diff --git a/benchmarks/kyber.cc b/benchmarks/kyber.cc index af6791e9..50e16108 100644 --- a/benchmarks/kyber.cc +++ b/benchmarks/kyber.cc @@ -19,7 +19,7 @@ kyber768_key_generation(benchmark::State& state) uint8_t secret_key[KYBER768_SECRETKEYBYTES]; for (auto _ : state) { - Libcrux_Kyber768_GenerateKeyPair(public_key, secret_key, randomness); + Libcrux_Kyber768_GenerateKeyPair(public_key, secret_key, randomness); } } @@ -38,8 +38,8 @@ kyber768_encapsulation(benchmark::State& state) Libcrux_Kyber768_GenerateKeyPair(public_key, secret_key, randomness); for (auto _ : state) { - Libcrux_Kyber768_Encapsulate( - ciphertext, sharedSecret, &public_key, randomness); + Libcrux_Kyber768_Encapsulate( + ciphertext, sharedSecret, &public_key, randomness); } } @@ -62,7 +62,7 @@ kyber768_decapsulation(benchmark::State& state) ciphertext, sharedSecret, &public_key, randomness); for (auto _ : state) { - Libcrux_Kyber768_Decapsulate(sharedSecret, &ciphertext, &secret_key); + Libcrux_Kyber768_Decapsulate(sharedSecret, &ciphertext, &secret_key); } } diff --git a/libcrux/include/Eurydice.h b/libcrux/include/Eurydice.h index a0b7bdd9..d86dcc05 100644 --- a/libcrux/include/Eurydice.h +++ b/libcrux/include/Eurydice.h @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice ../libcrux_kyber.llbc F* version: d0aa54cf - KaRaMeL version: b329675d + KaRaMeL version: 8e0595bd */ #ifndef __Eurydice_H diff --git a/libcrux/include/libcrux_kyber.h b/libcrux/include/libcrux_kyber.h index 95223555..e0050d85 100644 --- a/libcrux/include/libcrux_kyber.h +++ b/libcrux/include/libcrux_kyber.h @@ -1,8 +1,7 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice ../libcrux_kyber.llbc - F* version: d0aa54cf - KaRaMeL version: b329675d + KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice + ../libcrux_kyber.llbc F* version: d0aa54cf KaRaMeL version: 8e0595bd */ #ifndef __libcrux_kyber_H @@ -33,7 +32,9 @@ extern const uint8_t libcrux_kyber_arithmetic_MONTGOMERY_SHIFT; extern const int32_t libcrux_kyber_arithmetic_MONTGOMERY_R; -uint32_t libcrux_kyber_arithmetic_get_n_least_significant_bits(uint8_t n, uint32_t value); +uint32_t +libcrux_kyber_arithmetic_get_n_least_significant_bits(uint8_t n, + uint32_t value); extern const int64_t libcrux_kyber_arithmetic_BARRETT_SHIFT; @@ -41,33 +42,40 @@ extern const int64_t libcrux_kyber_arithmetic_BARRETT_R; extern const int64_t libcrux_kyber_arithmetic_BARRETT_MULTIPLIER; -static inline int64_t core_convert_num__i64_59__from(int32_t x0); +static inline int64_t +core_convert_num__i64_59__from(int32_t x0); -int32_t libcrux_kyber_arithmetic_barrett_reduce(int32_t value); +int32_t +libcrux_kyber_arithmetic_barrett_reduce(int32_t value); extern const uint32_t libcrux_kyber_arithmetic_INVERSE_OF_MODULUS_MOD_R; -int32_t libcrux_kyber_arithmetic_montgomery_reduce(int32_t value); +int32_t +libcrux_kyber_arithmetic_montgomery_reduce(int32_t value); -int32_t libcrux_kyber_arithmetic_montgomery_multiply_sfe_by_fer(int32_t fe, int32_t fer); +int32_t +libcrux_kyber_arithmetic_montgomery_multiply_sfe_by_fer(int32_t fe, + int32_t fer); -extern const int32_t libcrux_kyber_arithmetic_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS; +extern const int32_t + libcrux_kyber_arithmetic_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS; -int32_t libcrux_kyber_arithmetic_to_standard_domain(int32_t mfe); +int32_t +libcrux_kyber_arithmetic_to_standard_domain(int32_t mfe); -uint16_t libcrux_kyber_arithmetic_to_unsigned_representative(int32_t fe); +uint16_t +libcrux_kyber_arithmetic_to_unsigned_representative(int32_t fe); typedef int32_t libcrux_kyber_arithmetic_PolynomialRingElement[256U]; void -libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement_1__clone( - int32_t (*self)[256U], - int32_t ret[256U] -); + libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement_1__clone( + int32_t (*self)[256U], + int32_t ret[256U]); -extern const -int32_t -libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement__ZERO[256U]; +extern const int32_t + libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement__ZERO + [256U]; #define core_cmp_Less 0 #define core_cmp_Equal 1 @@ -84,15 +92,13 @@ typedef struct core_option_Option__size_t_s { core_option_Option__size_t_tags tag; size_t f0; -} -core_option_Option__size_t; +} core_option_Option__size_t; typedef struct K___size_t_core_option_Option_size_t_s { size_t fst; core_option_Option__size_t snd; -} -K___size_t_core_option_Option_size_t; +} K___size_t_core_option_Option_size_t; #define core_result_Ok 0 #define core_result_Err 1 @@ -103,35 +109,40 @@ typedef struct core_result_Result_____core_num_nonzero_NonZeroUsize_s { core_result_Result_____core_num_nonzero_NonZeroUsize_tags tag; core_num_nonzero_NonZeroUsize f0; -} -core_result_Result_____core_num_nonzero_NonZeroUsize; +} core_result_Result_____core_num_nonzero_NonZeroUsize; -static inline size_t core_clone_impls__usize_5__clone(size_t *x0); +static inline size_t +core_clone_impls__usize_5__clone(size_t* x0); -static inline bool core_cmp_impls__usize_21__eq(size_t *x0, size_t *x1); +static inline bool +core_cmp_impls__usize_21__eq(size_t* x0, size_t* x1); -static inline bool core_cmp_impls__usize_21__ne(size_t *x0, size_t *x1); +static inline bool +core_cmp_impls__usize_21__ne(size_t* x0, size_t* x1); typedef struct core_option_Option__core_cmp_Ordering_s { core_option_Option__size_t_tags tag; core_cmp_Ordering f0; -} -core_option_Option__core_cmp_Ordering; +} core_option_Option__core_cmp_Ordering; static inline core_option_Option__core_cmp_Ordering -core_cmp_impls__usize_54__partial_cmp(size_t *x0, size_t *x1); +core_cmp_impls__usize_54__partial_cmp(size_t* x0, size_t* x1); -static inline bool core_cmp_impls__usize_54__lt(size_t *x0, size_t *x1); +static inline bool +core_cmp_impls__usize_54__lt(size_t* x0, size_t* x1); -static inline bool core_cmp_impls__usize_54__le(size_t *x0, size_t *x1); +static inline bool +core_cmp_impls__usize_54__le(size_t* x0, size_t* x1); -static inline bool core_cmp_impls__usize_54__ge(size_t *x0, size_t *x1); +static inline bool +core_cmp_impls__usize_54__ge(size_t* x0, size_t* x1); -static inline bool core_cmp_impls__usize_54__gt(size_t *x0, size_t *x1); +static inline bool +core_cmp_impls__usize_54__gt(size_t* x0, size_t* x1); static inline core_option_Option__size_t -core_iter_range__usize_37__steps_between(size_t *x0, size_t *x1); +core_iter_range__usize_37__steps_between(size_t* x0, size_t* x1); static inline core_option_Option__size_t core_iter_range__usize_37__forward_checked(size_t x0, size_t x1); @@ -139,101 +150,121 @@ core_iter_range__usize_37__forward_checked(size_t x0, size_t x1); static inline core_option_Option__size_t core_iter_range__usize_37__backward_checked(size_t x0, size_t x1); -static inline size_t core_iter_range__usize_37__forward_unchecked(size_t x0, size_t x1); +static inline size_t +core_iter_range__usize_37__forward_unchecked(size_t x0, size_t x1); -static inline size_t core_iter_range__usize_37__backward_unchecked(size_t x0, size_t x1); +static inline size_t +core_iter_range__usize_37__backward_unchecked(size_t x0, size_t x1); -static inline size_t core_iter_range__usize_37__forward(size_t x0, size_t x1); +static inline size_t +core_iter_range__usize_37__forward(size_t x0, size_t x1); -static inline size_t core_iter_range__usize_37__backward(size_t x0, size_t x1); +static inline size_t +core_iter_range__usize_37__backward(size_t x0, size_t x1); -uint8_t libcrux_kyber_compress_compress_message_coefficient(uint16_t fe); +uint8_t +libcrux_kyber_compress_compress_message_coefficient(uint16_t fe); int32_t -libcrux_kyber_compress_compress_ciphertext_coefficient(uint8_t coefficient_bits, uint16_t fe); +libcrux_kyber_compress_compress_ciphertext_coefficient(uint8_t coefficient_bits, + uint16_t fe); -int32_t libcrux_kyber_compress_decompress_message_coefficient(int32_t fe); +int32_t +libcrux_kyber_compress_decompress_message_coefficient(int32_t fe); int32_t -libcrux_kyber_compress_decompress_ciphertext_coefficient(uint8_t coefficient_bits, int32_t fe); +libcrux_kyber_compress_decompress_ciphertext_coefficient( + uint8_t coefficient_bits, + int32_t fe); -static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x0, uint16_t x1); +static inline uint16_t +core_num__u16_7__wrapping_add(uint16_t x0, uint16_t x1); -uint8_t libcrux_kyber_constant_time_ops_is_non_zero(uint8_t value); +uint8_t +libcrux_kyber_constant_time_ops_is_non_zero(uint8_t value); -static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x0, uint8_t x1); +static inline uint8_t +core_num__u8_6__wrapping_sub(uint8_t x0, uint8_t x1); void libcrux_kyber_constant_time_ops_select_shared_secret_in_constant_time( Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, - uint8_t ret[32U] -); + uint8_t ret[32U]); -extern void libcrux_digest_sha3_512(Eurydice_slice x0, uint8_t x1[64U]); +extern void +libcrux_digest_sha3_512(Eurydice_slice x0, uint8_t x1[64U]); -void libcrux_kyber_hash_functions_G(Eurydice_slice input, uint8_t ret[64U]); +void +libcrux_kyber_hash_functions_G(Eurydice_slice input, uint8_t ret[64U]); -extern void libcrux_digest_sha3_256(Eurydice_slice x0, uint8_t x1[32U]); +extern void +libcrux_digest_sha3_256(Eurydice_slice x0, uint8_t x1[32U]); -void libcrux_kyber_hash_functions_H(Eurydice_slice input, uint8_t ret[32U]); +void +libcrux_kyber_hash_functions_H(Eurydice_slice input, uint8_t ret[32U]); -extern bool libcrux_platform_simd256_support(void); +extern bool +libcrux_platform_simd256_support(void); -static inline uint8_t core_clone_impls__u8_6__clone(uint8_t *x0); +static inline uint8_t +core_clone_impls__u8_6__clone(uint8_t* x0); typedef struct K___uint8_t_uint8_t_uint8_t_s { uint8_t fst; uint8_t snd; uint8_t thd; -} -K___uint8_t_uint8_t_uint8_t; +} K___uint8_t_uint8_t_uint8_t; K___uint8_t_uint8_t_uint8_t -libcrux_kyber_serialize_compress_coefficients_3(uint16_t coefficient1, uint16_t coefficient2); +libcrux_kyber_serialize_compress_coefficients_3(uint16_t coefficient1, + uint16_t coefficient2); void -libcrux_kyber_serialize_serialize_uncompressed_ring_element( - int32_t re[256U], - uint8_t ret[384U] -); +libcrux_kyber_serialize_serialize_uncompressed_ring_element(int32_t re[256U], + uint8_t ret[384U]); void libcrux_kyber_serialize_deserialize_to_uncompressed_ring_element( Eurydice_slice serialized, - int32_t ret[256U] -); + int32_t ret[256U]); static uint32_t core_num__u32_8__BITS; -static inline uint32_t core_clone_impls__u32_8__clone(uint32_t *x0); +static inline uint32_t +core_clone_impls__u32_8__clone(uint32_t* x0); -static inline bool core_cmp_impls__u32_24__eq(uint32_t *x0, uint32_t *x1); +static inline bool +core_cmp_impls__u32_24__eq(uint32_t* x0, uint32_t* x1); -static inline bool core_cmp_impls__u32_24__ne(uint32_t *x0, uint32_t *x1); +static inline bool +core_cmp_impls__u32_24__ne(uint32_t* x0, uint32_t* x1); static inline core_option_Option__core_cmp_Ordering -core_cmp_impls__u32_60__partial_cmp(uint32_t *x0, uint32_t *x1); +core_cmp_impls__u32_60__partial_cmp(uint32_t* x0, uint32_t* x1); -static inline bool core_cmp_impls__u32_60__lt(uint32_t *x0, uint32_t *x1); +static inline bool +core_cmp_impls__u32_60__lt(uint32_t* x0, uint32_t* x1); -static inline bool core_cmp_impls__u32_60__le(uint32_t *x0, uint32_t *x1); +static inline bool +core_cmp_impls__u32_60__le(uint32_t* x0, uint32_t* x1); -static inline bool core_cmp_impls__u32_60__ge(uint32_t *x0, uint32_t *x1); +static inline bool +core_cmp_impls__u32_60__ge(uint32_t* x0, uint32_t* x1); -static inline bool core_cmp_impls__u32_60__gt(uint32_t *x0, uint32_t *x1); +static inline bool +core_cmp_impls__u32_60__gt(uint32_t* x0, uint32_t* x1); static inline core_option_Option__size_t -core_iter_range__u32_33__steps_between(uint32_t *x0, uint32_t *x1); +core_iter_range__u32_33__steps_between(uint32_t* x0, uint32_t* x1); typedef struct core_option_Option__uint32_t_s { core_option_Option__size_t_tags tag; uint32_t f0; -} -core_option_Option__uint32_t; +} core_option_Option__uint32_t; static inline core_option_Option__uint32_t core_iter_range__u32_33__forward_checked(uint32_t x0, size_t x1); @@ -241,53 +272,61 @@ core_iter_range__u32_33__forward_checked(uint32_t x0, size_t x1); static inline core_option_Option__uint32_t core_iter_range__u32_33__backward_checked(uint32_t x0, size_t x1); -static inline uint32_t core_iter_range__u32_33__forward_unchecked(uint32_t x0, size_t x1); +static inline uint32_t +core_iter_range__u32_33__forward_unchecked(uint32_t x0, size_t x1); -static inline uint32_t core_iter_range__u32_33__backward_unchecked(uint32_t x0, size_t x1); +static inline uint32_t +core_iter_range__u32_33__backward_unchecked(uint32_t x0, size_t x1); -static inline uint32_t core_iter_range__u32_33__forward(uint32_t x0, size_t x1); +static inline uint32_t +core_iter_range__u32_33__forward(uint32_t x0, size_t x1); -static inline uint32_t core_iter_range__u32_33__backward(uint32_t x0, size_t x1); +static inline uint32_t +core_iter_range__u32_33__backward(uint32_t x0, size_t x1); typedef struct core_ops_range_Range__uint32_t_s { uint32_t start; uint32_t end; -} -core_ops_range_Range__uint32_t; +} core_ops_range_Range__uint32_t; void libcrux_kyber_sampling_sample_from_binomial_distribution_2( Eurydice_slice randomness, - int32_t ret[256U] -); + int32_t ret[256U]); -static inline int32_t core_clone_impls__i32_14__clone(int32_t *x0); +static inline int32_t +core_clone_impls__i32_14__clone(int32_t* x0); -static inline bool core_cmp_impls__i32_30__eq(int32_t *x0, int32_t *x1); +static inline bool +core_cmp_impls__i32_30__eq(int32_t* x0, int32_t* x1); -static inline bool core_cmp_impls__i32_30__ne(int32_t *x0, int32_t *x1); +static inline bool +core_cmp_impls__i32_30__ne(int32_t* x0, int32_t* x1); static inline core_option_Option__core_cmp_Ordering -core_cmp_impls__i32_72__partial_cmp(int32_t *x0, int32_t *x1); +core_cmp_impls__i32_72__partial_cmp(int32_t* x0, int32_t* x1); -static inline bool core_cmp_impls__i32_72__lt(int32_t *x0, int32_t *x1); +static inline bool +core_cmp_impls__i32_72__lt(int32_t* x0, int32_t* x1); -static inline bool core_cmp_impls__i32_72__le(int32_t *x0, int32_t *x1); +static inline bool +core_cmp_impls__i32_72__le(int32_t* x0, int32_t* x1); -static inline bool core_cmp_impls__i32_72__ge(int32_t *x0, int32_t *x1); +static inline bool +core_cmp_impls__i32_72__ge(int32_t* x0, int32_t* x1); -static inline bool core_cmp_impls__i32_72__gt(int32_t *x0, int32_t *x1); +static inline bool +core_cmp_impls__i32_72__gt(int32_t* x0, int32_t* x1); static inline core_option_Option__size_t -core_iter_range__i32_34__steps_between(int32_t *x0, int32_t *x1); +core_iter_range__i32_34__steps_between(int32_t* x0, int32_t* x1); typedef struct core_option_Option__int32_t_s { core_option_Option__size_t_tags tag; int32_t f0; -} -core_option_Option__int32_t; +} core_option_Option__int32_t; static inline core_option_Option__int32_t core_iter_range__i32_34__forward_checked(int32_t x0, size_t x1); @@ -295,80 +334,76 @@ core_iter_range__i32_34__forward_checked(int32_t x0, size_t x1); static inline core_option_Option__int32_t core_iter_range__i32_34__backward_checked(int32_t x0, size_t x1); -static inline int32_t core_iter_range__i32_34__forward_unchecked(int32_t x0, size_t x1); +static inline int32_t +core_iter_range__i32_34__forward_unchecked(int32_t x0, size_t x1); -static inline int32_t core_iter_range__i32_34__backward_unchecked(int32_t x0, size_t x1); +static inline int32_t +core_iter_range__i32_34__backward_unchecked(int32_t x0, size_t x1); -static inline int32_t core_iter_range__i32_34__forward(int32_t x0, size_t x1); +static inline int32_t +core_iter_range__i32_34__forward(int32_t x0, size_t x1); -static inline int32_t core_iter_range__i32_34__backward(int32_t x0, size_t x1); +static inline int32_t +core_iter_range__i32_34__backward(int32_t x0, size_t x1); typedef struct core_ops_range_Range__int32_t_s { int32_t start; int32_t end; -} -core_ops_range_Range__int32_t; +} core_ops_range_Range__int32_t; void libcrux_kyber_sampling_sample_from_binomial_distribution_3( Eurydice_slice randomness, - int32_t ret[256U] -); + int32_t ret[256U]); extern const int32_t libcrux_kyber_ntt_ZETAS_TIMES_MONTGOMERY_R[128U]; void -libcrux_kyber_ntt_ntt_at_layer( - size_t *zeta_i, - int32_t re[256U], - size_t layer, - size_t initial_coefficient_bound, - int32_t ret[256U] -); +libcrux_kyber_ntt_ntt_at_layer(size_t* zeta_i, + int32_t re[256U], + size_t layer, + size_t initial_coefficient_bound, + int32_t ret[256U]); void -libcrux_kyber_ntt_ntt_at_layer_3( - size_t *zeta_i, - int32_t re[256U], - size_t layer, - int32_t ret[256U] -); +libcrux_kyber_ntt_ntt_at_layer_3(size_t* zeta_i, + int32_t re[256U], + size_t layer, + int32_t ret[256U]); void -libcrux_kyber_ntt_ntt_binomially_sampled_ring_element(int32_t re[256U], int32_t ret[256U]); +libcrux_kyber_ntt_ntt_binomially_sampled_ring_element(int32_t re[256U], + int32_t ret[256U]); -void libcrux_kyber_sampling_rejection_sampling_panic_with_diagnostic(void); +void +libcrux_kyber_sampling_rejection_sampling_panic_with_diagnostic(void); typedef struct core_option_Option__Eurydice_slice_uint8_t_s { core_option_Option__size_t_tags tag; Eurydice_slice f0; -} -core_option_Option__Eurydice_slice_uint8_t; +} core_option_Option__Eurydice_slice_uint8_t; void libcrux_kyber_sampling_sample_from_uniform_distribution( uint8_t randomness[840U], - int32_t ret[256U] -); + int32_t ret[256U]); typedef struct K___int32_t_int32_t_s { int32_t fst; int32_t snd; -} -K___int32_t_int32_t; +} K___int32_t_int32_t; K___int32_t_int32_t -libcrux_kyber_ntt_ntt_multiply_binomials( - K___int32_t_int32_t _, - K___int32_t_int32_t _0, - int32_t zeta -); +libcrux_kyber_ntt_ntt_multiply_binomials(K___int32_t_int32_t _, + K___int32_t_int32_t _0, + int32_t zeta); -void -libcrux_kyber_ntt_ntt_multiply(int32_t (*lhs)[256U], int32_t (*rhs)[256U], int32_t ret[256U]); +void libcrux_kyber_ntt_ntt_multiply(int32_t (*lhs)[256U], + int32_t (*rhs)[256U], + int32_t ret[256U]); typedef struct K___uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_s { @@ -377,19 +412,16 @@ typedef struct K___uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_s uint8_t thd; uint8_t f3; uint8_t f4; -} -K___uint8_t_uint8_t_uint8_t_uint8_t_uint8_t; +} K___uint8_t_uint8_t_uint8_t_uint8_t_uint8_t; K___uint8_t_uint8_t_uint8_t_uint8_t_uint8_t -libcrux_kyber_serialize_compress_coefficients_10( - int32_t coefficient1, - int32_t coefficient2, - int32_t coefficient3, - int32_t coefficient4 -); +libcrux_kyber_serialize_compress_coefficients_10(int32_t coefficient1, + int32_t coefficient2, + int32_t coefficient3, + int32_t coefficient4); typedef struct -K___uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_s + K___uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_s { uint8_t fst; uint8_t snd; @@ -402,46 +434,38 @@ K___uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint uint8_t f8; uint8_t f9; uint8_t f10; -} -K___uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t; +} K___uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t; K___uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t -libcrux_kyber_serialize_compress_coefficients_11( - int32_t coefficient1, - int32_t coefficient2, - int32_t coefficient3, - int32_t coefficient4, - int32_t coefficient5, - int32_t coefficient6, - int32_t coefficient7, - int32_t coefficient8 -); - -void -libcrux_kyber_ntt_invert_ntt_at_layer( - size_t *zeta_i, - int32_t re[256U], - size_t layer, - int32_t ret[256U] -); +libcrux_kyber_serialize_compress_coefficients_11(int32_t coefficient1, + int32_t coefficient2, + int32_t coefficient3, + int32_t coefficient4, + int32_t coefficient5, + int32_t coefficient6, + int32_t coefficient7, + int32_t coefficient8); + +void +libcrux_kyber_ntt_invert_ntt_at_layer(size_t* zeta_i, + int32_t re[256U], + size_t layer, + int32_t ret[256U]); void libcrux_kyber_serialize_deserialize_then_decompress_message( uint8_t serialized[32U], - int32_t ret[256U] -); + int32_t ret[256U]); K___uint8_t_uint8_t_uint8_t_uint8_t_uint8_t -libcrux_kyber_serialize_compress_coefficients_5( - uint8_t coefficient2, - uint8_t coefficient1, - uint8_t coefficient4, - uint8_t coefficient3, - uint8_t coefficient5, - uint8_t coefficient7, - uint8_t coefficient6, - uint8_t coefficient8 -); +libcrux_kyber_serialize_compress_coefficients_5(uint8_t coefficient2, + uint8_t coefficient1, + uint8_t coefficient4, + uint8_t coefficient3, + uint8_t coefficient5, + uint8_t coefficient7, + uint8_t coefficient6, + uint8_t coefficient8); typedef struct K___int32_t_int32_t_int32_t_int32_t_s { @@ -449,25 +473,22 @@ typedef struct K___int32_t_int32_t_int32_t_int32_t_s int32_t snd; int32_t thd; int32_t f3; -} -K___int32_t_int32_t_int32_t_int32_t; +} K___int32_t_int32_t_int32_t_int32_t; K___int32_t_int32_t_int32_t_int32_t -libcrux_kyber_serialize_decompress_coefficients_10( - int32_t byte2, - int32_t byte1, - int32_t byte3, - int32_t byte4, - int32_t byte5 -); +libcrux_kyber_serialize_decompress_coefficients_10(int32_t byte2, + int32_t byte1, + int32_t byte3, + int32_t byte4, + int32_t byte5); void libcrux_kyber_serialize_deserialize_then_decompress_10( Eurydice_slice serialized, - int32_t ret[256U] -); + int32_t ret[256U]); -typedef struct K___int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_s +typedef struct + K___int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_s { int32_t fst; int32_t snd; @@ -477,67 +498,59 @@ typedef struct K___int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32 int32_t f5; int32_t f6; int32_t f7; -} -K___int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t; +} K___int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t; K___int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t -libcrux_kyber_serialize_decompress_coefficients_11( - int32_t byte2, - int32_t byte1, - int32_t byte3, - int32_t byte5, - int32_t byte4, - int32_t byte6, - int32_t byte7, - int32_t