,12 +4373,12 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector ret, deserialized_pk, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static inline void -serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector key[3U], uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -4748,13 +4388,13 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152 core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)1152U, out, @@ -4764,7 +4404,7 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152 LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, @@ -4775,8 +4415,8 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152 } static inline void -serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector t_as_ntt[3U], Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; @@ -4785,15 +4425,15 @@ serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152 (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)1152U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1[3U]; memcpy( uu____1, t_as_ntt, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t ret0[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t( + serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t( uu____1, ret0); core_slice___Slice_T___copy_from_slice( uu____0, @@ -4807,23 +4447,23 @@ serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152 memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t_1184size_t( uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector deserialized_pk[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1184size_t_3size_t( + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1184size_t_3size_t( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0[3U]; memcpy( uu____0, deserialized_pk, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( + serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t_1184size_t( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), @@ -4841,19 +4481,20 @@ static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { } static void -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret0[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + ret0[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); memcpy( ret, ret0, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } typedef struct PortableHash____3size_t_s { @@ -4900,7 +4541,7 @@ static inline void shake128_squeeze_three_blocks___3size_t( } static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_3size_t_504size_t( +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_504size_t( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -4916,7 +4557,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); size_t sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___rej_sample( uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], @@ -4954,7 +4595,7 @@ static inline void shake128_squeeze_block___3size_t( } static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_3size_t_168size_t( +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_168size_t( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -4970,7 +4611,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); size_t sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___rej_sample( uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], @@ -4994,10 +4635,10 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe return done; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( int16_t s[272U]) { - return from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( + return from_i16_array__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_array_to_subslice((size_t)272U, s, (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U}), @@ -5006,9 +4647,9 @@ closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct } static inline void -sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( +sample_from_xof__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; @@ -5020,7 +4661,7 @@ sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha uint8_t uu____1[3U][504U]; memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_3size_t_504size_t( + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_504size_t( uu____1, sampled_coefficients, out); while (true) { if (done) { @@ -5031,36 +4672,36 @@ sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha uint8_t uu____2[3U][168U]; memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_3size_t_168size_t( + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_168size_t( uu____2, sampled_coefficients, out); } } int16_t uu____3[3U][272U]; memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret0[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, ret0[i] = - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( + closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( uu____3[i]);); memcpy( ret, ret0, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static inline void -sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( +sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[3U][3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; @@ -5073,9 +4714,9 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); uint8_t uu____1[3U][34U]; memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector sampled[3U]; - sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + sample_from_xof__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( uu____1, sampled); for ( size_t i = (size_t)0U; @@ -5083,13 +4724,13 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector sample = sampled[j]; if (transpose) { A_transpose[j][i1] = sample; @@ -5101,16 +4742,16 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha ret, A_transpose, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [3U])); } typedef struct - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector fst[3U]; uint8_t snd; -} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t; static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { @@ -5125,14 +4766,15 @@ static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); } -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re_as_ntt[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + re_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -5146,84 +4788,86 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcru PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____2[3U]; memcpy( uu____2, re_as_ntt, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t lit; memcpy( lit.fst, uu____2, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); lit.snd = domain_separator; return lit; } static inline void -add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_PortableVector, Eurydice_slice), - libcrux_ml_kem_vector_portable_PortableVector, size_t); + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + size_t); i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( self->coefficients[i0], &rhs->coefficients[i0]); self->coefficients[i0] = uu____0; } } static inline void -compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ( +compute_As_plus_e__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ( *matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector result[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + result[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for ( size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [3U], Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [3U], size_t); i0++) { size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *row = matrix_A[i1]; for ( size_t i = (size_t)0U; @@ -5231,32 +4875,33 @@ compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_3size_t( core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( &result[i1], &product); } - add_standard_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + add_standard_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &result[i1], &error_as_ntt[i1]); } memcpy( ret, result, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static libcrux_ml_kem_utils_extraction_helper_Keypair768 -generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( +generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___3size_t(key_generation_seed, hashed); @@ -5267,64 +4912,64 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t domain_separator = uu____2.snd; uint8_t uu____3[33U]; memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( uu____3, domain_separator) .fst, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector t_as_ntt[3U]; - compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + compute_As_plus_e__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____4[3U]; memcpy( uu____4, t_as_ntt, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( + serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t_1184size_t( uu____4, seed_for_A, public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____5[3U]; memcpy( uu____5, secret_as_ntt, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t secret_key_serialized[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t( + serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t( uu____5, secret_key_serialized); uint8_t uu____6[1152U]; memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); @@ -5405,7 +5050,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___ } libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( (size_t)64U, randomness, @@ -5418,7 +5063,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_Portable LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); @@ -5459,15 +5104,16 @@ entropy_preprocess__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_ } static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1152size_t_3size_t( +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1152size_t_3size_t( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5480,9 +5126,9 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( ring_element); deserialized_pk[i0] = uu____0; } @@ -5490,17 +5136,18 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector ret, deserialized_pk, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_1[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + error_1[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -5514,26 +5161,26 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_m PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____2[3U]; memcpy( uu____2, error_1, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t lit; memcpy( lit.fst, uu____2, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); lit.snd = domain_separator; return lit; } @@ -5548,58 +5195,60 @@ static inline void PRF___3size_t_128size_t(Eurydice_slice input, } static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector(re); + poly_barrett_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + re); } static inline void -compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ( +compute_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ( *a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector result[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + result[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for ( size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [3U], Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [3U], size_t); i0++) { size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *row = a_as_ntt[i1]; for ( size_t i = (size_t)0U; @@ -5607,74 +5256,77 @@ compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t( core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( &result[i1], &product); } - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( &result[i1]); - add_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + add_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &result[i1], &error_1[i1]); } memcpy( ret, result, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +compute_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + result = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - &t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( &result); result = - add_message_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + add_message_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( error_2, message, result); return result; } static inline void -compress_then_serialize_10__libcrux_ml_kem_vector_portable_PortableVector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_10__libcrux_ml_kem_vector_portable_vector_type_PortableVector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient = + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = compress___10int32_t0( - to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( + to_unsigned_representative__libcrux_ml_kem_vector_portable_vector_type_PortableVector( re->coefficients[i0])); uint8_t bytes[20U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_10( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_10( coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)320U, serialized, @@ -5690,19 +5342,19 @@ compress_then_serialize_10__libcrux_ml_kem_vector_portable_PortableVector_320siz } static inline void -compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10__libcrux_ml_kem_vector_portable_PortableVector_320size_t( + compress_then_serialize_10__libcrux_ml_kem_vector_portable_vector_type_PortableVector_320size_t( re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } static void -compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t_960size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector input[3U], Eurydice_slice out) { for ( @@ -5711,13 +5363,13 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice( out, @@ -5726,7 +5378,7 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t_320size_t( + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_10size_t_320size_t( &re, ret); core_slice___Slice_T___copy_from_slice( uu____0, @@ -5736,102 +5388,102 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t } static inline void -compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re, Eurydice_slice out) { - compress_then_serialize_4__libcrux_ml_kem_vector_portable_PortableVector(re, - out); + compress_then_serialize_4__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + re, out); } static void -encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( +encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector t_as_ntt[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1152size_t_3size_t( + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1152size_t_3size_t( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from( public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( ret0, false, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + sample_ring_element_cbd__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_1[3U]; memcpy( error_1, uu____3.fst, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; PRF___3size_t_128size_t( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u[3U]; - compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + compute_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector( uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - v = compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + v = compute_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + compress_then_serialize_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_960size_t_10size_t_320size_t( uu____5, Eurydice_array_to_subslice( (size_t)1088U, ciphertext, (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t_128size_t( + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_128size_t( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -5851,7 +5503,7 @@ kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_108 } K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -5897,7 +5549,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5916,46 +5568,51 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto return lit; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_10size_t( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0; uu____0 = - deserialize_then_decompress_10__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_then_decompress_10__libcrux_ml_kem_vector_portable_vector_type_PortableVector( serialized); return uu____0; } static inline void -ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +ntt_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector(re); + ntt_at_layer_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + re); } static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_10size_t( +deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1088size_t_10size_t( uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u_as_ntt[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + u_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, @@ -5976,42 +5633,43 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_3si LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t( + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_10size_t( u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t( + ntt_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_10size_t( &u_as_ntt[i0]); } memcpy( ret, u_as_ntt, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0; uu____0 = - deserialize_then_decompress_4__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_then_decompress_4__libcrux_ml_kem_vector_portable_vector_type_PortableVector( serialized); return uu____0; } static inline void -deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t( +deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector secret_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6024,9 +5682,9 @@ deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t( .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -6034,55 +5692,58 @@ deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t( ret, secret_as_ntt, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -compute_message__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +compute_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + result = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - &secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( &result); result = - subtract_reduce__libcrux_ml_kem_vector_portable_PortableVector(v, result); + subtract_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + v, result); return result; } static void -decrypt__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( +decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u_as_ntt[3U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_10size_t( + deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1088size_t_10size_t( ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector secret_as_ntt[3U]; - deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector message = - compute_message__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + compute_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( &v, secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector( + compress_then_serialize_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector( message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6096,7 +5757,7 @@ static inline void PRF___3size_t_32size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = @@ -6120,7 +5781,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( + decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array___64size_t( @@ -6161,7 +5822,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( uu____5, uu____6, pseudorandomness, expected_ciphertext); Eurydice_slice uu____7 = libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( @@ -6190,15 +5851,16 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable } static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_800size_t_2size_t( +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_800size_t_2size_t( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6211,9 +5873,9 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( ring_element); deserialized_pk[i0] = uu____0; } @@ -6221,12 +5883,12 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector ret, deserialized_pk, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static inline void -serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector key[2U], uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -6236,13 +5898,13 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768s core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)768U, out, @@ -6252,7 +5914,7 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768s LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, @@ -6263,8 +5925,8 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768s } static inline void -serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_800size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector t_as_ntt[2U], Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; @@ -6273,15 +5935,15 @@ serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768s (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)768U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1[2U]; memcpy( uu____1, t_as_ntt, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t ret0[768U]; - serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t( + serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t( uu____1, ret0); core_slice___Slice_T___copy_from_slice( uu____0, @@ -6295,23 +5957,23 @@ serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768s memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_800size_t( uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector deserialized_pk[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_800size_t_2size_t( + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_800size_t_2size_t( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0[2U]; memcpy( uu____0, deserialized_pk, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( + serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_800size_t( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), @@ -6329,19 +5991,20 @@ static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { } static void -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret0[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + ret0[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); memcpy( ret, ret0, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } typedef struct PortableHash____2size_t_s { @@ -6388,7 +6051,7 @@ static inline void shake128_squeeze_three_blocks___2size_t( } static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_2size_t_504size_t( +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_504size_t( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6404,7 +6067,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); size_t sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___rej_sample( uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], @@ -6442,7 +6105,7 @@ static inline void shake128_squeeze_block___2size_t( } static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_2size_t_168size_t( +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_168size_t( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6458,7 +6121,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); size_t sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___rej_sample( uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], @@ -6482,10 +6145,10 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe return done; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0( +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0( int16_t s[272U]) { - return from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( + return from_i16_array__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_array_to_subslice((size_t)272U, s, (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U}), @@ -6494,9 +6157,9 @@ closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct } static inline void -sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( +sample_from_xof__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; @@ -6508,7 +6171,7 @@ sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha uint8_t uu____1[2U][504U]; memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); bool done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_2size_t_504size_t( + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_504size_t( uu____1, sampled_coefficients, out); while (true) { if (done) { @@ -6519,36 +6182,36 @@ sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha uint8_t uu____2[2U][168U]; memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_2size_t_168size_t( + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_168size_t( uu____2, sampled_coefficients, out); } } int16_t uu____3[2U][272U]; memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret0[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, ret0[i] = - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0( + closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0( uu____3[i]);); memcpy( ret, ret0, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static inline void -sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( +sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[2U][2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[2U][2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; @@ -6561,9 +6224,9 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); uint8_t uu____1[2U][34U]; memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector sampled[2U]; - sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + sample_from_xof__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( uu____1, sampled); for ( size_t i = (size_t)0U; @@ -6571,13 +6234,13 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector sample = sampled[j]; if (transpose) { A_transpose[j][i1] = sample; @@ -6589,16 +6252,16 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha ret, A_transpose, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [2U])); } typedef struct - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t__uint8_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector fst[2U]; uint8_t snd; -} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t__uint8_t; static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { @@ -6613,25 +6276,26 @@ static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_3size_t( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( Eurydice_slice randomness) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0; uu____0 = - sample_from_binomial_distribution_3__libcrux_ml_kem_vector_portable_PortableVector( + sample_from_binomial_distribution_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( randomness); return uu____0; } -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re_as_ntt[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + re_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -6645,84 +6309,86 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcru PRFxN___2size_t_192size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____2[2U]; memcpy( uu____2, re_as_ntt, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t__uint8_t lit; memcpy( lit.fst, uu____2, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); lit.snd = domain_separator; return lit; } static inline void -add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_PortableVector, Eurydice_slice), - libcrux_ml_kem_vector_portable_PortableVector, size_t); + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + size_t); i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( self->coefficients[i0], &rhs->coefficients[i0]); self->coefficients[i0] = uu____0; } } static inline void -compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ( +compute_As_plus_e__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ( *matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector result[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + result[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for ( size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [2U], Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [2U], size_t); i0++) { size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *row = matrix_A[i1]; for ( size_t i = (size_t)0U; @@ -6730,32 +6396,33 @@ compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_2size_t( core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( &result[i1], &product); } - add_standard_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + add_standard_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &result[i1], &error_as_ntt[i1]); } memcpy( ret, result, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static libcrux_ml_kem_utils_extraction_helper_Keypair512 -generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( +generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___2size_t(key_generation_seed, hashed); @@ -6766,64 +6433,64 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[2U][2U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t__uint8_t uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t domain_separator = uu____2.snd; uint8_t uu____3[33U]; memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( uu____3, domain_separator) .fst, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector t_as_ntt[2U]; - compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + compute_As_plus_e__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____4[2U]; memcpy( uu____4, t_as_ntt, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( + serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_800size_t( uu____4, seed_for_A, public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____5[2U]; memcpy( uu____5, secret_as_ntt, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t secret_key_serialized[768U]; - serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t( + serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t( uu____5, secret_key_serialized); uint8_t uu____6[768U]; memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); @@ -6904,7 +6571,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___ } libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( (size_t)64U, randomness, @@ -6917,7 +6584,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_Portable LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); @@ -6958,15 +6625,16 @@ entropy_preprocess__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_ } static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_768size_t_2size_t( +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_768size_t_2size_t( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6979,9 +6647,9 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( ring_element); deserialized_pk[i0] = uu____0; } @@ -6989,7 +6657,7 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector ret, deserialized_pk, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], @@ -7005,14 +6673,15 @@ static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); } -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_1[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + error_1[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -7026,26 +6695,26 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_m PRFxN___2size_t_128size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____2[2U]; memcpy( uu____2, error_1, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t__uint8_t lit; memcpy( lit.fst, uu____2, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); lit.snd = domain_separator; return lit; } @@ -7060,58 +6729,60 @@ static inline void PRF___2size_t_128size_t(Eurydice_slice input, } static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector(re); + poly_barrett_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + re); } static inline void -compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ( +compute_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ( *a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector result[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + result[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for ( size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [2U], Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [2U], size_t); i0++) { size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *row = a_as_ntt[i1]; for ( size_t i = (size_t)0U; @@ -7119,62 +6790,65 @@ compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t( core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( &result[i1], &product); } - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( &result[i1]); - add_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + add_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &result[i1], &error_1[i1]); } memcpy( ret, result, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +compute_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + result = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - &t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( &result); result = - add_message_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + add_message_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( error_2, message, result); return result; } static void -compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t_640size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector input[2U], Eurydice_slice out) { for ( @@ -7183,13 +6857,13 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice( out, @@ -7198,7 +6872,7 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t_320size_t( + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_10size_t_320size_t( &re, ret); core_slice___Slice_T___copy_from_slice( uu____0, @@ -7208,93 +6882,93 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t } static void -encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( +encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector t_as_ntt[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_768size_t_2size_t( + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_768size_t_2size_t( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from( public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( ret0, false, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t__uint8_t uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t__uint8_t uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( + sample_ring_element_cbd__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_1[2U]; memcpy( error_1, uu____3.fst, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; PRF___2size_t_128size_t( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u[2U]; - compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + compute_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector( uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - v = compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + v = compute_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + compress_then_serialize_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_640size_t_10size_t_320size_t( uu____5, Eurydice_array_to_subslice( (size_t)768U, ciphertext, (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t_128size_t( + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_128size_t( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); @@ -7314,7 +6988,7 @@ kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768 } K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -7360,7 +7034,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -7380,15 +7054,16 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto } static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_10size_t( +deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_10size_t( uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u_as_ntt[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + u_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, @@ -7409,31 +7084,32 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_2si LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t( + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_10size_t( u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t( + ntt_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_10size_t( &u_as_ntt[i0]); } memcpy( ret, u_as_ntt, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static inline void -deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t( +deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7446,9 +7122,9 @@ deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t( .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -7456,55 +7132,58 @@ deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t( ret, secret_as_ntt, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -compute_message__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +compute_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + result = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - &secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( &result); result = - subtract_reduce__libcrux_ml_kem_vector_portable_PortableVector(v, result); + subtract_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + v, result); return result; } static void -decrypt__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( +decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u_as_ntt[2U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_10size_t( + deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_10size_t( ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector secret_as_ntt[2U]; - deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector message = - compute_message__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + compute_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( &v, secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector( + compress_then_serialize_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector( message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7518,7 +7197,7 @@ static inline void PRF___2size_t_32size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]) { @@ -7543,7 +7222,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( + decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array___64size_t( @@ -7584,7 +7263,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( uu____5, uu____6, pseudorandomness, expected_ciphertext); Eurydice_slice uu____7 = libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 7d4843f6c..7161ffacf 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_mlkem_portable_H @@ -27,288 +27,306 @@ extern "C" { #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ (62209U) -extern const uint8_t - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U] - [16U]; - -typedef struct libcrux_ml_kem_vector_portable_PortableVector_s { +typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { int16_t elements[16U]; -} libcrux_ml_kem_vector_portable_PortableVector; +} libcrux_ml_kem_vector_portable_vector_type_PortableVector; -libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_zero(void); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO( void); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_from_i16_array(Eurydice_slice array); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_from_i16_array(Eurydice_slice array); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___from_i16_array( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___from_i16_array( Eurydice_slice array); -libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_add( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs); -libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_sub( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_sub( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___sub( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___bitwise_and_with_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_cond_subtract_3329( - libcrux_ml_kem_vector_portable_PortableVector v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___cond_subtract_3329( - libcrux_ml_kem_vector_portable_PortableVector v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___cond_subtract_3329( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v); -#define LIBCRUX_ML_KEM_VECTOR_BARRETT_MULTIPLIER ((int32_t)20159) +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int32_t)20159) -#define LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT ((int32_t)26) +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT ((int32_t)26) -#define LIBCRUX_ML_KEM_VECTOR_BARRETT_R \ - ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT) +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R \ + ((int32_t)1 << (uint32_t) \ + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) -int16_t libcrux_ml_kem_vector_barrett_reduce_element(int16_t value); +int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + int16_t value); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_barrett_reduce( - libcrux_ml_kem_vector_portable_PortableVector v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( - libcrux_ml_kem_vector_portable_PortableVector v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v); -#define LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT (16U) +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT (16U) -#define LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_R \ - ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT) +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_R \ + ((int32_t)1 << (uint32_t) \ + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) -int16_t libcrux_ml_kem_vector_montgomery_reduce_element(int32_t value); +int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + int32_t value); -int16_t libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(int16_t fe, - int16_t fer); +int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + int16_t fe, int16_t fer); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t r); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___montgomery_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r); -uint8_t libcrux_ml_kem_vector_compress_message_coefficient(uint16_t fe); +uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( + uint16_t fe); -libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_compress_1( - libcrux_ml_kem_vector_portable_PortableVector v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_compress_compress_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___compress_1( - libcrux_ml_kem_vector_portable_PortableVector v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___compress_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v); -uint32_t libcrux_ml_kem_vector_get_n_least_significant_bits(uint8_t n, - uint32_t value); +uint32_t libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( + uint8_t n, uint32_t value); -int16_t libcrux_ml_kem_vector_compress_ciphertext_coefficient( +int16_t libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( uint8_t coefficient_bits, uint16_t fe); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, int16_t zeta1); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, int16_t zeta1); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta); typedef struct K___int16_t_int16_t_s { int16_t fst; int16_t snd; } K___int16_t_int16_t; -K___int16_t_int16_t libcrux_ml_kem_vector_ntt_multiply_binomials( +K___int16_t_int16_t libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( K___int16_t_int16_t _, K___int16_t_int16_t _0, int16_t zeta); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_ntt_multiply( - libcrux_ml_kem_vector_portable_PortableVector *lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_multiply( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_multiply( - libcrux_ml_kem_vector_portable_PortableVector *lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_multiply( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -void libcrux_ml_kem_vector_serialize_1( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[2U]); +void libcrux_ml_kem_vector_portable_serialize_serialize_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[2U]); -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_1( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[2U]); +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[2U]); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_1(Eurydice_slice v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_1( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_1( Eurydice_slice a); -void libcrux_ml_kem_vector_serialize_4( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[8U]); +void libcrux_ml_kem_vector_portable_serialize_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[8U]); -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_4( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[8U]); +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_4(Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_4( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_4( Eurydice_slice a); -void libcrux_ml_kem_vector_serialize_5( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[10U]); +void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]); -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_5( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[10U]); +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_5(Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_5( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_5( Eurydice_slice a); -void libcrux_ml_kem_vector_serialize_10( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[20U]); +void libcrux_ml_kem_vector_portable_serialize_serialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[20U]); -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_10( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[20U]); +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[20U]); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_10(Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_10( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_10( Eurydice_slice a); -void libcrux_ml_kem_vector_serialize_11( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[22U]); +void libcrux_ml_kem_vector_portable_serialize_serialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[22U]); -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_11( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[22U]); +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[22U]); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_11(Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_11( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_11( Eurydice_slice a); -void libcrux_ml_kem_vector_serialize_12( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[24U]); +void libcrux_ml_kem_vector_portable_serialize_serialize_12( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[24U]); -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_12( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[24U]); +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_12( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[24U]); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_12(Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_12( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_12( Eurydice_slice a); -size_t libcrux_ml_kem_vector_rej_sample(Eurydice_slice a, - Eurydice_slice result); +size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( + Eurydice_slice a, Eurydice_slice result); size_t -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___rej_sample( Eurydice_slice a, Eurydice_slice out); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_portable___core__clone__Clone_for_libcrux_ml_kem__vector__portable__PortableVector___clone( - libcrux_ml_kem_vector_portable_PortableVector *self); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type___core__clone__Clone_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___clone( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *self); typedef struct - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_s { - libcrux_ml_kem_vector_portable_PortableVector coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 21f3d5702..3f2613c81 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 9f8d2d177..3c4230c09 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -1,2036 +1,111 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ -#include "internal/libcrux_sha3_avx2.h" +#include "libcrux_sha3_avx2.h" #include "internal/libcrux_core.h" -static inline core_core_arch_x86___m256i zero(void) { - return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); -} - -static inline core_core_arch_x86___m256i _veor5q_u64( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); - core_core_arch_x86___m256i abcd = - libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); - return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); -} - -static inline core_core_arch_x86___m256i xor5(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, - core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - return _veor5q_u64(a, b, c, d, e); -} - -static inline core_core_arch_x86___m256i rotate_left___1int32_t_63int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)1, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)63, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vrax1q_u64( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i uu____0 = a; - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, rotate_left___1int32_t_63int32_t(b)); -} - -static inline core_core_arch_x86___m256i rotate_left1_and_xor( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vrax1q_u64(a, b); -} - -static inline core_core_arch_x86___m256i _vbcaxq_u64( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { - core_core_arch_x86___m256i uu____0 = a; - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); -} - -static inline core_core_arch_x86___m256i and_not_xor( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { - return _vbcaxq_u64(a, b, c); -} - -static inline core_core_arch_x86___m256i _veorq_n_u64( - core_core_arch_x86___m256i a, uint64_t c) { - core_core_arch_x86___m256i c0 = - libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); - return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); -} - -static inline core_core_arch_x86___m256i xor_constant( - core_core_arch_x86___m256i a, uint64_t c) { - return _veorq_n_u64(a, c); -} - -static inline core_core_arch_x86___m256i xor0(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); -} - -static inline void slice_4(Eurydice_slice a[4U], size_t start, size_t len, - Eurydice_slice ret[4U]) { - Eurydice_slice uu____0 = Eurydice_slice_subslice( - a[0U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - a[1U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - a[2U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - ret[0U] = uu____0; - ret[1U] = uu____1; - ret[2U] = uu____2; - ret[3U] = Eurydice_slice_subslice(a[3U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + len}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice); -} - -static inline void slice_n(Eurydice_slice a[4U], size_t start, size_t len, - Eurydice_slice ret[4U]) { - Eurydice_slice uu____0[4U]; - memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[4U]; - slice_4(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); -} - -static inline K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ -split_at_mut_4(Eurydice_slice out[4U], size_t mid) { - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - Eurydice_slice out2 = out[2U]; - Eurydice_slice out3 = out[3U]; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at_mut( - out0, mid, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at_mut( - out1, mid, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = - core_slice___Slice_T___split_at_mut( - out2, mid, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out20 = uu____2.fst; - Eurydice_slice out21 = uu____2.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = - core_slice___Slice_T___split_at_mut( - out3, mid, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out30 = uu____3.fst; - Eurydice_slice out31 = uu____3.snd; - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.fst[2U] = out20; - lit.fst[3U] = out30; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - lit.snd[2U] = out21; - lit.snd[3U] = out31; - return lit; -} - -static inline K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ -split_at_mut_n(Eurydice_slice a[4U], size_t mid) { - return split_at_mut_4(a, mid); -} - -static inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -new__core_core_arch_x86___m256i_4size_t(void) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - lit; - lit.st[0U][0U] = zero(); - lit.st[0U][1U] = zero(); - lit.st[0U][2U] = zero(); - lit.st[0U][3U] = zero(); - lit.st[0U][4U] = zero(); - lit.st[1U][0U] = zero(); - lit.st[1U][1U] = zero(); - lit.st[1U][2U] = zero(); - lit.st[1U][3U] = zero(); - lit.st[1U][4U] = zero(); - lit.st[2U][0U] = zero(); - lit.st[2U][1U] = zero(); - lit.st[2U][2U] = zero(); - lit.st[2U][3U] = zero(); - lit.st[2U][4U] = zero(); - lit.st[3U][0U] = zero(); - lit.st[3U][1U] = zero(); - lit.st[3U][2U] = zero(); - lit.st[3U][3U] = zero(); - lit.st[3U][4U] = zero(); - lit.st[4U][0U] = zero(); - lit.st[4U][1U] = zero(); - lit.st[4U][2U] = zero(); - lit.st[4U][3U] = zero(); - lit.st[4U][4U] = zero(); - return lit; -} - -static inline void load_block___136size_t(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice blocks[4U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[2U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[3U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____0 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; - core_core_arch_x86___m256i uu____1 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = uu____1; - core_core_arch_x86___m256i uu____2 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = uu____2; - core_core_arch_x86___m256i uu____3 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = uu____3; - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice(blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice(blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice(blocks[2U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice(blocks[3U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - core_core_arch_x86___m256i uu____8 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - s[i0][j0] = uu____8; - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____9 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____9, - Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start + (size_t)8U, .