byte9, - int32_t byte8, - int32_t byte10, - int32_t byte11 -); +libcrux_kyber_serialize_decompress_coefficients_11(int32_t byte2, + int32_t byte1, + int32_t byte3, + int32_t byte5, + int32_t byte4, + int32_t byte6, + int32_t byte7, + int32_t byte9, + int32_t byte8, + int32_t byte10, + int32_t byte11); void libcrux_kyber_serialize_deserialize_then_decompress_11( Eurydice_slice serialized, - int32_t ret[256U] -); + int32_t ret[256U]); void -libcrux_kyber_ntt_ntt_at_layer_3328( - size_t *zeta_i, - int32_t re[256U], - size_t layer, - int32_t ret[256U] -); +libcrux_kyber_ntt_ntt_at_layer_3328(size_t* zeta_i, + int32_t re[256U], + size_t layer, + int32_t ret[256U]); -static inline uint8_t core_ops_bit__u8_29__bitand(uint8_t x0, uint8_t x1); +static inline uint8_t +core_ops_bit__u8_29__bitand(uint8_t x0, uint8_t x1); -static inline uint8_t core_ops_bit__u8_791__shr(uint8_t x0, int32_t x1); +static inline uint8_t +core_ops_bit__u8_791__shr(uint8_t x0, int32_t x1); -K___int32_t_int32_t libcrux_kyber_serialize_decompress_coefficients_4(uint8_t *byte); +K___int32_t_int32_t +libcrux_kyber_serialize_decompress_coefficients_4(uint8_t* byte); void -libcrux_kyber_serialize_deserialize_then_decompress_4( - Eurydice_slice serialized, - int32_t ret[256U] -); +libcrux_kyber_serialize_deserialize_then_decompress_4(Eurydice_slice serialized, + int32_t ret[256U]); K___int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t -libcrux_kyber_serialize_decompress_coefficients_5( - int32_t byte1, - int32_t byte2, - int32_t byte3, - int32_t byte4, - int32_t byte5 -); +libcrux_kyber_serialize_decompress_coefficients_5(int32_t byte1, + int32_t byte2, + int32_t byte3, + int32_t byte4, + int32_t byte5); void -libcrux_kyber_serialize_deserialize_then_decompress_5( - Eurydice_slice serialized, - int32_t ret[256U] -); +libcrux_kyber_serialize_deserialize_then_decompress_5(Eurydice_slice serialized, + int32_t ret[256U]); void -libcrux_kyber_serialize_compress_then_serialize_message(int32_t re[256U], uint8_t ret[32U]); +libcrux_kyber_serialize_compress_then_serialize_message(int32_t re[256U], + uint8_t ret[32U]); extern const size_t libcrux_kyber_kyber768_RANK_768; @@ -574,104 +587,94 @@ extern const size_t libcrux_kyber_kyber768_ETA2_RANDOMNESS_SIZE; extern const size_t libcrux_kyber_kyber768_IMPLICIT_REJECTION_HASH_INPUT_SIZE; void -libcrux_kyber_hash_functions_XOFx4___3size_t(uint8_t input[3U][34U], uint8_t ret[3U][840U]); +libcrux_kyber_hash_functions_XOFx4___3size_t(uint8_t input[3U][34U], + uint8_t ret[3U][840U]); void -libcrux_kyber_matrix_sample_matrix_A___3size_t( - uint8_t seed[34U], - bool transpose, - int32_t ret[3U][3U][256U] -); +libcrux_kyber_matrix_sample_matrix_A___3size_t(uint8_t seed[34U], + bool transpose, + int32_t ret[3U][3U][256U]); void -libcrux_kyber_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]); +libcrux_kyber_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, + uint8_t ret[34U]); void -libcrux_kyber_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]); +libcrux_kyber_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, + uint8_t ret[33U]); -void libcrux_kyber_hash_functions_PRF___128size_t(Eurydice_slice input, uint8_t ret[128U]); +void +libcrux_kyber_hash_functions_PRF___128size_t(Eurydice_slice input, + uint8_t ret[128U]); void libcrux_kyber_sampling_sample_from_binomial_distribution___2size_t( Eurydice_slice randomness, - int32_t ret[256U] -); + int32_t ret[256U]); -typedef struct K___libcrux_kyber_arithmetic_PolynomialRingElement_3size_t__uint8_t_s +typedef struct + K___libcrux_kyber_arithmetic_PolynomialRingElement_3size_t__uint8_t_s { int32_t fst[3U][256U]; uint8_t snd; -} -K___libcrux_kyber_arithmetic_PolynomialRingElement_3size_t__uint8_t; +} K___libcrux_kyber_arithmetic_PolynomialRingElement_3size_t__uint8_t; K___libcrux_kyber_arithmetic_PolynomialRingElement_3size_t__uint8_t libcrux_kyber_ind_cpa_sample_vector_cbd_then_ntt___3size_t_2size_t_128size_t( uint8_t prf_input[33U], - uint8_t domain_separator -); + uint8_t domain_separator); void -libcrux_kyber_arithmetic_add_to_ring_element___3size_t( - int32_t lhs[256U], - int32_t (*rhs)[256U], - int32_t ret[256U] -); +libcrux_kyber_arithmetic_add_to_ring_element___3size_t(int32_t lhs[256U], + int32_t (*rhs)[256U], + int32_t ret[256U]); -void -libcrux_kyber_matrix_compute_As_plus_e___3size_t( +void libcrux_kyber_matrix_compute_As_plus_e___3size_t( int32_t (*matrix_A)[3U][256U], int32_t (*s_as_ntt)[256U], int32_t (*error_as_ntt)[256U], - int32_t ret[3U][256U] -); + int32_t ret[3U][256U]); void libcrux_kyber_ind_cpa_serialize_secret_key___3size_t_1152size_t( int32_t key[3U][256U], - uint8_t ret[1152U] -); + uint8_t ret[1152U]); void libcrux_kyber_ind_cpa_serialize_public_key___3size_t_1152size_t_1184size_t( int32_t t_as_ntt[3U][256U], Eurydice_slice seed_for_a, - uint8_t ret[1184U] -); + uint8_t ret[1184U]); typedef struct K___uint8_t_1152size_t__uint8_t_1184size_t__s { uint8_t fst[1152U]; uint8_t snd[1184U]; -} -K___uint8_t_1152size_t__uint8_t_1184size_t_; +} K___uint8_t_1152size_t__uint8_t_1184size_t_; typedef struct K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t_s { Eurydice_slice fst; Eurydice_slice snd; -} -K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t; +} K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t; K___uint8_t_1152size_t__uint8_t_1184size_t_ libcrux_kyber_ind_cpa_generate_keypair___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -); + Eurydice_slice key_generation_seed); void libcrux_kyber_serialize_kem_secret_key___2400size_t( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, - uint8_t ret[2400U] -); + uint8_t ret[2400U]); typedef uint8_t libcrux_kyber_types_KyberPrivateKey___2400size_t[2400U]; void libcrux_kyber_types__libcrux_kyber__types__KyberPrivateKey_SIZE__8__from___2400size_t( uint8_t value[2400U], - uint8_t ret[2400U] -); + uint8_t ret[2400U]); typedef uint8_t libcrux_kyber_types_KyberPublicKey___1184size_t[1184U]; @@ -679,224 +682,199 @@ typedef struct libcrux_kyber_types_KyberKeyPair___2400size_t_1184size_t_s { uint8_t sk[2400U]; uint8_t pk[1184U]; -} -libcrux_kyber_types_KyberKeyPair___2400size_t_1184size_t; +} libcrux_kyber_types_KyberKeyPair___2400size_t_1184size_t; libcrux_kyber_types_KyberKeyPair___2400size_t_1184size_t libcrux_kyber_types__libcrux_kyber__types__KyberKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( uint8_t sk[2400U], - uint8_t pk[1184U] -); + uint8_t pk[1184U]); libcrux_kyber_types_KyberKeyPair___2400size_t_1184size_t libcrux_kyber_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U] -); + uint8_t randomness[64U]); libcrux_kyber_types_KyberKeyPair___2400size_t_1184size_t libcrux_kyber_kyber768_generate_key_pair_768(uint8_t randomness[64U]); void -libcrux_kyber_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]); +libcrux_kyber_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, + uint8_t ret[64U]); -uint8_t -*libcrux_kyber_types__libcrux_kyber__types__KyberPublicKey_SIZE__18__as_slice___1184size_t( - uint8_t (*self)[1184U] -); +uint8_t* + libcrux_kyber_types__libcrux_kyber__types__KyberPublicKey_SIZE__18__as_slice___1184size_t( + uint8_t (*self)[1184U]); void libcrux_kyber_ind_cpa_deserialize_public_key___3size_t_1152size_t( Eurydice_slice public_key, - int32_t ret[3U][256U] -); + int32_t ret[3U][256U]); void libcrux_kyber_ind_cpa_sample_ring_element_cbd___3size_t_128size_t_2size_t( - uint8_t *prf_input, - uint8_t *domain_separator, - int32_t ret[3U][256U] -); - -void libcrux_kyber_ntt_invert_ntt_montgomery___3size_t(int32_t re[256U], int32_t ret[256U]); + uint8_t* prf_input, + uint8_t* domain_separator, + int32_t ret[3U][256U]); void -libcrux_kyber_matrix_compute_vector_u___3size_t( +libcrux_kyber_ntt_invert_ntt_montgomery___3size_t(int32_t re[256U], + int32_t ret[256U]); + +void libcrux_kyber_matrix_compute_vector_u___3size_t( int32_t (*a_as_ntt)[3U][256U], int32_t (*r_as_ntt)[256U], int32_t (*error_1)[256U], - int32_t ret[3U][256U] -); + int32_t ret[3U][256U]); -void -libcrux_kyber_matrix_compute_ring_element_v___3size_t( +void libcrux_kyber_matrix_compute_ring_element_v___3size_t( int32_t (*t_as_ntt)[256U], int32_t (*r_as_ntt)[256U], int32_t (*error_2)[256U], int32_t (*message)[256U], - int32_t ret[256U] -); + int32_t ret[256U]); void libcrux_kyber_serialize_compress_then_serialize_10___320size_t( int32_t re[256U], - uint8_t ret[320U] -); + uint8_t ret[320U]); void libcrux_kyber_serialize_compress_then_serialize_11___320size_t( int32_t re[256U], - uint8_t ret[320U] -); + uint8_t ret[320U]); void libcrux_kyber_serialize_compress_then_serialize_ring_element_u___10size_t_320size_t( int32_t re[256U], - uint8_t ret[320U] -); + uint8_t ret[320U]); void libcrux_kyber_ind_cpa_compress_then_serialize_u___3size_t_960size_t_10size_t_320size_t( int32_t input[3U][256U], - uint8_t ret[960U] -); + uint8_t ret[960U]); void libcrux_kyber_serialize_compress_then_serialize_4___128size_t( int32_t re[256U], - uint8_t ret[128U] -); + uint8_t ret[128U]); void libcrux_kyber_serialize_compress_then_serialize_5___128size_t( int32_t re[256U], - uint8_t ret[128U] -); + uint8_t ret[128U]); void libcrux_kyber_serialize_compress_then_serialize_ring_element_v___4size_t_128size_t( int32_t re[256U], - uint8_t ret[128U] -); + uint8_t ret[128U]); void -libcrux_kyber_ind_cpa_into_padded_array___1088size_t(Eurydice_slice slice, uint8_t ret[1088U]); +libcrux_kyber_ind_cpa_into_padded_array___1088size_t(Eurydice_slice slice, + uint8_t ret[1088U]); void libcrux_kyber_ind_cpa_encrypt___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[1088U] -); + uint8_t ret[1088U]); typedef uint8_t libcrux_kyber_types_KyberCiphertext___1088size_t[1088U]; -typedef struct K___libcrux_kyber_types_KyberCiphertext__1088size_t___uint8_t_32size_t__s +typedef struct + K___libcrux_kyber_types_KyberCiphertext__1088size_t___uint8_t_32size_t__s { uint8_t fst[1088U]; uint8_t snd[32U]; -} -K___libcrux_kyber_types_KyberCiphertext__1088size_t___uint8_t_32size_t_; +} K___libcrux_kyber_types_KyberCiphertext__1088size_t___uint8_t_32size_t_; -typedef struct core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_s +typedef struct + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_s { core_result_Result_____core_num_nonzero_NonZeroUsize_tags tag; - union { + union + { uint8_t case_Ok[32U]; core_array_TryFromSliceError case_Err; - } - val; -} -core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError; + } val; +} core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError; K___libcrux_kyber_types_KyberCiphertext__1088size_t___uint8_t_32size_t_ -libcrux_kyber_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uint8_t (*public_key)[1184U], - uint8_t randomness[32U] -); + libcrux_kyber_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uint8_t (*public_key)[1184U], + uint8_t randomness[32U]); K___libcrux_kyber_types_KyberCiphertext__1088size_t___uint8_t_32size_t_ -libcrux_kyber_kyber768_encapsulate_768(uint8_t (*public_key)[1184U], uint8_t