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____10 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____10, - Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start + (size_t)8U, .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____11 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____11, - Eurydice_slice_subslice( - blocks[2U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start + (size_t)8U, .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____12 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____12, - Eurydice_slice_subslice( - blocks[3U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start + (size_t)8U, .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); - size_t i = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - core_core_arch_x86___m256i uu____13 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - s[i][j] = uu____13; - } -} - -static inline void load_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], - Eurydice_slice b[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); - load_block___136size_t(uu____0, uu____1); -} - -static inline core_core_arch_x86___m256i rotate_left___36int32_t_28int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)36, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)28, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___36int32_t_28int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___36int32_t_28int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___36int32_t_28int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___36int32_t_28int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___3int32_t_61int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)3, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)61, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___3int32_t_61int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___3int32_t_61int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___3int32_t_61int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___3int32_t_61int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___41int32_t_23int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)41, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)23, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___41int32_t_23int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___41int32_t_23int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___41int32_t_23int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___41int32_t_23int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___18int32_t_46int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)18, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)46, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___18int32_t_46int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___18int32_t_46int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___18int32_t_46int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___18int32_t_46int32_t(a, b); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___1int32_t_63int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___1int32_t_63int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___1int32_t_63int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___1int32_t_63int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___44int32_t_20int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)44, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)20, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___44int32_t_20int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___44int32_t_20int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___44int32_t_20int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___44int32_t_20int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___10int32_t_54int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)10, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)54, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___10int32_t_54int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___10int32_t_54int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___10int32_t_54int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___10int32_t_54int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___45int32_t_19int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)45, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)19, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___45int32_t_19int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___45int32_t_19int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___45int32_t_19int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___45int32_t_19int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___2int32_t_62int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)2, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)62, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___2int32_t_62int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___2int32_t_62int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___2int32_t_62int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___2int32_t_62int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___62int32_t_2int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)62, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)2, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___62int32_t_2int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___62int32_t_2int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___62int32_t_2int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___62int32_t_2int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___6int32_t_58int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)6, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)58, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___6int32_t_58int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___6int32_t_58int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___6int32_t_58int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___6int32_t_58int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___43int32_t_21int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)43, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)21, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___43int32_t_21int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___43int32_t_21int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___43int32_t_21int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___43int32_t_21int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___15int32_t_49int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)15, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)49, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___15int32_t_49int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___15int32_t_49int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___15int32_t_49int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___15int32_t_49int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___61int32_t_3int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)61, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)3, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___61int32_t_3int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___61int32_t_3int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___61int32_t_3int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___61int32_t_3int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___28int32_t_36int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)28, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)36, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___28int32_t_36int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___28int32_t_36int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___28int32_t_36int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___28int32_t_36int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___55int32_t_9int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)55, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)9, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___55int32_t_9int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___55int32_t_9int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___55int32_t_9int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___55int32_t_9int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___25int32_t_39int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)25, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)39, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___25int32_t_39int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___25int32_t_39int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___25int32_t_39int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___25int32_t_39int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___21int32_t_43int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)21, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)43, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___21int32_t_43int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___21int32_t_43int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___21int32_t_43int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___21int32_t_43int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___56int32_t_8int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)56, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)8, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___56int32_t_8int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___56int32_t_8int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___56int32_t_8int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___56int32_t_8int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___27int32_t_37int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)27, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)37, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___27int32_t_37int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___27int32_t_37int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___27int32_t_37int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___27int32_t_37int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___20int32_t_44int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)20, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)44, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___20int32_t_44int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___20int32_t_44int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___20int32_t_44int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___20int32_t_44int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___39int32_t_25int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)39, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)25, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___39int32_t_25int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___39int32_t_25int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___39int32_t_25int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___39int32_t_25int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___8int32_t_56int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)8, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)56, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___8int32_t_56int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___8int32_t_56int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___8int32_t_56int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___8int32_t_56int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___14int32_t_50int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)14, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)50, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___14int32_t_50int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___14int32_t_50int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___14int32_t_50int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___14int32_t_50int32_t(a, b); -} - -static inline void theta_rho__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s) { - core_core_arch_x86___m256i uu____0 = - xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]); - core_core_arch_x86___m256i uu____1 = - xor5(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]); - core_core_arch_x86___m256i uu____2 = - xor5(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]); - core_core_arch_x86___m256i uu____3 = - xor5(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]); - core_core_arch_x86___m256i c[5U] = { - uu____0, uu____1, uu____2, uu____3, - xor5(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_x86___m256i uu____4 = - rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____5 = - rotate_left1_and_xor(c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____6 = - rotate_left1_and_xor(c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____7 = - rotate_left1_and_xor(c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i t[5U] = { - uu____4, uu____5, uu____6, uu____7, - rotate_left1_and_xor(c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - core_core_arch_x86___m256i uu____8 = xor0(s->st[0U][0U], t[0U]); - s->st[0U][0U] = uu____8; - core_core_arch_x86___m256i uu____9 = - xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____9; - core_core_arch_x86___m256i uu____10 = - xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____10; - core_core_arch_x86___m256i uu____11 = - xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____11; - core_core_arch_x86___m256i uu____12 = - xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____12; - core_core_arch_x86___m256i uu____13 = - xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____13; - core_core_arch_x86___m256i uu____14 = - xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____14; - core_core_arch_x86___m256i uu____15 = - xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____15; - core_core_arch_x86___m256i uu____16 = - xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____16; - core_core_arch_x86___m256i uu____17 = - xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____17; - core_core_arch_x86___m256i uu____18 = - xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____18; - core_core_arch_x86___m256i uu____19 = - xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____19; - core_core_arch_x86___m256i uu____20 = - xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____20; - core_core_arch_x86___m256i uu____21 = - xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____21; - core_core_arch_x86___m256i uu____22 = - xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____22; - core_core_arch_x86___m256i uu____23 = - xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____23; - core_core_arch_x86___m256i uu____24 = - xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____24; - core_core_arch_x86___m256i uu____25 = - xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____25; - core_core_arch_x86___m256i uu____26 = - xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____26; - core_core_arch_x86___m256i uu____27 = - xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____27; - core_core_arch_x86___m256i uu____28 = - xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____28; - core_core_arch_x86___m256i uu____29 = - xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____29; - core_core_arch_x86___m256i uu____30 = - xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____30; - core_core_arch_x86___m256i uu____31 = - xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____31; - core_core_arch_x86___m256i uu____32 = - xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____32; -} - -static inline void pi__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s) { - core_core_arch_x86___m256i old[5U][5U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)5U, s->st, old, core_core_arch_x86___m256i[5U], void *); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -static inline void chi__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); - KRML_MAYBE_FOR5( - i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; - KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; - core_core_arch_x86___m256i uu____0 = and_not_xor( - s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - s->st[i1][j] = uu____0;);); -} - -static inline void iota__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - size_t i) { - core_core_arch_x86___m256i uu____0 = xor_constant( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); - s->st[0U][0U] = uu____0; -} - -static inline void keccakf1600__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - theta_rho__core_core_arch_x86___m256i_4size_t(s); - pi__core_core_arch_x86___m256i_4size_t(s); - chi__core_core_arch_x86___m256i_4size_t(s); - iota__core_core_arch_x86___m256i_4size_t(s, i0); - } -} - -static inline void absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice blocks[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - load_block___136size_t0(uu____0, uu____1); - keccakf1600__core_core_arch_x86___m256i_4size_t(s); -} - -static inline void load_block_full___136size_t( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice); - Eurydice_slice buf[4U] = {uu____1, uu____2, uu____3, - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; - load_block___136size_t(uu____0, buf); -} - -static inline void load_block_full___136size_t0( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full___136size_t(uu____0, uu____1); -} - -static inline void -absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = {{0U}}; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], - uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)136U - (size_t)1U] = - (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); - core_core_arch_x86___m256i(*uu____1)[5U] = s->st; - uint8_t uu____2[4U][200U]; - memcpy(uu____2, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full___136size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_x86___m256i_4size_t(s); -} - -static inline void store_block___136size_t(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice out[4U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[2U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[3U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; +inline void libcrux_sha3_avx2_x4_shake256( + Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, + Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, + Eurydice_slice out2, Eurydice_slice out3) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - out[0U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice((size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - out[1U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice((size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)8U, .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice( - out[2U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice((size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U, .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_slice_subslice( - out[3U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice((size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)24U, .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - size_t i = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - Eurydice_slice uu____5 = - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); - Eurydice_slice uu____6 = Eurydice_slice_subslice( - out[0U], - (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_subslice((size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_slice_subslice( - out[1U], - (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____8 = Eurydice_slice_subslice( - out[2U], - (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____8, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____9 = Eurydice_slice_subslice( - out[3U], - (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____9, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void store_block_full___136size_t( - core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - uint8_t out2[200U] = {0U}; - uint8_t out3[200U] = {0U}; - core_core_arch_x86___m256i(*uu____0)[5U] = s; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice); - Eurydice_slice buf[4U] = { - uu____1, uu____2, uu____3, - Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; - store_block___136size_t(uu____0, buf); - uint8_t uu____4[200U]; - memcpy(uu____4, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____5[200U]; - memcpy(uu____5, out1, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____6[200U]; - memcpy(uu____6, out2, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____7[200U]; - memcpy(uu____7, out3, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____4, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____5, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[2U], uu____6, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[3U], uu____7, (size_t)200U * sizeof(uint8_t)); -} - -static inline void store_block_full___136size_t0( - core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { - uint8_t ret0[4U][200U]; - store_block_full___136size_t(a, ret0); - memcpy(ret, ret0, (size_t)4U * sizeof(uint8_t[200U])); -} - -static inline void -squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - uint8_t b[4U][200U]; - store_block_full___136size_t0(s->st, b); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void store_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], - Eurydice_slice b[4U]) { - store_block___136size_t(a, b); -} - -static inline void -squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - store_block___136size_t0(s->st, out); -} - -static inline void -squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - keccakf1600__core_core_arch_x86___m256i_4size_t(s); - store_block___136size_t0(s->st, out); -} - -static inline void squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - s, - Eurydice_slice out[4U]) { - keccakf1600__core_core_arch_x86___m256i_4size_t(&s); - uint8_t b[4U][200U]; - store_block_full___136size_t0(s.st, b); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void -keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( - Eurydice_slice data[4U], Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - s = new__core_core_arch_x86___m256i_4size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____0 = &s; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret[4U]; - slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block__core_core_arch_x86___m256i_4size_t_136size_t(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____2 = &s; - Eurydice_slice uu____3[4U]; - memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret[4U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); - absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(uu____2, - ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t(&s, - out); - } else { - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ - uu____4 = split_at_mut_n(out, (size_t)136U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o1[4U]; - memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ - uu____5 = split_at_mut_n(o1, (size_t)136U); - Eurydice_slice o[4U]; - memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice orest[4U]; - memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, o); - memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t(s, o1); - } - } -} - -void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, - Eurydice_slice input2, Eurydice_slice input3, - Eurydice_slice out0, Eurydice_slice out1, - Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(buf0, buf); -} - -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline libcrux_sha3_avx2_x4_incremental_KeccakState4 libcrux_sha3_avx2_x4_incremental_shake128_init(void) { - return new__core_core_arch_x86___m256i_4size_t(); -} - -static inline void load_block___168size_t(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice blocks[4U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[2U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[3U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____0 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; - core_core_arch_x86___m256i uu____1 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = uu____1; - core_core_arch_x86___m256i uu____2 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = uu____2; - core_core_arch_x86___m256i uu____3 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = uu____3; - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice(blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice(blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice(blocks[2U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice(blocks[3U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - core_core_arch_x86___m256i uu____8 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - s[i0][j0] = uu____8; - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____9 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____9, - Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start + (size_t)8U, .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____10 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____10, - Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start + (size_t)8U, .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____11 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____11, - Eurydice_slice_subslice( - blocks[2U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start + (size_t)8U, .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____12 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____12, - Eurydice_slice_subslice( - blocks[3U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start + (size_t)8U, .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); - size_t i = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - core_core_arch_x86___m256i uu____13 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - s[i][j] = uu____13; - } -} - -static inline void load_block_full___168size_t( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice); - Eurydice_slice buf[4U] = {uu____1, uu____2, uu____3, - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; - load_block___168size_t(uu____0, buf); -} - -static inline void load_block_full___168size_t0( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full___168size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = {{0U}}; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], - uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)168U - (size_t)1U] = - (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U;); - core_core_arch_x86___m256i(*uu____1)[5U] = s->st; - uint8_t uu____2[4U][200U]; - memcpy(uu____2, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full___168size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_x86___m256i_4size_t(s); -} - -void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, - Eurydice_slice data3) { - Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( - s, buf); -} - -static inline void store_block___168size_t(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice out[4U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[2U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[3U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - out[0U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice((size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - out[1U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice((size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)8U, .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice( - out[2U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice((size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U, .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_slice_subslice( - out[3U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice((size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)24U, .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - size_t i = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - Eurydice_slice uu____5 = - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); - Eurydice_slice uu____6 = Eurydice_slice_subslice( - out[0U], - (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_subslice((size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_slice_subslice( - out[1U], - (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____8 = Eurydice_slice_subslice( - out[2U], - (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____8, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____9 = Eurydice_slice_subslice( - out[3U], - (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____9, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void store_block___168size_t0(core_core_arch_x86___m256i (*a)[5U], - Eurydice_slice b[4U]) { - store_block___168size_t(a, b); -} - -static inline void -squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - keccakf1600__core_core_arch_x86___m256i_4size_t(s); - store_block___168size_t0(s->st, out); -} - -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, - Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, buf); -} - -static inline void -squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - store_block___168size_t0(s->st, out); + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice data0, + Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, + Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } inline void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ uu____0 = - split_at_mut_n(out, (size_t)168U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o10[4U]; - memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o0); - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ uu____1 = - split_at_mut_n(o10, (size_t)168U); - Eurydice_slice o1[4U]; - memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o2[4U]; - memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o1); - squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o2); -} - -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, - Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( - s, buf); +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, + Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 3f123391e..9ef69a0a4 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_sha3_avx2_H @@ -15,38 +15,32 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" #include "libcrux_core.h" -#include "libcrux_sha3_internal.h" - -typedef struct - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t_s { - core_core_arch_x86___m256i st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t; +#include "libcrux_sha3_neon.h" void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState4_s { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + state[2U]; +} libcrux_sha3_avx2_x4_incremental_KeccakState4; + +libcrux_sha3_avx2_x4_incremental_KeccakState4 libcrux_sha3_avx2_x4_incremental_shake128_init(void); void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, - Eurydice_slice data3); + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice data0, + Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, - Eurydice_slice out3); + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, + Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, - Eurydice_slice out3); + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, + Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 8c78b4214..df62eb1e3 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h b/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h index 4627e4a1d..818e0acac 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h +++ b/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_sha3_libcrux_ml_kem_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index d2967a194..667d7904c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -1,187 +1,2887 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #include "libcrux_sha3_neon.h" #include "internal/libcrux_core.h" -inline void libcrux_sha3_neon_sha512(Eurydice_slice digest, - Eurydice_slice data) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_sha256(Eurydice_slice digest, - Eurydice_slice data) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline libcrux_sha3_neon_x2_incremental_KeccakState2 +static inline core_core_arch_arm_shared_neon_uint64x2_t zero(void) { + return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t _veor5q_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c, + core_core_arch_arm_shared_neon_uint64x2_t d, + core_core_arch_arm_shared_neon_uint64x2_t e) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + core_core_arch_arm_shared_neon_uint64x2_t cd = + libcrux_intrinsics_arm64__veorq_u64(c, d); + core_core_arch_arm_shared_neon_uint64x2_t abcd = + libcrux_intrinsics_arm64__veorq_u64(ab, cd); + return libcrux_intrinsics_arm64__veorq_u64(abcd, e); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t xor5( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c, + core_core_arch_arm_shared_neon_uint64x2_t d, + core_core_arch_arm_shared_neon_uint64x2_t e) { + return _veor5q_u64(a, b, c, d, e); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___1int32_t_63int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)1, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)63, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t _vrax1q_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, rotate_left___1int32_t_63int32_t(b)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t rotate_left1_and_xor( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vrax1q_u64(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t _vbcaxq_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vbicq_u64(b, c)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t and_not_xor( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c) { + return _vbcaxq_u64(a, b, c); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t _veorq_n_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { + core_core_arch_arm_shared_neon_uint64x2_t c0 = + libcrux_intrinsics_arm64__vdupq_n_u64(c); + return libcrux_intrinsics_arm64__veorq_u64(a, c0); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t xor_constant( + core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { + return _veorq_n_u64(a, c); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t xor0( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_intrinsics_arm64__veorq_u64(a, b); +} + +static inline void slice_2(Eurydice_slice a[2U], size_t start, size_t len, + Eurydice_slice ret[2U]) { + Eurydice_slice uu____0 = Eurydice_slice_subslice( + a[0U], + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + ret[0U] = uu____0; + ret[1U] = Eurydice_slice_subslice(a[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start, .end = start + len}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice); +} + +static inline void slice_n(Eurydice_slice a[2U], size_t start, size_t len, + Eurydice_slice ret[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, a, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[2U]; + slice_2(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); +} + +static inline K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ +split_at_mut_2(Eurydice_slice out[2U], size_t mid) { + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at_mut( + out0, mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at_mut( + out1, mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + return lit; +} + +static inline K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ +split_at_mut_n(Eurydice_slice a[2U], size_t mid) { + return split_at_mut_2(a, mid); +} + +static inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t +new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(void) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + lit; + lit.st[0U][0U] = zero(); + lit.st[0U][1U] = zero(); + lit.st[0U][2U] = zero(); + lit.st[0U][3U] = zero(); + lit.st[0U][4U] = zero(); + lit.st[1U][0U] = zero(); + lit.st[1U][1U] = zero(); + lit.st[1U][2U] = zero(); + lit.st[1U][3U] = zero(); + lit.st[1U][4U] = zero(); + lit.st[2U][0U] = zero(); + lit.st[2U][1U] = zero(); + lit.st[2U][2U] = zero(); + lit.st[2U][3U] = zero(); + lit.st[2U][4U] = zero(); + lit.st[3U][0U] = zero(); + lit.st[3U][1U] = zero(); + lit.st[3U][2U] = zero(); + lit.st[3U][3U] = zero(); + lit.st[3U][4U] = zero(); + lit.st[4U][0U] = zero(); + lit.st[4U][1U] = zero(); + lit.st[4U][2U] = zero(); + lit.st[4U][3U] = zero(); + lit.st[4U][4U] = zero(); + return lit; +} + +static inline void load_block___72size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + libcrux_intrinsics_arm64__veorq_u64( + uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; + } + if ((size_t)72U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)72U - (size_t)8U, .end = (size_t)72U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst0, ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)72U - (size_t)8U, .end = (size_t)72U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void load_block___72size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block___72size_t(uu____0, uu____1); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___36int32_t_28int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___36int32_t_28int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___36int32_t_28int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___36int32_t_28int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___36int32_t_28int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___3int32_t_61int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___3int32_t_61int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___3int32_t_61int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___3int32_t_61int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___3int32_t_61int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___41int32_t_23int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)41, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)23, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___41int32_t_23int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___41int32_t_23int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___41int32_t_23int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___41int32_t_23int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___18int32_t_46int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)18, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)46, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___18int32_t_46int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___18int32_t_46int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___18int32_t_46int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___18int32_t_46int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___1int32_t_63int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___1int32_t_63int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___1int32_t_63int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___1int32_t_63int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___44int32_t_20int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___44int32_t_20int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___44int32_t_20int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___44int32_t_20int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___44int32_t_20int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___10int32_t_54int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)10, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)54, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___10int32_t_54int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___10int32_t_54int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___10int32_t_54int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___10int32_t_54int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___45int32_t_19int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)45, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)19, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___45int32_t_19int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___45int32_t_19int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___45int32_t_19int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___45int32_t_19int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___2int32_t_62int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___2int32_t_62int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___2int32_t_62int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___2int32_t_62int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___2int32_t_62int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___62int32_t_2int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___62int32_t_2int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___62int32_t_2int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___62int32_t_2int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___62int32_t_2int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___6int32_t_58int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)6, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)58, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___6int32_t_58int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___6int32_t_58int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___6int32_t_58int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___6int32_t_58int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___43int32_t_21int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___43int32_t_21int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___43int32_t_21int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___43int32_t_21int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___43int32_t_21int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___15int32_t_49int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)15, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)49, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___15int32_t_49int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___15int32_t_49int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___15int32_t_49int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___15int32_t_49int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___61int32_t_3int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___61int32_t_3int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___61int32_t_3int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___61int32_t_3int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___61int32_t_3int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___28int32_t_36int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___28int32_t_36int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___28int32_t_36int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___28int32_t_36int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___28int32_t_36int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___55int32_t_9int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)55, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)9, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___55int32_t_9int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___55int32_t_9int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___55int32_t_9int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___55int32_t_9int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___25int32_t_39int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___25int32_t_39int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___25int32_t_39int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___25int32_t_39int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___25int32_t_39int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___21int32_t_43int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___21int32_t_43int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___21int32_t_43int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___21int32_t_43int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___21int32_t_43int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___56int32_t_8int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___56int32_t_8int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___56int32_t_8int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___56int32_t_8int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___56int32_t_8int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___27int32_t_37int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)27, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)37, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___27int32_t_37int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___27int32_t_37int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___27int32_t_37int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___27int32_t_37int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___20int32_t_44int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___20int32_t_44int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___20int32_t_44int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___20int32_t_44int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___20int32_t_44int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___39int32_t_25int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___39int32_t_25int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___39int32_t_25int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___39int32_t_25int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___39int32_t_25int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___8int32_t_56int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___8int32_t_56int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___8int32_t_56int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___8int32_t_56int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___8int32_t_56int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___14int32_t_50int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)14, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)50, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___14int32_t_50int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___14int32_t_50int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___14int32_t_50int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___14int32_t_50int32_t(a, b); +} + +static inline void theta_rho__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + xor5(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + xor5(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + xor5(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]); + core_core_arch_arm_shared_neon_uint64x2_t c[5U] = { + uu____0, uu____1, uu____2, uu____3, + xor5(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + core_core_arch_arm_shared_neon_uint64x2_t uu____4 = + rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____5 = + rotate_left1_and_xor(c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + rotate_left1_and_xor(c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____7 = + rotate_left1_and_xor(c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t t[5U] = { + uu____4, uu____5, uu____6, uu____7, + rotate_left1_and_xor(c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + core_core_arch_arm_shared_neon_uint64x2_t uu____8 = + xor0(s->st[0U][0U], t[0U]); + s->st[0U][0U] = uu____8; + core_core_arch_arm_shared_neon_uint64x2_t uu____9 = + xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____9; + core_core_arch_arm_shared_neon_uint64x2_t uu____10 = + xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____10; + core_core_arch_arm_shared_neon_uint64x2_t uu____11 = + xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____11; + core_core_arch_arm_shared_neon_uint64x2_t uu____12 = + xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____12; + core_core_arch_arm_shared_neon_uint64x2_t uu____13 = + xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____13; + core_core_arch_arm_shared_neon_uint64x2_t uu____14 = + xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____14; + core_core_arch_arm_shared_neon_uint64x2_t uu____15 = + xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____15; + core_core_arch_arm_shared_neon_uint64x2_t uu____16 = + xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____16; + core_core_arch_arm_shared_neon_uint64x2_t uu____17 = + xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____17; + core_core_arch_arm_shared_neon_uint64x2_t uu____18 = + xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____18; + core_core_arch_arm_shared_neon_uint64x2_t uu____19 = + xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____19; + core_core_arch_arm_shared_neon_uint64x2_t uu____20 = + xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____20; + core_core_arch_arm_shared_neon_uint64x2_t uu____21 = + xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____21; + core_core_arch_arm_shared_neon_uint64x2_t uu____22 = + xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____22; + core_core_arch_arm_shared_neon_uint64x2_t uu____23 = + xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____23; + core_core_arch_arm_shared_neon_uint64x2_t uu____24 = + xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____24; + core_core_arch_arm_shared_neon_uint64x2_t uu____25 = + xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____25; + core_core_arch_arm_shared_neon_uint64x2_t uu____26 = + xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____26; + core_core_arch_arm_shared_neon_uint64x2_t uu____27 = + xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____27; + core_core_arch_arm_shared_neon_uint64x2_t uu____28 = + xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____28; + core_core_arch_arm_shared_neon_uint64x2_t uu____29 = + xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____29; + core_core_arch_arm_shared_neon_uint64x2_t uu____30 = + xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____30; + core_core_arch_arm_shared_neon_uint64x2_t uu____31 = + xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____31; + core_core_arch_arm_shared_neon_uint64x2_t uu____32 = + xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____32; +} + +static inline void pi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s) { + core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)5U, s->st, old, core_core_arch_arm_shared_neon_uint64x2_t[5U], + void *); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +static inline void chi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s) { + core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; + memcpy(old, s->st, + (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); + KRML_MAYBE_FOR5( + i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR5( + i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + and_not_xor(s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + s->st[i1][j] = uu____0;);); +} + +static inline void iota__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + size_t i) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = xor_constant( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); + s->st[0U][0U] = uu____0; +} + +static inline void +keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + theta_rho__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + pi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + chi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + iota__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s, i0); + } +} + +static inline void +absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block___72size_t0(uu____0, uu____1); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void load_block_full___72size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, + Eurydice_slice)}; + load_block___72size_t(uu____0, buf); +} + +static inline void load_block_full___72size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___72size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)72U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)72U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___72size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void store_block___72size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)72U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)72U - (size_t)8U, .end = (size_t)72U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)72U - (size_t)8U, .end = (size_t)72U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice( + (size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void store_block_full___72size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block___72size_t(uu____0, buf); + uint8_t uu____2[200U]; + memcpy(uu____2, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____3, (size_t)200U * sizeof(uint8_t)); +} + +static inline void store_block_full___72size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + uint8_t ret0[2U][200U]; + store_block_full___72size_t(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t[200U])); +} + +static inline void +squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full___72size_t0(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void store_block___72size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block___72size_t(a, b); +} + +static inline void +squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + store_block___72size_t0(s->st, out); +} + +static inline void +squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___72size_t0(s->st, out); +} + +static inline void +squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); + uint8_t b[2U][200U]; + store_block_full___72size_t0(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void +keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)72U, (size_t)72U, ret); + absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( + uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)72U; + size_t