randomness[32U]); + libcrux_kyber_kyber768_encapsulate_768(uint8_t (*public_key)[1184U], + uint8_t randomness[32U]); K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t -libcrux_kyber_types__libcrux_kyber__types__KyberPrivateKey_SIZE__12__split_at___2400size_t( - uint8_t (*self)[2400U], - size_t mid -); + libcrux_kyber_types__libcrux_kyber__types__KyberPrivateKey_SIZE__12__split_at___2400size_t( + uint8_t (*self)[2400U], + size_t mid); void libcrux_kyber_serialize_deserialize_then_decompress_ring_element_u___10size_t( Eurydice_slice serialized, - int32_t ret[256U] -); + int32_t ret[256U]); -void libcrux_kyber_ntt_ntt_vector_u___10size_t(int32_t re[256U], int32_t ret[256U]); +void +libcrux_kyber_ntt_ntt_vector_u___10size_t(int32_t re[256U], int32_t ret[256U]); void libcrux_kyber_ind_cpa_deserialize_then_decompress_u___3size_t_1088size_t_960size_t_10size_t( - uint8_t *ciphertext, - int32_t ret[3U][256U] -); + uint8_t* ciphertext, + int32_t ret[3U][256U]); void libcrux_kyber_serialize_deserialize_then_decompress_ring_element_v___4size_t( Eurydice_slice serialized, - int32_t ret[256U] -); + int32_t ret[256U]); void libcrux_kyber_ind_cpa_deserialize_secret_key___3size_t( Eurydice_slice secret_key, - int32_t ret[3U][256U] -); + int32_t ret[3U][256U]); -void -libcrux_kyber_matrix_compute_message___3size_t( +void libcrux_kyber_matrix_compute_message___3size_t( int32_t (*v)[256U], int32_t (*secret_as_ntt)[256U], int32_t (*u_as_ntt)[256U], - int32_t ret[256U] -); + int32_t ret[256U]); void libcrux_kyber_ind_cpa_decrypt___3size_t_1088size_t_960size_t_10size_t_4size_t( Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -); + uint8_t* ciphertext, + uint8_t ret[32U]); void -libcrux_kyber_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]); +libcrux_kyber_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, + uint8_t ret[1120U]); Eurydice_slice -libcrux_kyber_types__libcrux_kyber__types__KyberCiphertext_SIZE__1__as_ref___1088size_t( - uint8_t (*self)[1088U] -); + libcrux_kyber_types__libcrux_kyber__types__KyberCiphertext_SIZE__1__as_ref___1088size_t( + uint8_t (*self)[1088U]); -void libcrux_kyber_hash_functions_PRF___32size_t(Eurydice_slice input, uint8_t ret[32U]); +void +libcrux_kyber_hash_functions_PRF___32size_t(Eurydice_slice input, + uint8_t ret[32U]); uint8_t libcrux_kyber_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( Eurydice_slice lhs, - Eurydice_slice rhs -); + Eurydice_slice rhs); void -libcrux_kyber_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - uint8_t (*secret_key)[2400U], - uint8_t (*ciphertext)[1088U], - uint8_t ret[32U] -); + libcrux_kyber_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + uint8_t (*secret_key)[2400U], + uint8_t (*ciphertext)[1088U], + uint8_t ret[32U]); -void -libcrux_kyber_kyber768_decapsulate_768( - uint8_t (*secret_key)[2400U], - uint8_t (*ciphertext)[1088U], - uint8_t ret[32U] -); +void libcrux_kyber_kyber768_decapsulate_768(uint8_t (*secret_key)[2400U], + uint8_t (*ciphertext)[1088U], + uint8_t ret[32U]); extern const size_t libcrux_kyber_KEY_GENERATION_SEED_SIZE; - #define __libcrux_kyber_H_DEFINED #endif diff --git a/libcrux/src/Eurydice.c b/libcrux/src/Eurydice.c index 6843466c..ce09e308 100644 --- a/libcrux/src/Eurydice.c +++ b/libcrux/src/Eurydice.c @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice ../libcrux_kyber.llbc F* version: d0aa54cf - KaRaMeL version: b329675d + KaRaMeL version: 8e0595bd */ #include "Eurydice.h" diff --git a/libcrux/src/LowStar_Ignore.c b/libcrux/src/LowStar_Ignore.c index bb17557b..9dc60087 100644 --- a/libcrux/src/LowStar_Ignore.c +++ b/libcrux/src/LowStar_Ignore.c @@ -2,7 +2,7 @@ This file was generated by KaRaMeL KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice ../libcrux_kyber.llbc F* version: d0aa54cf - KaRaMeL version: b329675d + KaRaMeL version: 8e0595bd */ #include "LowStar_Ignore.h" diff --git a/libcrux/src/libcrux_kyber.c b/libcrux/src/libcrux_kyber.c index aaa861ce..904b96a3 100644 --- a/libcrux/src/libcrux_kyber.c +++ b/libcrux/src/libcrux_kyber.c @@ -1,8 +1,7 @@ -/* +/* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice ../libcrux_kyber.llbc - F* version: d0aa54cf - KaRaMeL version: b329675d + KaRaMeL invocation: /Users/franziskus/repos/eurydice//eurydice + ../libcrux_kyber.llbc F* version: d0aa54cf KaRaMeL version: 8e0595bd */ #include "libcrux_kyber.h" @@ -12,96 +11,90 @@ const int32_t libcrux_kyber_constants_FIELD_MODULUS = (int32_t)3329; const size_t libcrux_kyber_constants_BITS_PER_COEFFICIENT = (size_t)12U; -const size_t libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT = (size_t)256U; +const size_t libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT = + (size_t)256U; -const -size_t -libcrux_kyber_constants_BITS_PER_RING_ELEMENT = - libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT - * (size_t)12U; +const size_t libcrux_kyber_constants_BITS_PER_RING_ELEMENT = + libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT * (size_t)12U; -const -size_t -libcrux_kyber_constants_BYTES_PER_RING_ELEMENT = - libcrux_kyber_constants_BITS_PER_RING_ELEMENT - / (size_t)8U; +const size_t libcrux_kyber_constants_BYTES_PER_RING_ELEMENT = + libcrux_kyber_constants_BITS_PER_RING_ELEMENT / (size_t)8U; -const size_t libcrux_kyber_constants_REJECTION_SAMPLING_SEED_SIZE = (size_t)168U * (size_t)5U; +const size_t libcrux_kyber_constants_REJECTION_SAMPLING_SEED_SIZE = + (size_t)168U * (size_t)5U; const size_t libcrux_kyber_constants_SHARED_SECRET_SIZE = (size_t)32U; -const size_t libcrux_kyber_constants_CPA_PKE_KEY_GENERATION_SEED_SIZE = (size_t)32U; +const size_t libcrux_kyber_constants_CPA_PKE_KEY_GENERATION_SEED_SIZE = + (size_t)32U; const size_t libcrux_kyber_constants_H_DIGEST_SIZE = (size_t)32U; const uint8_t libcrux_kyber_arithmetic_MONTGOMERY_SHIFT = 16U; -const -int32_t -libcrux_kyber_arithmetic_MONTGOMERY_R = - (int32_t)1 - << (uint32_t)libcrux_kyber_arithmetic_MONTGOMERY_SHIFT; +const int32_t libcrux_kyber_arithmetic_MONTGOMERY_R = + (int32_t)1 << (uint32_t)libcrux_kyber_arithmetic_MONTGOMERY_SHIFT; -uint32_t libcrux_kyber_arithmetic_get_n_least_significant_bits(uint8_t n, uint32_t value) +uint32_t +libcrux_kyber_arithmetic_get_n_least_significant_bits(uint8_t n, uint32_t value) { return value & ((1U << (uint32_t)n) - 1U); } const int64_t libcrux_kyber_arithmetic_BARRETT_SHIFT = (int64_t)26; -const -int64_t -libcrux_kyber_arithmetic_BARRETT_R = - (int64_t)1 - << (uint32_t)libcrux_kyber_arithmetic_BARRETT_SHIFT; +const int64_t libcrux_kyber_arithmetic_BARRETT_R = + (int64_t)1 << (uint32_t)libcrux_kyber_arithmetic_BARRETT_SHIFT; const int64_t libcrux_kyber_arithmetic_BARRETT_MULTIPLIER = (int64_t)20159; -int32_t libcrux_kyber_arithmetic_barrett_reduce(int32_t value) +int32_t +libcrux_kyber_arithmetic_barrett_reduce(int32_t value) { - int64_t - t = - core_convert_num__i64_59__from(value) - * libcrux_kyber_arithmetic_BARRETT_MULTIPLIER - + (libcrux_kyber_arithmetic_BARRETT_R >> 1U); - int32_t quotient = (int32_t)(t >> (uint32_t)libcrux_kyber_arithmetic_BARRETT_SHIFT); + int64_t t = core_convert_num__i64_59__from(value) * + libcrux_kyber_arithmetic_BARRETT_MULTIPLIER + + (libcrux_kyber_arithmetic_BARRETT_R >> 1U); + int32_t quotient = + (int32_t)(t >> (uint32_t)libcrux_kyber_arithmetic_BARRETT_SHIFT); return value - quotient * libcrux_kyber_constants_FIELD_MODULUS; } const uint32_t libcrux_kyber_arithmetic_INVERSE_OF_MODULUS_MOD_R = 62209U; -int32_t libcrux_kyber_arithmetic_montgomery_reduce(int32_t value) +int32_t +libcrux_kyber_arithmetic_montgomery_reduce(int32_t value) { - uint32_t - t = - libcrux_kyber_arithmetic_get_n_least_significant_bits(libcrux_kyber_arithmetic_MONTGOMERY_SHIFT, - (uint32_t)value) - * libcrux_kyber_arithmetic_INVERSE_OF_MODULUS_MOD_R; - int16_t - k = - (int16_t)libcrux_kyber_arithmetic_get_n_least_significant_bits(libcrux_kyber_arithmetic_MONTGOMERY_SHIFT, - t); + uint32_t t = libcrux_kyber_arithmetic_get_n_least_significant_bits( + libcrux_kyber_arithmetic_MONTGOMERY_SHIFT, (uint32_t)value) * + libcrux_kyber_arithmetic_INVERSE_OF_MODULUS_MOD_R; + int16_t k = (int16_t)libcrux_kyber_arithmetic_get_n_least_significant_bits( + libcrux_kyber_arithmetic_MONTGOMERY_SHIFT, t); int32_t k_times_modulus = (int32_t)k * libcrux_kyber_constants_FIELD_MODULUS; - int32_t c = k_times_modulus >> (uint32_t)libcrux_kyber_arithmetic_MONTGOMERY_SHIFT; - int32_t value_high = value >> (uint32_t)libcrux_kyber_arithmetic_MONTGOMERY_SHIFT; + int32_t c = + k_times_modulus >> (uint32_t)libcrux_kyber_arithmetic_MONTGOMERY_SHIFT; + int32_t value_high = + value >> (uint32_t)libcrux_kyber_arithmetic_MONTGOMERY_SHIFT; return value_high - c; } -int32_t libcrux_kyber_arithmetic_montgomery_multiply_sfe_by_fer(int32_t fe, int32_t fer) +int32_t +libcrux_kyber_arithmetic_montgomery_multiply_sfe_by_fer(int32_t fe, int32_t fer) { return libcrux_kyber_arithmetic_montgomery_reduce(fe * fer); } -const int32_t libcrux_kyber_arithmetic_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS = (int32_t)1353; +const int32_t libcrux_kyber_arithmetic_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS = + (int32_t)1353; -int32_t libcrux_kyber_arithmetic_to_standard_domain(int32_t mfe) +int32_t +libcrux_kyber_arithmetic_to_standard_domain(int32_t mfe) { - return - libcrux_kyber_arithmetic_montgomery_reduce(mfe - * libcrux_kyber_arithmetic_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); + return libcrux_kyber_arithmetic_montgomery_reduce( + mfe * libcrux_kyber_arithmetic_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } -uint16_t libcrux_kyber_arithmetic_to_unsigned_representative(int32_t fe) +uint16_t +libcrux_kyber_arithmetic_to_unsigned_representative(int32_t fe) { return (uint16_t)(fe + (libcrux_kyber_constants_FIELD_MODULUS & fe >> 31U)); } @@ -109,17 +102,17 @@ uint16_t libcrux_kyber_arithmetic_to_unsigned_representative(int32_t fe) void libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement_1__clone( int32_t (*self)[256U], - int32_t ret[256U] -) + int32_t ret[256U]) { - memcpy(ret, self[0U], (size_t)256U * sizeof (int32_t)); + memcpy(ret, self[0U], (size_t)256U * sizeof(int32_t)); } -const -int32_t -libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement__ZERO[256U] = { 0U }; +const int32_t + libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement__ZERO + [256U] = { 0U }; -uint8_t libcrux_kyber_compress_compress_message_coefficient(uint16_t fe) +uint8_t +libcrux_kyber_compress_compress_message_coefficient(uint16_t fe) { int16_t shifted = (int16_t)1664 - (int16_t)fe; int16_t mask = shifted >> 15U; @@ -129,38 +122,47 @@ uint8_t libcrux_kyber_compress_compress_message_coefficient(uint16_t fe) } int32_t -libcrux_kyber_compress_compress_ciphertext_coefficient(uint8_t coefficient_bits, uint16_t fe) +libcrux_kyber_compress_compress_ciphertext_coefficient(uint8_t coefficient_bits, + uint16_t fe) { - uint32_t compressed = (uint32_t)fe << (uint32_t)((uint32_t)coefficient_bits + 1U); + uint32_t compressed = (uint32_t)fe + << (uint32_t)((uint32_t)coefficient_bits + 1U); compressed = compressed + (uint32_t)libcrux_kyber_constants_FIELD_MODULUS; - compressed = compressed / (uint32_t)(libcrux_kyber_constants_FIELD_MODULUS << 1U); - return - (int32_t)libcrux_kyber_arithmetic_get_n_least_significant_bits(coefficient_bits, compressed); + compressed = + compressed / (uint32_t)(libcrux_kyber_constants_FIELD_MODULUS << 1U); + return (int32_t)libcrux_kyber_arithmetic_get_n_least_significant_bits( + coefficient_bits, compressed); } -int32_t libcrux_kyber_compress_decompress_message_coefficient(int32_t fe) +int32_t +libcrux_kyber_compress_decompress_message_coefficient(int32_t fe) { - return -fe & (libcrux_kyber_constants_FIELD_MODULUS + (int32_t)1) / (int32_t)2; + return -fe & + (libcrux_kyber_constants_FIELD_MODULUS + (int32_t)1) / (int32_t)2; } int32_t -libcrux_kyber_compress_decompress_ciphertext_coefficient(uint8_t coefficient_bits, int32_t fe) +libcrux_kyber_compress_decompress_ciphertext_coefficient( + uint8_t coefficient_bits, + int32_t fe) { - uint32_t decompressed = (uint32_t)fe * (uint32_t)libcrux_kyber_constants_FIELD_MODULUS; + uint32_t decompressed = + (uint32_t)fe * (uint32_t)libcrux_kyber_constants_FIELD_MODULUS; decompressed = (decompressed << 1U) + (1U << (uint32_t)coefficient_bits); decompressed = decompressed >> (uint32_t)((uint32_t)coefficient_bits + 1U); return (int32_t)decompressed; } -uint8_t libcrux_kyber_constant_time_ops_is_non_zero(uint8_t value) +uint8_t +libcrux_kyber_constant_time_ops_is_non_zero(uint8_t value) { uint16_t value0 = (uint16_t)value; uint16_t uu____0 = value0; - uint16_t - result = - (((uint32_t)uu____0 | (uint32_t)core_num__u16_7__wrapping_add(~value0, 1U)) & 0xFFFFU) - >> 8U - & 1U; + uint16_t result = (((uint32_t)uu____0 | + (uint32_t)core_num__u16_7__wrapping_add(~value0, 1U)) & + 0xFFFFU) >> + 8U & + 1U; return (uint8_t)result; } @@ -169,123 +171,103 @@ libcrux_kyber_constant_time_ops_select_shared_secret_in_constant_time( Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, - uint8_t ret[32U] -) + uint8_t ret[32U]) { - uint8_t - mask = core_num__u8_6__wrapping_sub(libcrux_kyber_constant_time_ops_is_non_zero(selector), 1U); + uint8_t mask = core_num__u8_6__wrapping_sub( + libcrux_kyber_constant_time_ops_is_non_zero(selector), 1U); uint8_t out[32U]; for (size_t i = (size_t)0U; i < (size_t)32U; i++) out[i] = 0U; - core_ops_range_Range__size_t - iter = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = libcrux_kyber_constants_SHARED_SECRET_SIZE - } - ), - core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + core_ops_range_Range__size_t iter = core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = libcrux_kyber_constants_SHARED_SECRET_SIZE }), + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; - uint8_t uu____1 = (uint32_t)Eurydice_slice_index(lhs, i, uint8_t) & (uint32_t)mask; - uint8_t *uu____2 = &Eurydice_slice_index(rhs, i, uint8_t); + uint8_t uu____1 = + (uint32_t)Eurydice_slice_index(lhs, i, uint8_t) & (uint32_t)mask; + uint8_t* uu____2 = &Eurydice_slice_index(rhs, i, uint8_t); size_t uu____3 = i; out[uu____3] = - (uint32_t)out[uu____3] - | ((uint32_t)uu____1 | ((uint32_t)uu____2[0U] & (uint32_t)~mask)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); + (uint32_t)out[uu____3] | + ((uint32_t)uu____1 | ((uint32_t)uu____2[0U] & (uint32_t)~mask)); } } uint8_t uu____4[32U]; - memcpy(uu____4, out, (size_t)32U * sizeof (uint8_t)); - memcpy(ret, uu____4, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____4, out, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, uu____4, (size_t)32U * sizeof(uint8_t)); } -void libcrux_kyber_hash_functions_G(Eurydice_slice input, uint8_t ret[64U]) +void +libcrux_kyber_hash_functions_G(Eurydice_slice input, uint8_t ret[64U]) { uint8_t ret0[64U]; libcrux_digest_sha3_512(input, ret0); - memcpy(ret, ret0, (size_t)64U * sizeof (uint8_t)); + memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } -void libcrux_kyber_hash_functions_H(Eurydice_slice input, uint8_t ret[32U]) +void +libcrux_kyber_hash_functions_H(Eurydice_slice input, uint8_t ret[32U]) { uint8_t ret0[32U]; libcrux_digest_sha3_256(input, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } K___uint8_t_uint8_t_uint8_t -libcrux_kyber_serialize_compress_coefficients_3(uint16_t coefficient1, uint16_t coefficient2) +libcrux_kyber_serialize_compress_coefficients_3(uint16_t coefficient1, + uint16_t coefficient2) { uint8_t coef1 = (uint8_t)((uint32_t)coefficient1 & 255U); - uint8_t coef2 = (uint8_t)((uint32_t)coefficient1 >> 8U | ((uint32_t)coefficient2 & 15U) << 4U); + uint8_t coef2 = (uint8_t)((uint32_t)coefficient1 >> 8U | + ((uint32_t)coefficient2 & 15U) << 4U); uint8_t coef3 = (uint8_t)((uint32_t)coefficient2 >> 4U & 255U); - return ((K___uint8_t_uint8_t_uint8_t){ .fst = coef1, .snd = coef2, .thd = coef3 }); + return ( + (K___uint8_t_uint8_t_uint8_t){ .fst = coef1, .snd = coef2, .thd = coef3 }); } void -libcrux_kyber_serialize_serialize_uncompressed_ring_element( - int32_t re[256U], - uint8_t ret[384U] -) +libcrux_kyber_serialize_serialize_uncompressed_ring_element(int32_t re[256U], + uint8_t ret[384U]) { uint8_t serialized[384U]; for (size_t i = (size_t)0U; i < (size_t)384U; i++) serialized[i] = 0U; core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)256U, re, int32_t), - int32_t) - / (size_t)2U; - core_ops_range_Range__size_t - iter = core_iter_traits_collect__I__into_iter(lit, core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + lit.end = core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)256U, re, int32_t), int32_t) / + (size_t)2U; + core_ops_range_Range__size_t iter = + core_iter_traits_collect__I__into_iter(lit, core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; - Eurydice_slice - coefficients = - Eurydice_array_to_subslice((size_t)256U, - re, - ( - (core_ops_range_Range__size_t){ - .start = i * (size_t)2U, - .end = i * (size_t)2U + (size_t)2U - } - ), - int32_t, - core_ops_range_Range__size_t); - uint16_t - coefficient1 = - libcrux_kyber_arithmetic_to_unsigned_representative(Eurydice_slice_index(coefficients, - (size_t)0U, - int32_t)); - uint16_t - coefficient2 = - libcrux_kyber_arithmetic_to_unsigned_representative(Eurydice_slice_index(coefficients, - (size_t)1U, - int32_t)); - K___uint8_t_uint8_t_uint8_t - uu____1 = libcrux_kyber_serialize_compress_coefficients_3(coefficient1, coefficient2); + Eurydice_slice coefficients = Eurydice_array_to_subslice( + (size_t)256U, + re, + ((core_ops_range_Range__size_t){ .start = i * (size_t)2U, + .end = i * (size_t)2U + (size_t)2U }), + int32_t, + core_ops_range_Range__size_t); + uint16_t coefficient1 = + libcrux_kyber_arithmetic_to_unsigned_representative( + Eurydice_slice_index(coefficients, (size_t)0U, int32_t)); + uint16_t coefficient2 = + libcrux_kyber_arithmetic_to_unsigned_representative( + Eurydice_slice_index(coefficients, (size_t)1U, int32_t)); + K___uint8_t_uint8_t_uint8_t uu____1 = + libcrux_kyber_serialize_compress_coefficients_3(coefficient1, + coefficient2); uint8_t coef1 = uu____1.fst; uint8_t coef2 = uu____1.snd; uint8_t coef3 = uu____1.thd; @@ -293,380 +275,300 @@ libcrux_kyber_serialize_serialize_uncompressed_ring_element( serialized[(size_t)3U * i + (size_t)1U] = coef2; serialized[(size_t)3U * i + (size_t)2U] = coef3; } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } uint8_t uu____2[384U]; - memcpy(uu____2, serialized, (size_t)384U * sizeof (uint8_t)); - memcpy(ret, uu____2, (size_t)384U * sizeof (uint8_t)); + memcpy(uu____2, serialized, (size_t)384U * sizeof(uint8_t)); + memcpy(ret, uu____2, (size_t)384U * sizeof(uint8_t)); } void libcrux_kyber_serialize_deserialize_to_uncompressed_ring_element( Eurydice_slice serialized, - int32_t ret[256U] -) + int32_t ret[256U]) { int32_t re[256U]; - memcpy(re, + memcpy( + re, libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement__ZERO, - (size_t)256U * sizeof (int32_t)); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(serialized, uint8_t) / (size_t)3U - } - ), - core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + (size_t)256U * sizeof(int32_t)); + core_ops_range_Range__size_t iter = core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(serialized, uint8_t) / (size_t)3U }), + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i * (size_t)3U, - .end = i * (size_t)3U + (size_t)3U - } - ), - uint8_t, - core_ops_range_Range__size_t); + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){ .start = i * (size_t)3U, + .end = i * (size_t)3U + (size_t)3U }), + uint8_t, + core_ops_range_Range__size_t); int32_t byte1 = (int32_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t); int32_t byte2 = (int32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t); int32_t byte3 = (int32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t); re[(size_t)2U * i] = (byte2 & (int32_t)15) << 8U | (byte1 & (int32_t)255); - re[(size_t)2U * i + (size_t)1U] = byte3 << 4U | (byte2 >> 4U & (int32_t)15); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); + re[(size_t)2U * i + (size_t)1U] = + byte3 << 4U | (byte2 >> 4U & (int32_t)15); } } - memcpy(ret, re, (size_t)256U * sizeof (int32_t)); + memcpy(ret, re, (size_t)256U * sizeof(int32_t)); } void libcrux_kyber_sampling_sample_from_binomial_distribution_2( Eurydice_slice randomness, - int32_t ret[256U] -) + int32_t ret[256U]) { int32_t sampled[256U]; - memcpy(sampled, + memcpy( + sampled, libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement__ZERO, - (size_t)256U * sizeof (int32_t)); - core_ops_range_Range__size_t - iter0 = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(randomness, uint8_t) / (size_t)4U - } - ), - core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter0, size_t); + (size_t)256U * sizeof(int32_t)); + core_ops_range_Range__size_t iter0 = core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(randomness, uint8_t) / (size_t)4U }), + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter0, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t chunk_number = uu____0.f0; - Eurydice_slice - byte_chunk = - Eurydice_slice_subslice(randomness, - ( - (core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)4U, - .end = chunk_number * (size_t)4U + (size_t)4U - } - ), - uint8_t, - core_ops_range_Range__size_t); - uint32_t uu____1 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t); - uint32_t - uu____2 = uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t) << 8U; - uint32_t - uu____3 = uu____2 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t) << 16U; - uint32_t - random_bits_as_u32 = - uu____3 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t) << 24U; + Eurydice_slice byte_chunk = Eurydice_slice_subslice( + randomness, + ((core_ops_range_Range__size_t){ .start = chunk_number * (size_t)4U, + .end = chunk_number * (size_t)4U + + (size_t)4U }), + uint8_t, + core_ops_range_Range__size_t); + uint32_t uu____1 = + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t); + uint32_t