last = outlen - outlen % (size_t)72U; + if (blocks == (size_t)0U) { + squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)72U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)72U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + &s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + s, o1); + } + } +} + +static inline void keccakx2___72size_t_6uint8_t(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( + uu____0, out); +} + +void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { + uint8_t dummy[64U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice uu____1 = digest; + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice)}; + keccakx2___72size_t_6uint8_t(uu____0, buf); +} + +static inline void load_block___136size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + libcrux_intrinsics_arm64__veorq_u64( + uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; + } + if ((size_t)136U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)136U - (size_t)8U, .end = (size_t)136U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst0, ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)136U - (size_t)8U, .end = (size_t)136U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void load_block___136size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block___136size_t(uu____0, uu____1); +} + +static inline void +absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block___136size_t0(uu____0, uu____1); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void load_block_full___136size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, + Eurydice_slice)}; + load_block___136size_t(uu____0, buf); +} + +static inline void load_block_full___136size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___136size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)136U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___136size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void store_block___136size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)136U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)136U - (size_t)8U, .end = (size_t)136U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)136U - (size_t)8U, .end = (size_t)136U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice( + (size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void store_block_full___136size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block___136size_t(uu____0, buf); + uint8_t uu____2[200U]; + memcpy(uu____2, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____3, (size_t)200U * sizeof(uint8_t)); +} + +static inline void store_block_full___136size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + uint8_t ret0[2U][200U]; + store_block_full___136size_t(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t[200U])); +} + +static inline void +squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full___136size_t0(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void store_block___136size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block___136size_t(a, b); +} + +static inline void +squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + store_block___136size_t0(s->st, out); +} + +static inline void +squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___136size_t0(s->st, out); +} + +static inline void +squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); + uint8_t b[2U][200U]; + store_block_full___136size_t0(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void +keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( + uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + &s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + s, o1); + } + } +} + +static inline void keccakx2___136size_t_6uint8_t(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( + uu____0, out); +} + +void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { + uint8_t dummy[32U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice uu____1 = digest; + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)}; + keccakx2___136size_t_6uint8_t(uu____0, buf); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)136U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___136size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void +keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( + uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + &s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + s, o1); + } + } +} + +static inline void keccakx2___136size_t_31uint8_t(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( + uu____0, out); +} + +void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, + Eurydice_slice out0, Eurydice_slice out1) { + Eurydice_slice buf0[2U] = {input0, input1}; + Eurydice_slice buf[2U] = {out0, out1}; + keccakx2___136size_t_31uint8_t(buf0, buf); +} + +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t libcrux_sha3_neon_x2_incremental_shake128_init(void) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice data0, - Eurydice_slice data1) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, - Eurydice_slice out1) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, - Eurydice_slice out1) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + return new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); +} + +static inline void load_block___168size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + libcrux_intrinsics_arm64__veorq_u64( + uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; + } + if ((size_t)168U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)168U - (size_t)8U, .end = (size_t)168U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst0, ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)168U - (size_t)8U, .end = (size_t)168U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void load_block_full___168size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, + Eurydice_slice)}; + load_block___168size_t(uu____0, buf); +} + +static inline void load_block_full___168size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___168size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)168U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___168size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice data0, Eurydice_slice data1) { + Eurydice_slice buf[2U] = {data0, data1}; + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t_31uint8_t( + s, buf); +} + +static inline void store_block___168size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)168U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)168U - (size_t)8U, .end = (size_t)168U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)168U - (size_t)8U, .end = (size_t)168U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice( + (size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void store_block___168size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block___168size_t(a, b); +} + +static inline void +squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___168size_t0(s->st, out); +} + +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out0, Eurydice_slice out1) { + Eurydice_slice buf[2U] = {out0, out1}; + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + s, buf); +} + +static inline void +squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + store_block___168size_t0(s->st, out); +} + +static inline void +squeeze_first_three_blocks__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ uu____0 = + split_at_mut_n(out, (size_t)168U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____0.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o10[2U]; + memcpy(o10, uu____0.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + s, o0); + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ uu____1 = + split_at_mut_n(o10, (size_t)168U); + Eurydice_slice o1[2U]; + memcpy(o1, uu____1.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o2[2U]; + memcpy(o2, uu____1.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + s, o1); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + s, o2); +} + +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out0, Eurydice_slice out1) { + Eurydice_slice buf[2U] = {out0, out1}; + squeeze_first_three_blocks__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + s, buf); +} + +static inline void load_block___144size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + libcrux_intrinsics_arm64__veorq_u64( + uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; + } + if ((size_t)144U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)144U - (size_t)8U, .end = (size_t)144U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst0, ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)144U - (size_t)8U, .end = (size_t)144U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void load_block___144size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block___144size_t(uu____0, uu____1); +} + +static inline void +absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block___144size_t0(uu____0, uu____1); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void load_block_full___144size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, + Eurydice_slice)}; + load_block___144size_t(uu____0, buf); +} + +static inline void load_block_full___144size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___144size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)144U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)144U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___144size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void store_block___144size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)144U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)144U - (size_t)8U, .end = (size_t)144U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)144U - (size_t)8U, .end = (size_t)144U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice( + (size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void store_block_full___144size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block___144size_t(uu____0, buf); + uint8_t uu____2[200U]; + memcpy(uu____2, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____3, (size_t)200U * sizeof(uint8_t)); +} + +static inline void store_block_full___144size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + uint8_t ret0[2U][200U]; + store_block_full___144size_t(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t[200U])); +} + +static inline void +squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full___144size_t0(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void store_block___144size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block___144size_t(a, b); +} + +static inline void +squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + store_block___144size_t0(s->st, out); +} + +static inline void +squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___144size_t0(s->st, out); +} + +static inline void +squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); + uint8_t b[2U][200U]; + store_block_full___144size_t0(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void +keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)144U, (size_t)144U, ret); + absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( + uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; + if (blocks == (size_t)0U) { + squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)144U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)144U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + &s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + s, o1); + } + } +} + +static inline void keccakx2___144size_t_6uint8_t(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( + uu____0, out); } inline void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[28U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice uu____1 = digest; + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice)}; + keccakx2___144size_t_6uint8_t(uu____0, buf); +} + +static inline void load_block___104size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + libcrux_intrinsics_arm64__veorq_u64( + uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; + } + if ((size_t)104U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)104U - (size_t)8U, .end = (size_t)104U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst0, ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)104U - (size_t)8U, .end = (size_t)104U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void load_block___104size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block___104size_t(uu____0, uu____1); +} + +static inline void +absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block___104size_t0(uu____0, uu____1); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void load_block_full___104size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, + Eurydice_slice)}; + load_block___104size_t(uu____0, buf); +} + +static inline void load_block_full___104size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___104size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)104U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)104U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___104size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void store_block___104size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)104U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)104U - (size_t)8U, .end = (size_t)104U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)104U - (size_t)8U, .end = (size_t)104U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice( + (size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void store_block_full___104size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block___104size_t(uu____0, buf); + uint8_t uu____2[200U]; + memcpy(uu____2, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____3, (size_t)200U * sizeof(uint8_t)); +} + +static inline void store_block_full___104size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + uint8_t ret0[2U][200U]; + store_block_full___104size_t(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t[200U])); +} + +static inline void +squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full___104size_t0(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void store_block___104size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block___104size_t(a, b); +} + +static inline void +squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + store_block___104size_t0(s->st, out); +} + +static inline void +squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___104size_t0(s->st, out); +} + +static inline void +squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); + uint8_t b[2U][200U]; + store_block_full___104size_t0(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void +keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)104U, (size_t)104U, ret); + absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( + uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; + if (blocks == (size_t)0U) { + squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)104U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)104U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + &s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + s, o1); + } + } +} + +static inline void keccakx2___104size_t_6uint8_t(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( + uu____0, out); } inline void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[48U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice uu____1 = digest; + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice)}; + keccakx2___104size_t_6uint8_t(uu____0, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 0450e6907..f8b0db637 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_sha3_neon_H @@ -17,6 +17,11 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_sha3_internal.h" +typedef struct + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t_s { + core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t; + void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); @@ -24,24 +29,23 @@ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); -typedef struct libcrux_sha3_neon_x2_incremental_KeccakState2_s { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[2U]; -} libcrux_sha3_neon_x2_incremental_KeccakState2; - -libcrux_sha3_neon_x2_incremental_KeccakState2 +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t libcrux_sha3_neon_x2_incremental_shake128_init(void); void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice data0, - Eurydice_slice data1); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice data0, Eurydice_slice data1); void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, - Eurydice_slice out1); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out0, Eurydice_slice out1); void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, - Eurydice_slice out1); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out0, Eurydice_slice out1); void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); From e6b639793a15d34ce0c24472cf6ae9e3c23ab94b Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Thu, 27 Jun 2024 09:31:54 +0200 Subject: [PATCH 7/7] refreshed c code from avx2 machine --- libcrux-ml-kem/c/code_gen.txt | 4 +- libcrux-ml-kem/c/internal/libcrux_core.h | 55 +- .../c/internal/libcrux_mlkem_avx2.h | 6 +- .../c/internal/libcrux_mlkem_portable.h | 6 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 6 +- .../c/internal/libcrux_sha3_internal.h | 6 +- libcrux-ml-kem/c/libcrux_core.c | 48 +- libcrux-ml-kem/c/libcrux_core.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 10 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 521 ++- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 10 +- libcrux-ml-kem/c/libcrux_sha3.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2119 +++++++++++- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 38 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 6 +- .../c/libcrux_sha3_libcrux_ml_kem.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 3038 +---------------- libcrux-ml-kem/c/libcrux_sha3_neon.h | 32 +- 34 files changed, 2923 insertions(+), 3096 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 43e3c72b6..48604c8bf 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,5 +1,5 @@ This code was generated with the following tools: Charon: ae55966c01a1a4b185a1a34da7861ba5db74c8ad Eurydice: bbfd102bbfbc3e4c362953f093dbfd65e2fbc10c -Karamel: 018dcd1d71f37472c517822aa6bd275263a6dcaa -F*: 0e2a116da266fbe1dbb81b414002d0afac6819b3 +Karamel: 42a431696cd32d41155d7e484720eb71fd5dc7b1 +F*: f09228ef9a64ac4ef383ee0e10656ccb612db2ee diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index c17768e9b..d0fde74d7 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __internal_libcrux_core_H @@ -23,7 +23,7 @@ extern core_fmt_Arguments core_fmt__core__fmt__Arguments__a__2__new_v1( #define CORE_NUM__U32_8__BITS (32U) -static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t x0[4U]); +static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); #define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) @@ -177,6 +177,45 @@ void libcrux_ml_kem_utils_into_padded_array___800size_t(Eurydice_slice slice, void libcrux_ml_kem_utils_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]); +typedef struct + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_s { + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[24U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError; + +void core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError self, + uint8_t ret[24U]); + +typedef struct + core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError_s { + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[20U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError; + +void core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError self, + uint8_t ret[20U]); + +typedef struct + core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError_s { + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[10U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError; + +void core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError self, + uint8_t ret[10U]); + typedef struct core_option_Option__Eurydice_slice_uint8_t_s { core_option_Option__size_t_tags tag; Eurydice_slice f0; @@ -196,10 +235,10 @@ void core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_arr int16_t ret[16U]); typedef struct - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t__s { - Eurydice_slice fst[2U]; - Eurydice_slice snd[2U]; -} K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_; + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t__s { + Eurydice_slice fst[4U]; + Eurydice_slice snd[4U]; +} K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 8b193ff94..24d4a429d 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 26297a0f9..0662c723b 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index ca52d7867..01c4ca99c 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 0363128b2..8e4e0d5a5 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index cc1359abb..89b41da15 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #include "internal/libcrux_core.h" @@ -338,6 +338,48 @@ void libcrux_ml_kem_utils_into_padded_array___64size_t(Eurydice_slice slice, memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } +void core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError self, + uint8_t ret[24U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[24U]; + memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +void core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError self, + uint8_t ret[20U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[20U]; + memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +void core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError self, + uint8_t ret[10U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[10U]; + memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + void core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( core_result_Result__int16_t_16size_t__core_array_TryFromSliceError self, int16_t ret[16U]) { diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 8bccd9104..8479cc61a 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 035bc1287..aecc7ff99 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 7c0b024d5..79a0ba4a3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 4e5ffff3a..6e1f7cf1b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 0676f1b45..e251029d2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 1cc43ae7e..8f0c49a3c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 7277f70d8..e124f3c61 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index f3462da05..30b6b8577 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 929a9bad8..9568c423b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 6f4c9236d..a1cd60442 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 6aa5da039..f2b28a543 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 7dab3285d..628dcfd94 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 7e65fa6c6..8711236f3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 79eb5fc83..4cfb0e522 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index e0102fe71..06c10258e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index ec7de6074..9b34ba945 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index c767b1b13..6a91b8914 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #include "internal/libcrux_mlkem_avx2.h" @@ -618,10 +618,10 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { libcrux_intrinsics_avx2_mm256_set_epi16( (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, - (int16_t)1 << 14U, (int16_t)1 << 15U, (int16_t)1 << 8U, + (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, - (int16_t)1 << 15U); + (int16_t)-32768); core_core_arch_x86___m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); return libcrux_intrinsics_avx2_mm256_srli_epi16( diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 024a0801f..c5d6f33e3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 1c2f4d186..3be04989a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #include "internal/libcrux_mlkem_portable.h" @@ -44,6 +44,521 @@ const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = { (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; +const uint8_t + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE + [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, + 255U, 255U, 255U}, + {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 255U, 255U}, + {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, + 15U, 255U, 255U}, + {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 14U, 15U}}; + inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_zero(void) { libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 7161ffacf..6d65ad32f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_mlkem_portable_H @@ -27,6 +27,10 @@ extern "C" { #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ (62209U) +extern const uint8_t + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U] + [16U]; + typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { int16_t elements[16U]; } libcrux_ml_kem_vector_portable_vector_type_PortableVector; diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 3f2613c81..06eaedd42 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 3c4230c09..10b22fbaa 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -1,111 +1,2036 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ -#include "libcrux_sha3_avx2.h" +#include "internal/libcrux_sha3_avx2.h" #include "internal/libcrux_core.h" -inline void libcrux_sha3_avx2_x4_shake256( - Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, - Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, - Eurydice_slice out2, Eurydice_slice out3) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; +static inline core_core_arch_x86___m256i zero(void) { + return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); +} + +static inline core_core_arch_x86___m256i _veor5q_u64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); + core_core_arch_x86___m256i abcd = + libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); + return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); +} + +static inline core_core_arch_x86___m256i xor5(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, + core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { + return _veor5q_u64(a, b, c, d, e); +} + +static inline core_core_arch_x86___m256i rotate_left___1int32_t_63int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)1, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)63, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vrax1q_u64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i uu____0 = a; + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, rotate_left___1int32_t_63int32_t(b)); +} + +static inline core_core_arch_x86___m256i rotate_left1_and_xor( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vrax1q_u64(a, b); +} + +static inline core_core_arch_x86___m256i _vbcaxq_u64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { + core_core_arch_x86___m256i uu____0 = a; + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); +} + +static inline core_core_arch_x86___m256i and_not_xor( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { + return _vbcaxq_u64(a, b, c); +} + +static inline core_core_arch_x86___m256i _veorq_n_u64( + core_core_arch_x86___m256i a, uint64_t c) { + core_core_arch_x86___m256i c0 = + libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); + return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); +} + +static inline core_core_arch_x86___m256i xor_constant( + core_core_arch_x86___m256i a, uint64_t c) { + return _veorq_n_u64(a, c); +} + +static inline core_core_arch_x86___m256i xor0(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +} + +static inline void slice_4(Eurydice_slice a[4U], size_t start, size_t len, + Eurydice_slice ret[4U]) { + Eurydice_slice uu____0 = Eurydice_slice_subslice( + a[0U], + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + a[1U], + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + a[2U], + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + ret[0U] = uu____0; + ret[1U] = uu____1; + ret[2U] = uu____2; + ret[3U] = Eurydice_slice_subslice(a[3U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start, .end = start + len}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice); +} + +static inline void slice_n(Eurydice_slice a[4U], size_t start, size_t len, + Eurydice_slice ret[4U]) { + Eurydice_slice uu____0[4U]; + memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[4U]; + slice_4(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); +} + +static inline K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ +split_at_mut_4(Eurydice_slice out[4U], size_t mid) { + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + Eurydice_slice out2 = out[2U]; + Eurydice_slice out3 = out[3U]; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at_mut( + out0, mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at_mut( + out1, mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at_mut( + out2, mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out20 = uu____2.fst; + Eurydice_slice out21 = uu____2.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at_mut( + out3, mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out30 = uu____3.fst; + Eurydice_slice out31 = uu____3.snd; + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.fst[2U] = out20; + lit.fst[3U] = out30; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + lit.snd[2U] = out21; + lit.snd[3U] = out31; + return lit; +} + +static inline K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ +split_at_mut_n(Eurydice_slice a[4U], size_t mid) { + return split_at_mut_4(a, mid); +} + +static inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +new__core_core_arch_x86___m256i_4size_t(void) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + lit; + lit.st[0U][0U] = zero(); + lit.st[0U][1U] = zero(); + lit.st[0U][2U] = zero(); + lit.st[0U][3U] = zero(); + lit.st[0U][4U] = zero(); + lit.st[1U][0U] = zero(); + lit.st[1U][1U] = zero(); + lit.st[1U][2U] = zero(); + lit.st[1U][3U] = zero(); + lit.st[1U][4U] = zero(); + lit.st[2U][0U] = zero(); + lit.st[2U][1U] = zero(); + lit.st[2U][2U] = zero(); + lit.st[2U][3U] = zero(); + lit.st[2U][4U] = zero(); + lit.st[3U][0U] = zero(); + lit.st[3U][1U] = zero(); + lit.st[3U][2U] = zero(); + lit.st[3U][3U] = zero(); + lit.st[3U][4U] = zero(); + lit.st[4U][0U] = zero(); + lit.st[4U][1U] = zero(); + lit.st[4U][2U] = zero(); + lit.st[4U][3U] = zero(); + lit.st[4U][4U] = zero(); + return lit; +} + +static inline void load_block___136size_t(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[2U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[3U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____0 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; + core_core_arch_x86___m256i uu____1 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = uu____1; + core_core_arch_x86___m256i uu____2 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = uu____2; + core_core_arch_x86___m256i uu____3 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = uu____3; + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice(blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice(blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice(blocks[2U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice(blocks[3U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + core_core_arch_x86___m256i uu____8 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = uu____8; + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____9 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____9, + Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start + (size_t)8U, .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____10 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____10, + Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start + (size_t)8U, .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____11 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____11, + Eurydice_slice_subslice( + blocks[2U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start + (size_t)8U, .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____12 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____12, + Eurydice_slice_subslice( + blocks[3U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start + (size_t)8U, .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + core_core_arch_x86___m256i uu____13 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + s[i][j] = uu____13; + } +} + +static inline void load_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], + Eurydice_slice b[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); + load_block___136size_t(uu____0, uu____1); +} + +static inline core_core_arch_x86___m256i rotate_left___36int32_t_28int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)36, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)28, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___36int32_t_28int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___36int32_t_28int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___36int32_t_28int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___36int32_t_28int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___3int32_t_61int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)3, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)61, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___3int32_t_61int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___3int32_t_61int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___3int32_t_61int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___3int32_t_61int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___41int32_t_23int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)41, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)23, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___41int32_t_23int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___41int32_t_23int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___41int32_t_23int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___41int32_t_23int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___18int32_t_46int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)18, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)46, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___18int32_t_46int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___18int32_t_46int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___18int32_t_46int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___18int32_t_46int32_t(a, b); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___1int32_t_63int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___1int32_t_63int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___1int32_t_63int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___1int32_t_63int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___44int32_t_20int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)44, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)20, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___44int32_t_20int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___44int32_t_20int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___44int32_t_20int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___44int32_t_20int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___10int32_t_54int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)10, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)54, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___10int32_t_54int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___10int32_t_54int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___10int32_t_54int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___10int32_t_54int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___45int32_t_19int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)45, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)19, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___45int32_t_19int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___45int32_t_19int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___45int32_t_19int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___45int32_t_19int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___2int32_t_62int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)2, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)62, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___2int32_t_62int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___2int32_t_62int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___2int32_t_62int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___2int32_t_62int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___62int32_t_2int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)62, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)2, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___62int32_t_2int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___62int32_t_2int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___62int32_t_2int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___62int32_t_2int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___6int32_t_58int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)6, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)58, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___6int32_t_58int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___6int32_t_58int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___6int32_t_58int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___6int32_t_58int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___43int32_t_21int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)43, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)21, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___43int32_t_21int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___43int32_t_21int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___43int32_t_21int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___43int32_t_21int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___15int32_t_49int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)15, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)49, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___15int32_t_49int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___15int32_t_49int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___15int32_t_49int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___15int32_t_49int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___61int32_t_3int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)61, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)3, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___61int32_t_3int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___61int32_t_3int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___61int32_t_3int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___61int32_t_3int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___28int32_t_36int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)28, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)36, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___28int32_t_36int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___28int32_t_36int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___28int32_t_36int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___28int32_t_36int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___55int32_t_9int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)55, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)9, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___55int32_t_9int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___55int32_t_9int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___55int32_t_9int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___55int32_t_9int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___25int32_t_39int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)25, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)39, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___25int32_t_39int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___25int32_t_39int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___25int32_t_39int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___25int32_t_39int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___21int32_t_43int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)21, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)43, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___21int32_t_43int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___21int32_t_43int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___21int32_t_43int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___21int32_t_43int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___56int32_t_8int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)56, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)8, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___56int32_t_8int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___56int32_t_8int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___56int32_t_8int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___56int32_t_8int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___27int32_t_37int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)27, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)37, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___27int32_t_37int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___27int32_t_37int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___27int32_t_37int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___27int32_t_37int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___20int32_t_44int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)20, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)44, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___20int32_t_44int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___20int32_t_44int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___20int32_t_44int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___20int32_t_44int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___39int32_t_25int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)39, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)25, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___39int32_t_25int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___39int32_t_25int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___39int32_t_25int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___39int32_t_25int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___8int32_t_56int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)8, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)56, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___8int32_t_56int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___8int32_t_56int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___8int32_t_56int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___8int32_t_56int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___14int32_t_50int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)14, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)50, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___14int32_t_50int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___14int32_t_50int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___14int32_t_50int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___14int32_t_50int32_t(a, b); +} + +static inline void theta_rho__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s) { + core_core_arch_x86___m256i uu____0 = + xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]); + core_core_arch_x86___m256i uu____1 = + xor5(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]); + core_core_arch_x86___m256i uu____2 = + xor5(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]); + core_core_arch_x86___m256i uu____3 = + xor5(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]); + core_core_arch_x86___m256i c[5U] = { + uu____0, uu____1, uu____2, uu____3, + xor5(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + core_core_arch_x86___m256i uu____4 = + rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____5 = + rotate_left1_and_xor(c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____6 = + rotate_left1_and_xor(c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____7 = + rotate_left1_and_xor(c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i t[5U] = { + uu____4, uu____5, uu____6, uu____7, + rotate_left1_and_xor(c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + core_core_arch_x86___m256i uu____8 = xor0(s->st[0U][0U], t[0U]); + s->st[0U][0U] = uu____8; + core_core_arch_x86___m256i uu____9 = + xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____9; + core_core_arch_x86___m256i uu____10 = + xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____10; + core_core_arch_x86___m256i uu____11 = + xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____11; + core_core_arch_x86___m256i uu____12 = + xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____12; + core_core_arch_x86___m256i uu____13 = + xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____13; + core_core_arch_x86___m256i uu____14 = + xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____14; + core_core_arch_x86___m256i uu____15 = + xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____15; + core_core_arch_x86___m256i uu____16 = + xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____16; + core_core_arch_x86___m256i uu____17 = + xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____17; + core_core_arch_x86___m256i uu____18 = + xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____18; + core_core_arch_x86___m256i uu____19 = + xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____19; + core_core_arch_x86___m256i uu____20 = + xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____20; + core_core_arch_x86___m256i uu____21 = + xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____21; + core_core_arch_x86___m256i uu____22 = + xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____22; + core_core_arch_x86___m256i uu____23 = + xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____23; + core_core_arch_x86___m256i uu____24 = + xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____24; + core_core_arch_x86___m256i uu____25 = + xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____25; + core_core_arch_x86___m256i uu____26 = + xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____26; + core_core_arch_x86___m256i uu____27 = + xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____27; + core_core_arch_x86___m256i uu____28 = + xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____28; + core_core_arch_x86___m256i uu____29 = + xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____29; + core_core_arch_x86___m256i uu____30 = + xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____30; + core_core_arch_x86___m256i uu____31 = + xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____31; + core_core_arch_x86___m256i uu____32 = + xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____32; +} + +static inline void pi__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s) { + core_core_arch_x86___m256i old[5U][5U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)5U, s->st, old, core_core_arch_x86___m256i[5U], void *); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +static inline void chi__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s) { + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + KRML_MAYBE_FOR5( + i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; + core_core_arch_x86___m256i uu____0 = and_not_xor( + s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + s->st[i1][j] = uu____0;);); +} + +static inline void iota__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + size_t i) { + core_core_arch_x86___m256i uu____0 = xor_constant( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); + s->st[0U][0U] = uu____0; +} + +static inline void keccakf1600__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + theta_rho__core_core_arch_x86___m256i_4size_t(s); + pi__core_core_arch_x86___m256i_4size_t(s); + chi__core_core_arch_x86___m256i_4size_t(s); + iota__core_core_arch_x86___m256i_4size_t(s, i0); + } +} + +static inline void absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice blocks[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); + load_block___136size_t0(uu____0, uu____1); + keccakf1600__core_core_arch_x86___m256i_4size_t(s); +} + +static inline void load_block_full___136size_t( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[4U] = {uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; + load_block___136size_t(uu____0, buf); +} + +static inline void load_block_full___136size_t0( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full___136size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice last[4U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = {{0U}}; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)136U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); + core_core_arch_x86___m256i(*uu____1)[5U] = s->st; + uint8_t uu____2[4U][200U]; + memcpy(uu____2, blocks, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full___136size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_x86___m256i_4size_t(s); +} + +static inline void store_block___136size_t(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[2U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[3U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline libcrux_sha3_avx2_x4_incremental_KeccakState4 + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice((size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)8U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice( + out[2U], + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice((size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U, .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_slice_subslice( + out[3U], + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice((size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)24U, .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); + Eurydice_slice uu____6 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice((size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_slice_subslice( + out[1U], + (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____8 = Eurydice_slice_subslice( + out[2U], + (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____8, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____9 = Eurydice_slice_subslice( + out[3U], + (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____9, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void store_block_full___136size_t( + core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + uint8_t out2[200U] = {0U}; + uint8_t out3[200U] = {0U}; + core_core_arch_x86___m256i(*uu____0)[5U] = s; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice); + Eurydice_slice buf[4U] = { + uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; + store_block___136size_t(uu____0, buf); + uint8_t uu____4[200U]; + memcpy(uu____4, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____5[200U]; + memcpy(uu____5, out1, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____6[200U]; + memcpy(uu____6, out2, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____7[200U]; + memcpy(uu____7, out3, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____4, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____5, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[2U], uu____6, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[3U], uu____7, (size_t)200U * sizeof(uint8_t)); +} + +static inline void store_block_full___136size_t0( + core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { + uint8_t ret0[4U][200U]; + store_block_full___136size_t(a, ret0); + memcpy(ret, ret0, (size_t)4U * sizeof(uint8_t[200U])); +} + +static inline void +squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { + uint8_t b[4U][200U]; + store_block_full___136size_t0(s->st, b); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void store_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], + Eurydice_slice b[4U]) { + store_block___136size_t(a, b); +} + +static inline void +squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { + store_block___136size_t0(s->st, out); +} + +static inline void +squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { + keccakf1600__core_core_arch_x86___m256i_4size_t(s); + store_block___136size_t0(s->st, out); +} + +static inline void squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + s, + Eurydice_slice out[4U]) { + keccakf1600__core_core_arch_x86___m256i_4size_t(&s); + uint8_t b[4U][200U]; + store_block_full___136size_t0(s.st, b); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void +keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( + Eurydice_slice data[4U], Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + s = new__core_core_arch_x86___m256i_4size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____0 = &s; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block__core_core_arch_x86___m256i_4size_t_136size_t(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____2 = &s; + Eurydice_slice uu____3[4U]; + memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); + absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(uu____2, + ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t(&s, + out); + } else { + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ + uu____4 = split_at_mut_n(out, (size_t)136U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o1[4U]; + memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ + uu____5 = split_at_mut_n(o1, (size_t)136U); + Eurydice_slice o[4U]; + memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice orest[4U]; + memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, o); + memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t(s, o1); + } + } +} + +void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, + Eurydice_slice input2, Eurydice_slice input3, + Eurydice_slice out0, Eurydice_slice out1, + Eurydice_slice out2, Eurydice_slice out3) { + Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(buf0, buf); +} + +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t libcrux_sha3_avx2_x4_incremental_shake128_init(void) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice data0, - Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, - Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + return new__core_core_arch_x86___m256i_4size_t(); +} + +static inline void load_block___168size_t(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[2U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[3U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____0 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; + core_core_arch_x86___m256i uu____1 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = uu____1; + core_core_arch_x86___m256i uu____2 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = uu____2; + core_core_arch_x86___m256i uu____3 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = uu____3; + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice(blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice(blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice(blocks[2U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice(blocks[3U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + core_core_arch_x86___m256i uu____8 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = uu____8; + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____9 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____9, + Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start + (size_t)8U, .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____10 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____10, + Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start + (size_t)8U, .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____11 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____11, + Eurydice_slice_subslice( + blocks[2U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start + (size_t)8U, .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____12 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____12, + Eurydice_slice_subslice( + blocks[3U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start + (size_t)8U, .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + core_core_arch_x86___m256i uu____13 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + s[i][j] = uu____13; + } +} + +static inline void load_block_full___168size_t( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[4U] = {uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; + load_block___168size_t(uu____0, buf); +} + +static inline void load_block_full___168size_t0( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full___168size_t(uu____0, uu____1); } inline void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, - Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice last[4U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = {{0U}}; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)168U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U;); + core_core_arch_x86___m256i(*uu____1)[5U] = s->st; + uint8_t uu____2[4U][200U]; + memcpy(uu____2, blocks, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full___168size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_x86___m256i_4size_t(s); +} + +void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, + Eurydice_slice data3) { + Eurydice_slice buf[4U] = {data0, data1, data2, data3}; + libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( + s, buf); +} + +static inline void store_block___168size_t(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[2U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[3U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice((size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)8U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice( + out[2U], + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice((size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U, .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_slice_subslice( + out[3U], + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice((size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)24U, .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); + Eurydice_slice uu____6 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice((size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_slice_subslice( + out[1U], + (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____8 = Eurydice_slice_subslice( + out[2U], + (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____8, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____9 = Eurydice_slice_subslice( + out[3U], + (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____9, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void store_block___168size_t0(core_core_arch_x86___m256i (*a)[5U], + Eurydice_slice b[4U]) { + store_block___168size_t(a, b); +} + +static inline void +squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { + keccakf1600__core_core_arch_x86___m256i_4size_t(s); + store_block___168size_t0(s->st, out); +} + +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, + Eurydice_slice out3) { + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, buf); +} + +static inline void +squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { + store_block___168size_t0(s->st, out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ uu____0 = + split_at_mut_n(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o0); + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ uu____1 = + split_at_mut_n(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o2[4U]; + memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o1); + squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o2); +} + +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, + Eurydice_slice out3) { + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( + s, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 9ef69a0a4..b6697bbc7 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_sha3_avx2_H @@ -15,32 +15,38 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" #include "libcrux_core.h" -#include "libcrux_sha3_neon.h" +#include "libcrux_sha3_internal.h" + +typedef struct + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t_s { + core_core_arch_x86___m256i st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t; void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState4_s { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - state[2U]; -} libcrux_sha3_avx2_x4_incremental_KeccakState4; - -libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t libcrux_sha3_avx2_x4_incremental_shake128_init(void); void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice data0, - Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, + Eurydice_slice data3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, - Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, + Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, - Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, + Eurydice_slice out3); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index df62eb1e3..a32d29910 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h b/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h index 818e0acac..999552630 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h +++ b/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_sha3_libcrux_ml_kem_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 667d7904c..290cc562b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -1,2887 +1,187 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #include "libcrux_sha3_neon.h" #include "internal/libcrux_core.h" -static inline core_core_arch_arm_shared_neon_uint64x2_t zero(void) { - return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t _veor5q_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c, - core_core_arch_arm_shared_neon_uint64x2_t d, - core_core_arch_arm_shared_neon_uint64x2_t e) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - core_core_arch_arm_shared_neon_uint64x2_t cd = - libcrux_intrinsics_arm64__veorq_u64(c, d); - core_core_arch_arm_shared_neon_uint64x2_t abcd = - libcrux_intrinsics_arm64__veorq_u64(ab, cd); - return libcrux_intrinsics_arm64__veorq_u64(abcd, e); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t xor5( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c, - core_core_arch_arm_shared_neon_uint64x2_t d, - core_core_arch_arm_shared_neon_uint64x2_t e) { - return _veor5q_u64(a, b, c, d, e); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___1int32_t_63int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)1, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)63, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t _vrax1q_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, rotate_left___1int32_t_63int32_t(b)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t rotate_left1_and_xor( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vrax1q_u64(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t _vbcaxq_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vbicq_u64(b, c)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t and_not_xor( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c) { - return _vbcaxq_u64(a, b, c); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t _veorq_n_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { - core_core_arch_arm_shared_neon_uint64x2_t c0 = - libcrux_intrinsics_arm64__vdupq_n_u64(c); - return libcrux_intrinsics_arm64__veorq_u64(a, c0); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t xor_constant( - core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { - return _veorq_n_u64(a, c); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t xor0( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_intrinsics_arm64__veorq_u64(a, b); -} - -static inline void slice_2(Eurydice_slice a[2U], size_t start, size_t len, - Eurydice_slice ret[2U]) { - Eurydice_slice uu____0 = Eurydice_slice_subslice( - a[0U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - ret[0U] = uu____0; - ret[1U] = Eurydice_slice_subslice(a[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + len}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice); -} - -static inline void slice_n(Eurydice_slice a[2U], size_t start, size_t len, - Eurydice_slice ret[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, a, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[2U]; - slice_2(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); -} - -static inline K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ -split_at_mut_2(Eurydice_slice out[2U], size_t mid) { - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at_mut( - out0, mid, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at_mut( - out1, mid, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - return lit; -} - -static inline K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ -split_at_mut_n(Eurydice_slice a[2U], size_t mid) { - return split_at_mut_2(a, mid); -} - -static inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t -new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(void) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - lit; - lit.st[0U][0U] = zero(); - lit.st[0U][1U] = zero(); - lit.st[0U][2U] = zero(); - lit.st[0U][3U] = zero(); - lit.st[0U][4U] = zero(); - lit.st[1U][0U] = zero(); - lit.st[1U][1U] = zero(); - lit.st[1U][2U] = zero(); - lit.st[1U][3U] = zero(); - lit.st[1U][4U] = zero(); - lit.st[2U][0U] = zero(); - lit.st[2U][1U] = zero(); - lit.st[2U][2U] = zero(); - lit.st[2U][3U] = zero(); - lit.st[2U][4U] = zero(); - lit.st[3U][0U] = zero(); - lit.st[3U][1U] = zero(); - lit.st[3U][2U] = zero(); - lit.st[3U][3U] = zero(); - lit.st[3U][4U] = zero(); - lit.st[4U][0U] = zero(); - lit.st[4U][1U] = zero(); - lit.st[4U][2U] = zero(); - lit.st[4U][3U] = zero(); - lit.st[4U][4U] = zero(); - return lit; -} - -static inline void load_block___72size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____1 = - libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; - core_core_arch_arm_shared_neon_uint64x2_t uu____2 = - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____3 = - libcrux_intrinsics_arm64__veorq_u64( - uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; - } - if ((size_t)72U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)72U - (size_t)8U, .end = (size_t)72U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst0, ret); - uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); - u[0U] = uu____4; - uint8_t ret0[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)72U - (size_t)8U, .end = (size_t)72U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst, ret0); - uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); - u[1U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____6 = - libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - s[i][j] = uu____6; - } -} - -static inline void load_block___72size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block___72size_t(uu____0, uu____1); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___36int32_t_28int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___36int32_t_28int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___36int32_t_28int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___36int32_t_28int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___36int32_t_28int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___3int32_t_61int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___3int32_t_61int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___3int32_t_61int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___3int32_t_61int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___3int32_t_61int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___41int32_t_23int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)41, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)23, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___41int32_t_23int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___41int32_t_23int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___41int32_t_23int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___41int32_t_23int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___18int32_t_46int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)18, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)46, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___18int32_t_46int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___18int32_t_46int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___18int32_t_46int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___18int32_t_46int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___1int32_t_63int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___1int32_t_63int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___1int32_t_63int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___1int32_t_63int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___44int32_t_20int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___44int32_t_20int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___44int32_t_20int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___44int32_t_20int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___44int32_t_20int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___10int32_t_54int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)10, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)54, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___10int32_t_54int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___10int32_t_54int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___10int32_t_54int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___10int32_t_54int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___45int32_t_19int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)45, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)19, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___45int32_t_19int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___45int32_t_19int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___45int32_t_19int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___45int32_t_19int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___2int32_t_62int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___2int32_t_62int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___2int32_t_62int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___2int32_t_62int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___2int32_t_62int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___62int32_t_2int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___62int32_t_2int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___62int32_t_2int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___62int32_t_2int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___62int32_t_2int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___6int32_t_58int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)6, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)58, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___6int32_t_58int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___6int32_t_58int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___6int32_t_58int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___6int32_t_58int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___43int32_t_21int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___43int32_t_21int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___43int32_t_21int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___43int32_t_21int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___43int32_t_21int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___15int32_t_49int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)15, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)49, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___15int32_t_49int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___15int32_t_49int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___15int32_t_49int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___15int32_t_49int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___61int32_t_3int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___61int32_t_3int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___61int32_t_3int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___61int32_t_3int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___61int32_t_3int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___28int32_t_36int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___28int32_t_36int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___28int32_t_36int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___28int32_t_36int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___28int32_t_36int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___55int32_t_9int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)55, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)9, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___55int32_t_9int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___55int32_t_9int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___55int32_t_9int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___55int32_t_9int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___25int32_t_39int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___25int32_t_39int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___25int32_t_39int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___25int32_t_39int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___25int32_t_39int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___21int32_t_43int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___21int32_t_43int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___21int32_t_43int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___21int32_t_43int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___21int32_t_43int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___56int32_t_8int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___56int32_t_8int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___56int32_t_8int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___56int32_t_8int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___56int32_t_8int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___27int32_t_37int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)27, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)37, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___27int32_t_37int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___27int32_t_37int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___27int32_t_37int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___27int32_t_37int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___20int32_t_44int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___20int32_t_44int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___20int32_t_44int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___20int32_t_44int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___20int32_t_44int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___39int32_t_25int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___39int32_t_25int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___39int32_t_25int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___39int32_t_25int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___39int32_t_25int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___8int32_t_56int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___8int32_t_56int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___8int32_t_56int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___8int32_t_56int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___8int32_t_56int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___14int32_t_50int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)14, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)50, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___14int32_t_50int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___14int32_t_50int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___14int32_t_50int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___14int32_t_50int32_t(a, b); -} - -static inline void theta_rho__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____1 = - xor5(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____2 = - xor5(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____3 = - xor5(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]); - core_core_arch_arm_shared_neon_uint64x2_t c[5U] = { - uu____0, uu____1, uu____2, uu____3, - xor5(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_arm_shared_neon_uint64x2_t uu____4 = - rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____5 = - rotate_left1_and_xor(c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____6 = - rotate_left1_and_xor(c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____7 = - rotate_left1_and_xor(c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t t[5U] = { - uu____4, uu____5, uu____6, uu____7, - rotate_left1_and_xor(c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - core_core_arch_arm_shared_neon_uint64x2_t uu____8 = - xor0(s->st[0U][0U], t[0U]); - s->st[0U][0U] = uu____8; - core_core_arch_arm_shared_neon_uint64x2_t uu____9 = - xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____9; - core_core_arch_arm_shared_neon_uint64x2_t uu____10 = - xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____10; - core_core_arch_arm_shared_neon_uint64x2_t uu____11 = - xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____11; - core_core_arch_arm_shared_neon_uint64x2_t uu____12 = - xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____12; - core_core_arch_arm_shared_neon_uint64x2_t uu____13 = - xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____13; - core_core_arch_arm_shared_neon_uint64x2_t uu____14 = - xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____14; - core_core_arch_arm_shared_neon_uint64x2_t uu____15 = - xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____15; - core_core_arch_arm_shared_neon_uint64x2_t uu____16 = - xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____16; - core_core_arch_arm_shared_neon_uint64x2_t uu____17 = - xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____17; - core_core_arch_arm_shared_neon_uint64x2_t uu____18 = - xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____18; - core_core_arch_arm_shared_neon_uint64x2_t uu____19 = - xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____19; - core_core_arch_arm_shared_neon_uint64x2_t uu____20 = - xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____20; - core_core_arch_arm_shared_neon_uint64x2_t uu____21 = - xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____21; - core_core_arch_arm_shared_neon_uint64x2_t uu____22 = - xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____22; - core_core_arch_arm_shared_neon_uint64x2_t uu____23 = - xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____23; - core_core_arch_arm_shared_neon_uint64x2_t uu____24 = - xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____24; - core_core_arch_arm_shared_neon_uint64x2_t uu____25 = - xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____25; - core_core_arch_arm_shared_neon_uint64x2_t uu____26 = - xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____26; - core_core_arch_arm_shared_neon_uint64x2_t uu____27 = - xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____27; - core_core_arch_arm_shared_neon_uint64x2_t uu____28 = - xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____28; - core_core_arch_arm_shared_neon_uint64x2_t uu____29 = - xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____29; - core_core_arch_arm_shared_neon_uint64x2_t uu____30 = - xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____30; - core_core_arch_arm_shared_neon_uint64x2_t uu____31 = - xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____31; - core_core_arch_arm_shared_neon_uint64x2_t uu____32 = - xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____32; -} - -static inline void pi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s) { - core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)5U, s->st, old, core_core_arch_arm_shared_neon_uint64x2_t[5U], - void *); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -static inline void chi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s) { - core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; - memcpy(old, s->st, - (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); - KRML_MAYBE_FOR5( - i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR5( - i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - and_not_xor(s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - s->st[i1][j] = uu____0;);); -} - -static inline void iota__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - size_t i) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = xor_constant( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); - s->st[0U][0U] = uu____0; -} - -static inline void -keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - theta_rho__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - pi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - chi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - iota__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s, i0); - } -} - -static inline void -absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block___72size_t0(uu____0, uu____1); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void load_block_full___72size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice); - Eurydice_slice buf[2U] = { - uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, - Eurydice_slice)}; - load_block___72size_t(uu____0, buf); -} - -static inline void load_block_full___72size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___72size_t(uu____0, uu____1); -} - -static inline void -absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], - uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)72U - (size_t)1U] = - (uint32_t)blocks[i0][(size_t)72U - (size_t)1U] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___72size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void store_block___72size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v1); - } - if ((size_t)72U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)72U - (size_t)8U, .end = (size_t)72U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice((size_t)16U, u, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - out[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)72U - (size_t)8U, .end = (size_t)72U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice( - (size_t)16U, u, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void store_block_full___72size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); - Eurydice_slice buf[2U] = { - uu____1, - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block___72size_t(uu____0, buf); - uint8_t uu____2[200U]; - memcpy(uu____2, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____2, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____3, (size_t)200U * sizeof(uint8_t)); -} - -static inline void store_block_full___72size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - uint8_t ret0[2U][200U]; - store_block_full___72size_t(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t[200U])); -} - -static inline void -squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full___72size_t0(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void store_block___72size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block___72size_t(a, b); -} - -static inline void -squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - store_block___72size_t0(s->st, out); -} - -static inline void -squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - store_block___72size_t0(s->st, out); -} - -static inline void -squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s, - Eurydice_slice out[2U]) { - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); - uint8_t b[2U][200U]; - store_block_full___72size_t0(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void -keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); - absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( - uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)72U; - size_t last = outlen - outlen % (size_t)72U; - if (blocks == (size_t)0U) { - squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - &s, out); - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____4 = split_at_mut_n(out, (size_t)72U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - &s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____5 = split_at_mut_n(o1, (size_t)72U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - &s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - s, o1); - } - } -} - -static inline void keccakx2___72size_t_6uint8_t(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( - uu____0, out); -} - -void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[64U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice uu____1 = digest; - Eurydice_slice buf[2U] = { - uu____1, - Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice)}; - keccakx2___72size_t_6uint8_t(uu____0, buf); -} - -static inline void load_block___136size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____1 = - libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; - core_core_arch_arm_shared_neon_uint64x2_t uu____2 = - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____3 = - libcrux_intrinsics_arm64__veorq_u64( - uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; - } - if ((size_t)136U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)136U - (size_t)8U, .end = (size_t)136U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst0, ret); - uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); - u[0U] = uu____4; - uint8_t ret0[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)136U - (size_t)8U, .end = (size_t)136U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst, ret0); - uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); - u[1U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____6 = - libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - s[i][j] = uu____6; - } -} - -static inline void load_block___136size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block___136size_t(uu____0, uu____1); -} - -static inline void -absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block___136size_t0(uu____0, uu____1); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void load_block_full___136size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice); - Eurydice_slice buf[2U] = { - uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, - Eurydice_slice)}; - load_block___136size_t(uu____0, buf); -} - -static inline void load_block_full___136size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___136size_t(uu____0, uu____1); -} - -static inline void -absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], - uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)136U - (size_t)1U] = - (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___136size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void store_block___136size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v1); - } - if ((size_t)136U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)136U - (size_t)8U, .end = (size_t)136U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice((size_t)16U, u, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - out[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)136U - (size_t)8U, .end = (size_t)136U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice( - (size_t)16U, u, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void store_block_full___136size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); - Eurydice_slice buf[2U] = { - uu____1, - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block___136size_t(uu____0, buf); - uint8_t uu____2[200U]; - memcpy(uu____2, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____2, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____3, (size_t)200U * sizeof(uint8_t)); -} - -static inline void store_block_full___136size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - uint8_t ret0[2U][200U]; - store_block_full___136size_t(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t[200U])); -} - -static inline void -squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full___136size_t0(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void store_block___136size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block___136size_t(a, b); -} - -static inline void -squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - store_block___136size_t0(s->st, out); -} - -static inline void -squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - store_block___136size_t0(s->st, out); -} - -static inline void -squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s, - Eurydice_slice out[2U]) { - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); - uint8_t b[2U][200U]; - store_block_full___136size_t0(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void -keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); - absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( - uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - &s, out); - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____4 = split_at_mut_n(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - &s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____5 = split_at_mut_n(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - &s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - s, o1); - } - } -} - -static inline void keccakx2___136size_t_6uint8_t(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( - uu____0, out); -} - -void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[32U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice uu____1 = digest; - Eurydice_slice buf[2U] = { - uu____1, - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)}; - keccakx2___136size_t_6uint8_t(uu____0, buf); -} - -static inline void -absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], - uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)136U - (size_t)1U] = - (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___136size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void -keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); - absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( - uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - &s, out); - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____4 = split_at_mut_n(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - &s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____5 = split_at_mut_n(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - &s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - s, o1); - } - } -} - -static inline void keccakx2___136size_t_31uint8_t(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( - uu____0, out); -} - -void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, - Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf0[2U] = {input0, input1}; - Eurydice_slice buf[2U] = {out0, out1}; - keccakx2___136size_t_31uint8_t(buf0, buf); -} - -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t +inline void libcrux_sha3_neon_sha512(Eurydice_slice digest, + Eurydice_slice data) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_neon_sha256(Eurydice_slice digest, + Eurydice_slice data) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline libcrux_sha3_neon_x2_incremental_KeccakState2 libcrux_sha3_neon_x2_incremental_shake128_init(void) { - return new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); -} - -static inline void load_block___168size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____1 = - libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; - core_core_arch_arm_shared_neon_uint64x2_t uu____2 = - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____3 = - libcrux_intrinsics_arm64__veorq_u64( - uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; - } - if ((size_t)168U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)168U - (size_t)8U, .end = (size_t)168U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst0, ret); - uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); - u[0U] = uu____4; - uint8_t ret0[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)168U - (size_t)8U, .end = (size_t)168U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst, ret0); - uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); - u[1U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____6 = - libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - s[i][j] = uu____6; - } -} - -static inline void load_block_full___168size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice); - Eurydice_slice buf[2U] = { - uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, - Eurydice_slice)}; - load_block___168size_t(uu____0, buf); -} - -static inline void load_block_full___168size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___168size_t(uu____0, uu____1); -} - -static inline void -absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], - uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)168U - (size_t)1U] = - (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___168size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice data0, Eurydice_slice data1) { - Eurydice_slice buf[2U] = {data0, data1}; - absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t_31uint8_t( - s, buf); -} - -static inline void store_block___168size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v1); - } - if ((size_t)168U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)168U - (size_t)8U, .end = (size_t)168U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice((size_t)16U, u, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - out[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)168U - (size_t)8U, .end = (size_t)168U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice( - (size_t)16U, u, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void store_block___168size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block___168size_t(a, b); -} - -static inline void -squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - store_block___168size_t0(s->st, out); -} - -void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf[2U] = {out0, out1}; - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - s, buf); -} - -static inline void -squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - store_block___168size_t0(s->st, out); -} - -static inline void -squeeze_first_three_blocks__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ uu____0 = - split_at_mut_n(out, (size_t)168U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____0.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o10[2U]; - memcpy(o10, uu____0.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - s, o0); - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ uu____1 = - split_at_mut_n(o10, (size_t)168U); - Eurydice_slice o1[2U]; - memcpy(o1, uu____1.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o2[2U]; - memcpy(o2, uu____1.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - s, o1); - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - s, o2); -} - -void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf[2U] = {out0, out1}; - squeeze_first_three_blocks__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - s, buf); -} - -static inline void load_block___144size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____1 = - libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; - core_core_arch_arm_shared_neon_uint64x2_t uu____2 = - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____3 = - libcrux_intrinsics_arm64__veorq_u64( - uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; - } - if ((size_t)144U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)144U - (size_t)8U, .end = (size_t)144U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst0, ret); - uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); - u[0U] = uu____4; - uint8_t ret0[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)144U - (size_t)8U, .end = (size_t)144U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst, ret0); - uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); - u[1U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____6 = - libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - s[i][j] = uu____6; - } -} - -static inline void load_block___144size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block___144size_t(uu____0, uu____1); -} - -static inline void -absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block___144size_t0(uu____0, uu____1); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void load_block_full___144size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice); - Eurydice_slice buf[2U] = { - uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, - Eurydice_slice)}; - load_block___144size_t(uu____0, buf); -} - -static inline void load_block_full___144size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___144size_t(uu____0, uu____1); -} - -static inline void -absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], - uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)144U - (size_t)1U] = - (uint32_t)blocks[i0][(size_t)144U - (size_t)1U] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___144size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void store_block___144size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v1); - } - if ((size_t)144U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)144U - (size_t)8U, .end = (size_t)144U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice((size_t)16U, u, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - out[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)144U - (size_t)8U, .end = (size_t)144U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice( - (size_t)16U, u, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void store_block_full___144size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); - Eurydice_slice buf[2U] = { - uu____1, - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block___144size_t(uu____0, buf); - uint8_t uu____2[200U]; - memcpy(uu____2, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____2, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____3, (size_t)200U * sizeof(uint8_t)); -} - -static inline void store_block_full___144size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - uint8_t ret0[2U][200U]; - store_block_full___144size_t(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t[200U])); -} - -static inline void -squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full___144size_t0(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void store_block___144size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block___144size_t(a, b); -} - -static inline void -squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - store_block___144size_t0(s->st, out); -} - -static inline void -squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - store_block___144size_t0(s->st, out); -} - -static inline void -squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s, - Eurydice_slice out[2U]) { - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); - uint8_t b[2U][200U]; - store_block_full___144size_t0(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void -keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____1, i0 * (size_t)144U, (size_t)144U, ret); - absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); - absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( - uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; - if (blocks == (size_t)0U) { - squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - &s, out); - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____4 = split_at_mut_n(out, (size_t)144U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - &s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____5 = split_at_mut_n(o1, (size_t)144U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - &s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - s, o1); - } - } -} - -static inline void keccakx2___144size_t_6uint8_t(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( - uu____0, out); + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice data0, + Eurydice_slice data1) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, + Eurydice_slice out1) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, + Eurydice_slice out1) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } inline void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[28U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice uu____1 = digest; - Eurydice_slice buf[2U] = { - uu____1, - Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice)}; - keccakx2___144size_t_6uint8_t(uu____0, buf); -} - -static inline void load_block___104size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____1 = - libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; - core_core_arch_arm_shared_neon_uint64x2_t uu____2 = - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____3 = - libcrux_intrinsics_arm64__veorq_u64( - uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; - } - if ((size_t)104U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)104U - (size_t)8U, .end = (size_t)104U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst0, ret); - uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); - u[0U] = uu____4; - uint8_t ret0[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)104U - (size_t)8U, .end = (size_t)104U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst, ret0); - uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); - u[1U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____6 = - libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - s[i][j] = uu____6; - } -} - -static inline void load_block___104size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block___104size_t(uu____0, uu____1); -} - -static inline void -absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block___104size_t0(uu____0, uu____1); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void load_block_full___104size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice); - Eurydice_slice buf[2U] = { - uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, - Eurydice_slice)}; - load_block___104size_t(uu____0, buf); -} - -static inline void load_block_full___104size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___104size_t(uu____0, uu____1); -} - -static inline void -absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], - uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)104U - (size_t)1U] = - (uint32_t)blocks[i0][(size_t)104U - (size_t)1U] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___104size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void store_block___104size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v1); - } - if ((size_t)104U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)104U - (size_t)8U, .end = (size_t)104U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice((size_t)16U, u, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - out[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)104U - (size_t)8U, .end = (size_t)104U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice( - (size_t)16U, u, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void store_block_full___104size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); - Eurydice_slice buf[2U] = { - uu____1, - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block___104size_t(uu____0, buf); - uint8_t uu____2[200U]; - memcpy(uu____2, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____2, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____3, (size_t)200U * sizeof(uint8_t)); -} - -static inline void store_block_full___104size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - uint8_t ret0[2U][200U]; - store_block_full___104size_t(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t[200U])); -} - -static inline void -squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full___104size_t0(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void store_block___104size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block___104size_t(a, b); -} - -static inline void -squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - store_block___104size_t0(s->st, out); -} - -static inline void -squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - store_block___104size_t0(s->st, out); -} - -static inline void -squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s, - Eurydice_slice out[2U]) { - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); - uint8_t b[2U][200U]; - store_block_full___104size_t0(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void -keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____1, i0 * (size_t)104U, (size_t)104U, ret); - absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); - absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( - uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; - if (blocks == (size_t)0U) { - squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - &s, out); - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____4 = split_at_mut_n(out, (size_t)104U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - &s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____5 = split_at_mut_n(o1, (size_t)104U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - &s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - s, o1); - } - } -} - -static inline void keccakx2___104size_t_6uint8_t(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( - uu____0, out); + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } inline void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[48U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice uu____1 = digest; - Eurydice_slice buf[2U] = { - uu____1, - Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice)}; - keccakx2___104size_t_6uint8_t(uu____0, buf); + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index f8b0db637..519ed63a4 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_sha3_neon_H @@ -17,11 +17,6 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_sha3_internal.h" -typedef struct - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t_s { - core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t; - void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); @@ -29,23 +24,24 @@ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t +typedef struct libcrux_sha3_neon_x2_incremental_KeccakState2_s { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[2U]; +} libcrux_sha3_neon_x2_incremental_KeccakState2; + +libcrux_sha3_neon_x2_incremental_KeccakState2 libcrux_sha3_neon_x2_incremental_shake128_init(void); void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice data0, Eurydice_slice data1); + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice data0, + Eurydice_slice data1); void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out0, Eurydice_slice out1); + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, + Eurydice_slice out1); void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out0, Eurydice_slice out1); + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, + Eurydice_slice out1); void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data);