uu____2 = + uu____1 | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t) << 8U; + uint32_t uu____3 = + uu____2 | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t) << 16U; + uint32_t random_bits_as_u32 = + uu____3 | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; uint32_t coin_toss_outcomes = even_bits + odd_bits; - core_ops_range_Range__uint32_t - iter = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__uint32_t){ .start = 0U, .end = core_num__u32_8__BITS / 4U } - ), + core_ops_range_Range__uint32_t iter = + core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__uint32_t){ + .start = 0U, .end = core_num__u32_8__BITS / 4U }), core_ops_range_Range__uint32_t); - while (true) - { - core_option_Option__uint32_t - uu____4 = core_iter_range__core__ops__range__Range_A__3__next(&iter, uint32_t); + while (true) { + core_option_Option__uint32_t uu____4 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, uint32_t); if (uu____4.tag == core_option_None) break; - else if (uu____4.tag == core_option_Some) - { + else { uint32_t outcome_set = uu____4.f0; uint32_t outcome_set0 = outcome_set * 4U; - int32_t outcome_1 = (int32_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int32_t outcome_2 = (int32_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + int32_t outcome_1 = + (int32_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int32_t outcome_2 = + (int32_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); size_t offset = (size_t)(outcome_set0 >> 2U); sampled[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } - memcpy(ret, sampled, (size_t)256U * sizeof (int32_t)); + memcpy(ret, sampled, (size_t)256U * sizeof(int32_t)); } void libcrux_kyber_sampling_sample_from_binomial_distribution_3( Eurydice_slice randomness, - int32_t ret[256U] -) + int32_t ret[256U]) { int32_t sampled[256U]; - memcpy(sampled, + memcpy( + sampled, libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement__ZERO, - (size_t)256U * sizeof (int32_t)); - core_ops_range_Range__size_t - iter0 = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(randomness, uint8_t) / (size_t)3U - } - ), - core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter0, size_t); + (size_t)256U * sizeof(int32_t)); + core_ops_range_Range__size_t iter0 = core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(randomness, uint8_t) / (size_t)3U }), + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter0, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t chunk_number = uu____0.f0; - Eurydice_slice - byte_chunk = - Eurydice_slice_subslice(randomness, - ( - (core_ops_range_Range__size_t){ - .start = chunk_number * (size_t)3U, - .end = chunk_number * (size_t)3U + (size_t)3U - } - ), - uint8_t, - core_ops_range_Range__size_t); - uint32_t uu____1 = (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t); - uint32_t - uu____2 = uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t) << 8U; - uint32_t - random_bits_as_u24 = - uu____2 - | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t) << 16U; + Eurydice_slice byte_chunk = Eurydice_slice_subslice( + randomness, + ((core_ops_range_Range__size_t){ .start = chunk_number * (size_t)3U, + .end = chunk_number * (size_t)3U + + (size_t)3U }), + uint8_t, + core_ops_range_Range__size_t); + uint32_t uu____1 = + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t); + uint32_t uu____2 = + uu____1 | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t) << 8U; + uint32_t random_bits_as_u24 = + uu____2 | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - core_ops_range_Range__int32_t - iter = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__int32_t){ .start = (int32_t)0, .end = (int32_t)24 / (int32_t)6 } - ), + core_ops_range_Range__int32_t iter = + core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__int32_t){ .start = (int32_t)0, + .end = (int32_t)24 / (int32_t)6 }), core_ops_range_Range__int32_t); - while (true) - { - core_option_Option__int32_t - uu____3 = core_iter_range__core__ops__range__Range_A__3__next(&iter, int32_t); + while (true) { + core_option_Option__int32_t uu____3 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, int32_t); if (uu____3.tag == core_option_None) break; - else if (uu____3.tag == core_option_Some) - { + else { int32_t outcome_set = uu____3.f0; int32_t outcome_set0 = outcome_set * (int32_t)6; - int32_t outcome_1 = (int32_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int32_t - outcome_2 = (int32_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + (int32_t)3) & 7U); + int32_t outcome_1 = + (int32_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int32_t outcome_2 = + (int32_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); size_t offset = (size_t)(outcome_set0 / (int32_t)6); sampled[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } - memcpy(ret, sampled, (size_t)256U * sizeof (int32_t)); + memcpy(ret, sampled, (size_t)256U * sizeof(int32_t)); } -const -int32_t -libcrux_kyber_ntt_ZETAS_TIMES_MONTGOMERY_R[128U] = - { - (int32_t)-1044, (int32_t)-758, (int32_t)-359, (int32_t)-1517, (int32_t)1493, (int32_t)1422, - (int32_t)287, (int32_t)202, (int32_t)-171, (int32_t)622, (int32_t)1577, (int32_t)182, - (int32_t)962, (int32_t)-1202, (int32_t)-1474, (int32_t)1468, (int32_t)573, (int32_t)-1325, - (int32_t)264, (int32_t)383, (int32_t)-829, (int32_t)1458, (int32_t)-1602, (int32_t)-130, - (int32_t)-681, (int32_t)1017, (int32_t)732, (int32_t)608, (int32_t)-1542, (int32_t)411, - (int32_t)-205, (int32_t)-1571, (int32_t)1223, (int32_t)652, (int32_t)-552, (int32_t)1015, - (int32_t)-1293, (int32_t)1491, (int32_t)-282, (int32_t)-1544, (int32_t)516, (int32_t)-8, - (int32_t)-320, (int32_t)-666, (int32_t)-1618, (int32_t)-1162, (int32_t)126, (int32_t)1469, - (int32_t)-853, (int32_t)-90, (int32_t)-271, (int32_t)830, (int32_t)107, (int32_t)-1421, - (int32_t)-247, (int32_t)-951, (int32_t)-398, (int32_t)961, (int32_t)-1508, (int32_t)-725, - (int32_t)448, (int32_t)-1065, (int32_t)677, (int32_t)-1275, (int32_t)-1103, (int32_t)430, - (int32_t)555, (int32_t)843, (int32_t)-1251, (int32_t)871, (int32_t)1550, (int32_t)105, - (int32_t)422, (int32_t)587, (int32_t)177, (int32_t)-235, (int32_t)-291, (int32_t)-460, - (int32_t)1574, (int32_t)1653, (int32_t)-246, (int32_t)778, (int32_t)1159, (int32_t)-147, - (int32_t)-777, (int32_t)1483, (int32_t)-602, (int32_t)1119, (int32_t)-1590, (int32_t)644, - (int32_t)-872, (int32_t)349, (int32_t)418, (int32_t)329, (int32_t)-156, (int32_t)-75, - (int32_t)817, (int32_t)1097, (int32_t)603, (int32_t)610, (int32_t)1322, (int32_t)-1285, - (int32_t)-1465, (int32_t)384, (int32_t)-1215, (int32_t)-136, (int32_t)1218, (int32_t)-1335, - (int32_t)-874, (int32_t)220, (int32_t)-1187, (int32_t)-1659, (int32_t)-1185, (int32_t)-1530, - (int32_t)-1278, (int32_t)794, (int32_t)-1510, (int32_t)-854, (int32_t)-870, (int32_t)478, - (int32_t)-108, (int32_t)-308, (int32_t)996, (int32_t)991, (int32_t)958, (int32_t)-1460, - (int32_t)1522, (int32_t)1628 - }; +const int32_t libcrux_kyber_ntt_ZETAS_TIMES_MONTGOMERY_R[128U] = { + (int32_t)-1044, (int32_t)-758, (int32_t)-359, (int32_t)-1517, + (int32_t)1493, (int32_t)1422, (int32_t)287, (int32_t)202, + (int32_t)-171, (int32_t)622, (int32_t)1577, (int32_t)182, + (int32_t)962, (int32_t)-1202, (int32_t)-1474, (int32_t)1468, + (int32_t)573, (int32_t)-1325, (int32_t)264, (int32_t)383, + (int32_t)-829, (int32_t)1458, (int32_t)-1602, (int32_t)-130, + (int32_t)-681, (int32_t)1017, (int32_t)732, (int32_t)608, + (int32_t)-1542, (int32_t)411, (int32_t)-205, (int32_t)-1571, + (int32_t)1223, (int32_t)652, (int32_t)-552, (int32_t)1015, + (int32_t)-1293, (int32_t)1491, (int32_t)-282, (int32_t)-1544, + (int32_t)516, (int32_t)-8, (int32_t)-320, (int32_t)-666, + (int32_t)-1618, (int32_t)-1162, (int32_t)126, (int32_t)1469, + (int32_t)-853, (int32_t)-90, (int32_t)-271, (int32_t)830, + (int32_t)107, (int32_t)-1421, (int32_t)-247, (int32_t)-951, + (int32_t)-398, (int32_t)961, (int32_t)-1508, (int32_t)-725, + (int32_t)448, (int32_t)-1065, (int32_t)677, (int32_t)-1275, + (int32_t)-1103, (int32_t)430, (int32_t)555, (int32_t)843, + (int32_t)-1251, (int32_t)871, (int32_t)1550, (int32_t)105, + (int32_t)422, (int32_t)587, (int32_t)177, (int32_t)-235, + (int32_t)-291, (int32_t)-460, (int32_t)1574, (int32_t)1653, + (int32_t)-246, (int32_t)778, (int32_t)1159, (int32_t)-147, + (int32_t)-777, (int32_t)1483, (int32_t)-602, (int32_t)1119, + (int32_t)-1590, (int32_t)644, (int32_t)-872, (int32_t)349, + (int32_t)418, (int32_t)329, (int32_t)-156, (int32_t)-75, + (int32_t)817, (int32_t)1097, (int32_t)603, (int32_t)610, + (int32_t)1322, (int32_t)-1285, (int32_t)-1465, (int32_t)384, + (int32_t)-1215, (int32_t)-136, (int32_t)1218, (int32_t)-1335, + (int32_t)-874, (int32_t)220, (int32_t)-1187, (int32_t)-1659, + (int32_t)-1185, (int32_t)-1530, (int32_t)-1278, (int32_t)794, + (int32_t)-1510, (int32_t)-854, (int32_t)-870, (int32_t)478, + (int32_t)-108, (int32_t)-308, (int32_t)996, (int32_t)991, + (int32_t)958, (int32_t)-1460, (int32_t)1522, (int32_t)1628 +}; void -libcrux_kyber_ntt_ntt_at_layer( - size_t *zeta_i, - int32_t re[256U], - size_t layer, - size_t initial_coefficient_bound, - int32_t ret[256U] -) +libcrux_kyber_ntt_ntt_at_layer(size_t* zeta_i, + int32_t re[256U], + size_t layer, + size_t initial_coefficient_bound, + int32_t ret[256U]) { size_t step = (size_t)1U << (uint32_t)layer; - core_ops_range_Range__size_t - iter = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)128U / step } - ), - core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + core_ops_range_Range__size_t iter = core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ .start = (size_t)0U, + .end = (size_t)128U / step }), + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t round = uu____0.f0; zeta_i[0U] = zeta_i[0U] + (size_t)1U; size_t offset = round * step * (size_t)2U; - core_ops_range_Range__size_t - iter = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ .start = offset, .end = offset + step } - ), + core_ops_range_Range__size_t iter = + core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ .start = offset, + .end = offset + step }), core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____1 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + while (true) { + core_option_Option__size_t uu____1 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____1.tag == core_option_None) break; - else if (uu____1.tag == core_option_Some) - { + else { size_t j = uu____1.f0; - int32_t - t = - libcrux_kyber_arithmetic_montgomery_multiply_sfe_by_fer(re[j + step], - libcrux_kyber_ntt_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + int32_t t = libcrux_kyber_arithmetic_montgomery_multiply_sfe_by_fer( + re[j + step], + libcrux_kyber_ntt_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); re[j + step] = re[j] - t; re[j] = re[j] + t; } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } - memcpy(ret, re, (size_t)256U * sizeof (int32_t)); + memcpy(ret, re, (size_t)256U * sizeof(int32_t)); } void -libcrux_kyber_ntt_ntt_at_layer_3( - size_t *zeta_i, - int32_t re[256U], - size_t layer, - int32_t ret[256U] -) +libcrux_kyber_ntt_ntt_at_layer_3(size_t* zeta_i, + int32_t re[256U], + size_t layer, + int32_t ret[256U]) { int32_t ret0[256U]; libcrux_kyber_ntt_ntt_at_layer(zeta_i, re, layer, (size_t)3U, ret0); - memcpy(ret, ret0, (size_t)256U * sizeof (int32_t)); + memcpy(ret, ret0, (size_t)256U * sizeof(int32_t)); } -void libcrux_kyber_ntt_ntt_binomially_sampled_ring_element(int32_t re[256U], int32_t ret[256U]) +void +libcrux_kyber_ntt_ntt_binomially_sampled_ring_element(int32_t re[256U], + int32_t ret[256U]) { size_t zeta_i = (size_t)1U; - core_ops_range_Range__size_t - iter = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)128U } - ), - core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + core_ops_range_Range__size_t iter = core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ .start = (size_t)0U, + .end = (size_t)128U }), + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t j = uu____0.f0; int32_t t = re[j + (size_t)128U] * (int32_t)-1600; re[j + (size_t)128U] = re[j] - t; re[j] = re[j] + t; } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } libcrux_kyber_ntt_ntt_at_layer_3(&zeta_i, re, (size_t)6U, re); libcrux_kyber_ntt_ntt_at_layer_3(&zeta_i, re, (size_t)5U, re); @@ -674,73 +576,60 @@ void libcrux_kyber_ntt_ntt_binomially_sampled_ring_element(int32_t re[256U], int libcrux_kyber_ntt_ntt_at_layer_3(&zeta_i, re, (size_t)3U, re); libcrux_kyber_ntt_ntt_at_layer_3(&zeta_i, re, (size_t)2U, re); libcrux_kyber_ntt_ntt_at_layer_3(&zeta_i, re, (size_t)1U, re); - core_ops_range_Range__size_t - iter0 = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT - } - ), - core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____1 = core_iter_range__core__ops__range__Range_A__3__next(&iter0, size_t); + core_ops_range_Range__size_t iter0 = core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT }), + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____1 = + core_iter_range__core__ops__range__Range_A__3__next(&iter0, size_t); if (uu____1.tag == core_option_None) break; - else if (uu____1.tag == core_option_Some) - { + else { size_t i = uu____1.f0; int32_t uu____2 = libcrux_kyber_arithmetic_barrett_reduce(re[i]); re[i] = uu____2; } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } - memcpy(ret, re, (size_t)256U * sizeof (int32_t)); + memcpy(ret, re, (size_t)256U * sizeof(int32_t)); } -void libcrux_kyber_sampling_rejection_sampling_panic_with_diagnostic(void) +void +libcrux_kyber_sampling_rejection_sampling_panic_with_diagnostic(void) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EPRINTF( + "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); } void libcrux_kyber_sampling_sample_from_uniform_distribution( uint8_t randomness[840U], - int32_t ret[256U] -) + int32_t ret[256U]) { size_t sampled_coefficients = (size_t)0U; int32_t out[256U]; - memcpy(out, + memcpy( + out, libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement__ZERO, - (size_t)256U * sizeof (int32_t)); + (size_t)256U * sizeof(int32_t)); bool done = false; - core_slice_iter_Chunks - iter = - core_iter_traits_collect__I__into_iter(core_slice___Slice_T___chunks(Eurydice_array_to_slice((size_t)840U, - randomness, - uint8_t), - (size_t)3U, - uint8_t), - core_slice_iter_Chunks); - while (true) - { - core_option_Option__Eurydice_slice_uint8_t - uu____0 = core_slice_iter__core__slice__iter__Chunks__a__T__70__next(&iter, uint8_t); + core_slice_iter_Chunks iter = core_iter_traits_collect__I__into_iter( + core_slice___Slice_T___chunks( + Eurydice_array_to_slice((size_t)840U, randomness, uint8_t), + (size_t)3U, + uint8_t), + core_slice_iter_Chunks); + while (true) { + core_option_Option__Eurydice_slice_uint8_t uu____0 = + core_slice_iter__core__slice__iter__Chunks__a__T__70__next(&iter, + uint8_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { Eurydice_slice bytes = uu____0.f0; - if (!done) - { + if (!done) { int32_t b1 = (int32_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t); int32_t b2 = (int32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t); int32_t b3 = (int32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t); @@ -761,11 +650,10 @@ libcrux_kyber_sampling_sample_from_uniform_distribution( int32_t uu____13; size_t uu____14; size_t uu____15; - if (d1 < libcrux_kyber_constants_FIELD_MODULUS) - { - uu____1 = sampled_coefficients < libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT; - if (uu____1) - { + if (d1 < libcrux_kyber_constants_FIELD_MODULUS) { + uu____1 = sampled_coefficients < + libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT; + if (uu____1) { uu____2 = d1; uu____3 = sampled_coefficients; out[uu____3] = uu____2; @@ -773,14 +661,12 @@ libcrux_kyber_sampling_sample_from_uniform_distribution( uu____6 = d2; uu____13 = libcrux_kyber_constants_FIELD_MODULUS; uu____5 = uu____6 < uu____13; - if (uu____5) - { + if (uu____5) { uu____8 = sampled_coefficients; uu____14 = libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT; uu____7 = uu____8 < uu____14; uu____4 = uu____7; - if (uu____4) - { + if (uu____4) { uu____9 = d2; uu____10 = sampled_coefficients; out[uu____10] = uu____9; @@ -790,21 +676,16 @@ libcrux_kyber_sampling_sample_from_uniform_distribution( uu____11 = uu____12 == uu____15; if (uu____11) done = true; - } - else - { + } else { uu____12 = sampled_coefficients; uu____15 = libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT; uu____11 = uu____12 == uu____15; if (uu____11) done = true; } - } - else - { + } else { uu____4 = false; - if (uu____4) - { + if (uu____4) { uu____9 = d2; uu____10 = sampled_coefficients; out[uu____10] = uu____9; @@ -814,9 +695,7 @@ libcrux_kyber_sampling_sample_from_uniform_distribution( uu____11 = uu____12 == uu____15; if (uu____11) done = true; - } - else - { + } else { uu____12 = sampled_coefficients; uu____15 = libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT; uu____11 = uu____12 == uu____15; @@ -824,20 +703,16 @@ libcrux_kyber_sampling_sample_from_uniform_distribution( done = true; } } - } - else - { + } else { uu____6 = d2; uu____13 = libcrux_kyber_constants_FIELD_MODULUS; uu____5 = uu____6 < uu____13; - if (uu____5) - { + if (uu____5) { uu____8 = sampled_coefficients; uu____14 = libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT; uu____7 = uu____8 < uu____14; uu____4 = uu____7; - if (uu____4) - { + if (uu____4) { uu____9 = d2; uu____10 = sampled_coefficients; out[uu____10] = uu____9; @@ -847,21 +722,16 @@ libcrux_kyber_sampling_sample_from_uniform_distribution( uu____11 = uu____12 == uu____15; if (uu____11) done = true; - } - else - { + } else { uu____12 = sampled_coefficients; uu____15 = libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT; uu____11 = uu____12 == uu____15; if (uu____11) done = true; } - } - else - { + } else { uu____4 = false; - if (uu____4) - { + if (uu____4) { uu____9 = d2; uu____10 = sampled_coefficients; out[uu____10] = uu____9; @@ -871,9 +741,7 @@ libcrux_kyber_sampling_sample_from_uniform_distribution( uu____11 = uu____12 == uu____15; if (uu____11) done = true; - } - else - { + } else { uu____12 = sampled_coefficients; uu____15 = libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT; uu____11 = uu____12 == uu____15; @@ -882,12 +750,9 @@ libcrux_kyber_sampling_sample_from_uniform_distribution( } } } - } - else - { + } else { uu____1 = false; - if (uu____1) - { + if (uu____1) { uu____2 = d1; uu____3 = sampled_coefficients; out[uu____3] = uu____2; @@ -895,14 +760,12 @@ libcrux_kyber_sampling_sample_from_uniform_distribution( uu____6 = d2; uu____13 = libcrux_kyber_constants_FIELD_MODULUS; uu____5 = uu____6 < uu____13; - if (uu____5) - { + if (uu____5) { uu____8 = sampled_coefficients; uu____14 = libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT; uu____7 = uu____8 < uu____14; uu____4 = uu____7; - if (uu____4) - { + if (uu____4) { uu____9 = d2; uu____10 = sampled_coefficients; out[uu____10] = uu____9; @@ -912,21 +775,16 @@ libcrux_kyber_sampling_sample_from_uniform_distribution( uu____11 = uu____12 == uu____15; if (uu____11) done = true; - } - else - { + } else { uu____12 = sampled_coefficients; uu____15 = libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT; uu____11 = uu____12 == uu____15; if (uu____11) done = true; } - } - else - { + } else { uu____4 = false; - if (uu____4) - { + if (uu____4) { uu____9 = d2; uu____10 = sampled_coefficients; out[uu____10] = uu____9; @@ -936,9 +794,7 @@ libcrux_kyber_sampling_sample_from_uniform_distribution( uu____11 = uu____12 == uu____15; if (uu____11) done = true; - } - else - { + } else { uu____12 = sampled_coefficients; uu____15 = libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT; uu____11 = uu____12 == uu____15; @@ -946,20 +802,16 @@ libcrux_kyber_sampling_sample_from_uniform_distribution( done = true; } } - } - else - { + } else { uu____6 = d2; uu____13 = libcrux_kyber_constants_FIELD_MODULUS; uu____5 = uu____6 < uu____13; - if (uu____5) - { + if (uu____5) { uu____8 = sampled_coefficients; uu____14 = libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT; uu____7 = uu____8 < uu____14; uu____4 = uu____7; - if (uu____4) - { + if (uu____4) { uu____9 = d2; uu____10 = sampled_coefficients; out[uu____10] = uu____9; @@ -969,21 +821,16 @@ libcrux_kyber_sampling_sample_from_uniform_distribution( uu____11 = uu____12 == uu____15; if (uu____11) done = true; - } - else - { + } else { uu____12 = sampled_coefficients; uu____15 = libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT; uu____11 = uu____12 == uu____15; if (uu____11) done = true; } - } - else - { + } else { uu____4 = false; - if (uu____4) - { + if (uu____4) { uu____9 = d2; uu____10 = sampled_coefficients; out[uu____10] = uu____9; @@ -993,9 +840,7 @@ libcrux_kyber_sampling_sample_from_uniform_distribution( uu____11 = uu____12 == uu____15; if (uu____11) done = true; - } - else - { + } else { uu____12 = sampled_coefficients; uu____15 = libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT; uu____11 = uu____12 == uu____15; @@ -1007,66 +852,51 @@ libcrux_kyber_sampling_sample_from_uniform_distribution( } } } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } if (!done) libcrux_kyber_sampling_rejection_sampling_panic_with_diagnostic(); - memcpy(ret, out, (size_t)256U * sizeof (int32_t)); + memcpy(ret, out, (size_t)256U * sizeof(int32_t)); } K___int32_t_int32_t -libcrux_kyber_ntt_ntt_multiply_binomials( - K___int32_t_int32_t _, - K___int32_t_int32_t _0, - int32_t zeta -) +libcrux_kyber_ntt_ntt_multiply_binomials(K___int32_t_int32_t _, + K___int32_t_int32_t _0, + int32_t zeta) { int32_t a0 = _.fst; int32_t a1 = _.snd; int32_t b0 = _0.fst; int32_t b1 = _0.snd; int32_t uu____0 = a0 * b0; - int32_t - uu____1 = - libcrux_kyber_arithmetic_montgomery_reduce(uu____0 - + libcrux_kyber_arithmetic_montgomery_reduce(a1 * b1) * zeta); - return - ( - (K___int32_t_int32_t){ - .fst = uu____1, - .snd = libcrux_kyber_arithmetic_montgomery_reduce(a0 * b1 + a1 * b0) - } - ); + int32_t uu____1 = libcrux_kyber_arithmetic_montgomery_reduce( + uu____0 + libcrux_kyber_arithmetic_montgomery_reduce(a1 * b1) * zeta); + return ((K___int32_t_int32_t){ + .fst = uu____1, + .snd = libcrux_kyber_arithmetic_montgomery_reduce(a0 * b1 + a1 * b0) }); } void -libcrux_kyber_ntt_ntt_multiply(int32_t (*lhs)[256U], int32_t (*rhs)[256U], int32_t ret[256U]) +libcrux_kyber_ntt_ntt_multiply(int32_t (*lhs)[256U], + int32_t (*rhs)[256U], + int32_t ret[256U]) { int32_t out[256U]; - memcpy(out, + memcpy( + out, libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement__ZERO, - (size_t)256U * sizeof (int32_t)); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT / (size_t)4U - } - ), - core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + (size_t)256U * sizeof(int32_t)); + core_ops_range_Range__size_t iter = core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = + libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT / (size_t)4U }), + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; K___int32_t_int32_t lit0; lit0.fst = lhs[0U][(size_t)4U * i]; @@ -1074,11 +904,10 @@ libcrux_kyber_ntt_ntt_multiply(int32_t (*lhs)[256U], int32_t (*rhs)[256U], int32 K___int32_t_int32_t lit1; lit1.fst = rhs[0U][(size_t)4U * i]; lit1.snd = rhs[0U][(size_t)4U * i + (size_t)1U]; - K___int32_t_int32_t - product = - libcrux_kyber_ntt_ntt_multiply_binomials(lit0, - lit1, - libcrux_kyber_ntt_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + i]); + K___int32_t_int32_t product = libcrux_kyber_ntt_ntt_multiply_binomials( + lit0, + lit1, + libcrux_kyber_ntt_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + i]); out[(size_t)4U * i] = product.fst; out[(size_t)4U * i + (size_t)1U] = product.snd; K___int32_t_int32_t lit2; @@ -1087,466 +916,335 @@ libcrux_kyber_ntt_ntt_multiply(int32_t (*lhs)[256U], int32_t (*rhs)[256U], int32 K___int32_t_int32_t lit; lit.fst = rhs[0U][(size_t)4U * i + (size_t)2U]; lit.snd = rhs[0U][(size_t)4U * i + (size_t)3U]; - K___int32_t_int32_t - product0 = - libcrux_kyber_ntt_ntt_multiply_binomials(lit2, - lit, - -libcrux_kyber_ntt_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + i]); + K___int32_t_int32_t product0 = libcrux_kyber_ntt_ntt_multiply_binomials( + lit2, + lit, + -libcrux_kyber_ntt_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + i]); out[(size_t)4U * i + (size_t)2U] = product0.fst; out[(size_t)4U * i + (size_t)3U] = product0.snd; } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } - memcpy(ret, out, (size_t)256U * sizeof (int32_t)); + memcpy(ret, out, (size_t)256U * sizeof(int32_t)); } K___uint8_t_uint8_t_uint8_t_uint8_t_uint8_t -libcrux_kyber_serialize_compress_coefficients_10( - int32_t coefficient1, - int32_t coefficient2, - int32_t coefficient3, - int32_t coefficient4 -) +libcrux_kyber_serialize_compress_coefficients_10(int32_t coefficient1, + int32_t coefficient2, + int32_t coefficient3, + int32_t coefficient4) { uint8_t coef1 = (uint8_t)(coefficient1 & (int32_t)255); - uint8_t - coef2 = - (uint32_t)(uint8_t)(coefficient2 & (int32_t)63) - << 2U - | (uint32_t)(uint8_t)(coefficient1 >> 8U & (int32_t)3); - uint8_t - coef3 = - (uint32_t)(uint8_t)(coefficient3 & (int32_t)15) - << 4U - | (uint32_t)(uint8_t)(coefficient2 >> 6U & (int32_t)15); - uint8_t - coef4 = - (uint32_t)(uint8_t)(coefficient4 & (int32_t)3) - << 6U - | (uint32_t)(uint8_t)(coefficient3 >> 4U & (int32_t)63); + uint8_t coef2 = (uint32_t)(uint8_t)(coefficient2 & (int32_t)63) << 2U | + (uint32_t)(uint8_t)(coefficient1 >> 8U & (int32_t)3); + uint8_t coef3 = (uint32_t)(uint8_t)(coefficient3 & (int32_t)15) << 4U | + (uint32_t)(uint8_t)(coefficient2 >> 6U & (int32_t)15); + uint8_t coef4 = (uint32_t)(uint8_t)(coefficient4 & (int32_t)3) << 6U | + (uint32_t)(uint8_t)(coefficient3 >> 4U & (int32_t)63); uint8_t coef5 = (uint8_t)(coefficient4 >> 2U & (int32_t)255); - return - ( - (K___uint8_t_uint8_t_uint8_t_uint8_t_uint8_t){ - .fst = coef1, - .snd = coef2, - .thd = coef3, - .f3 = coef4, - .f4 = coef5 - } - ); + return ((K___uint8_t_uint8_t_uint8_t_uint8_t_uint8_t){ + .fst = coef1, .snd = coef2, .thd = coef3, .f3 = coef4, .f4 = coef5 }); } K___uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t -libcrux_kyber_serialize_compress_coefficients_11( - int32_t coefficient1, - int32_t coefficient2, - int32_t coefficient3, - int32_t coefficient4, - int32_t coefficient5, - int32_t coefficient6, - int32_t coefficient7, - int32_t coefficient8 -) +libcrux_kyber_serialize_compress_coefficients_11(int32_t coefficient1, + int32_t coefficient2, + int32_t coefficient3, + int32_t coefficient4, + int32_t coefficient5, + int32_t coefficient6, + int32_t coefficient7, + int32_t coefficient8) { uint8_t coef1 = (uint8_t)coefficient1; - uint8_t - coef2 = - (uint32_t)(uint8_t)(coefficient2 & (int32_t)31) - << 3U - | (uint32_t)(uint8_t)(coefficient1 >> 8U); - uint8_t - coef3 = - (uint32_t)(uint8_t)(coefficient3 & (int32_t)3) - << 6U - | (uint32_t)(uint8_t)(coefficient2 >> 5U); + uint8_t coef2 = (uint32_t)(uint8_t)(coefficient2 & (int32_t)31) << 3U | + (uint32_t)(uint8_t)(coefficient1 >> 8U); + uint8_t coef3 = (uint32_t)(uint8_t)(coefficient3 & (int32_t)3) << 6U | + (uint32_t)(uint8_t)(coefficient2 >> 5U); uint8_t coef4 = (uint8_t)(coefficient3 >> 2U & (int32_t)255); - uint8_t - coef5 = - (uint32_t)(uint8_t)(coefficient4 & (int32_t)127) - << 1U - | (uint32_t)(uint8_t)(coefficient3 >> 10U); - uint8_t - coef6 = - (uint32_t)(uint8_t)(coefficient5 & (int32_t)15) - << 4U - | (uint32_t)(uint8_t)(coefficient4 >> 7U); - uint8_t - coef7 = - (uint32_t)(uint8_t)(coefficient6 & (int32_t)1) - << 7U - | (uint32_t)(uint8_t)(coefficient5 >> 4U); + uint8_t coef5 = (uint32_t)(uint8_t)(coefficient4 & (int32_t)127) << 1U | + (uint32_t)(uint8_t)(coefficient3 >> 10U); + uint8_t coef6 = (uint32_t)(uint8_t)(coefficient5 & (int32_t)15) << 4U | + (uint32_t)(uint8_t)(coefficient4 >> 7U); + uint8_t coef7 = (uint32_t)(uint8_t)(coefficient6 & (int32_t)1) << 7U | + (uint32_t)(uint8_t)(coefficient5 >> 4U); uint8_t coef8 = (uint8_t)(coefficient6 >> 1U & (int32_t)255); - uint8_t - coef9 = - (uint32_t)(uint8_t)(coefficient7 & (int32_t)63) - << 2U - | (uint32_t)(uint8_t)(coefficient6 >> 9U); - uint8_t - coef10 = - (uint32_t)(uint8_t)(coefficient8 & (int32_t)7) - << 5U - | (uint32_t)(uint8_t)(coefficient7 >> 6U); + uint8_t coef9 = (uint32_t)(uint8_t)(coefficient7 & (int32_t)63) << 2U | + (uint32_t)(uint8_t)(coefficient6 >> 9U); + uint8_t coef10 = (uint32_t)(uint8_t)(coefficient8 & (int32_t)7) << 5U | + (uint32_t)(uint8_t)(coefficient7 >> 6U); uint8_t coef11 = (uint8_t)(coefficient8 >> 3U); - return - ( - (K___uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t){ - .fst = coef1, - .snd = coef2, - .thd = coef3, - .f3 = coef4, - .f4 = coef5, - .f5 = coef6, - .f6 = coef7, - .f7 = coef8, - .f8 = coef9, - .f9 = coef10, - .f10 = coef11 - } - ); + return (( + K___uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t){ + .fst = coef1, + .snd = coef2, + .thd = coef3, + .f3 = coef4, + .f4 = coef5, + .f5 = coef6, + .f6 = coef7, + .f7 = coef8, + .f8 = coef9, + .f9 = coef10, + .f10 = coef11 }); } void -libcrux_kyber_ntt_invert_ntt_at_layer( - size_t *zeta_i, - int32_t re[256U], - size_t layer, - int32_t ret[256U] -) +libcrux_kyber_ntt_invert_ntt_at_layer(size_t* zeta_i, + int32_t re[256U], + size_t layer, + int32_t ret[256U]) { size_t step = (size_t)1U << (uint32_t)layer; - core_ops_range_Range__size_t - iter = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)128U / step } - ), - core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + core_ops_range_Range__size_t iter = core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ .start = (size_t)0U, + .end = (size_t)128U / step }), + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t round = uu____0.f0; zeta_i[0U] = zeta_i[0U] - (size_t)1U; size_t offset = round * step * (size_t)2U; - core_ops_range_Range__size_t - iter = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ .start = offset, .end = offset + step } - ), + core_ops_range_Range__size_t iter = + core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ .start = offset, + .end = offset + step }), core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____1 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + while (true) { + core_option_Option__size_t uu____1 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____1.tag == core_option_None) break; - else if (uu____1.tag == core_option_Some) - { + else { size_t j = uu____1.f0; int32_t a_minus_b = re[j + step] - re[j]; re[j] = re[j] + re[j + step]; - int32_t - uu____2 = - libcrux_kyber_arithmetic_montgomery_reduce(a_minus_b - * libcrux_kyber_ntt_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + int32_t uu____2 = libcrux_kyber_arithmetic_montgomery_reduce( + a_minus_b * libcrux_kyber_ntt_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); re[j + step] = uu____2; } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } - memcpy(ret, re, (size_t)256U * sizeof (int32_t)); + memcpy(ret, re, (size_t)256U * sizeof(int32_t)); } void libcrux_kyber_serialize_deserialize_then_decompress_message( uint8_t serialized[32U], - int32_t ret[256U] -) + int32_t ret[256U]) { int32_t re[256U]; - memcpy(re, + memcpy( + re, libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement__ZERO, - (size_t)256U * sizeof (int32_t)); + (size_t)256U * sizeof(int32_t)); core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)32U, serialized, uint8_t), - uint8_t); - core_ops_range_Range__size_t - iter0 = core_iter_traits_collect__I__into_iter(lit, core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter0, size_t); + lit.end = core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)32U, serialized, uint8_t), uint8_t); + core_ops_range_Range__size_t iter0 = + core_iter_traits_collect__I__into_iter(lit, core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter0, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; - uint8_t *byte = &serialized[i]; - core_ops_range_Range__size_t - iter = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U } - ), + uint8_t byte = serialized[i]; + core_ops_range_Range__size_t iter = + core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ .start = (size_t)0U, + .end = (size_t)8U }), core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____1 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + while (true) { + core_option_Option__size_t uu____1 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____1.tag == core_option_None) break; - else if (uu____1.tag == core_option_Some) - { + else { size_t j = uu____1.f0; - int32_t coefficient_compressed = (int32_t)((uint32_t)byte[0U] >> (uint32_t)j & 1U); - int32_t - uu____2 = libcrux_kyber_compress_decompress_message_coefficient(coefficient_compressed); + int32_t coefficient_compressed = + (int32_t)((uint32_t)byte >> (uint32_t)j & 1U); + int32_t uu____2 = + libcrux_kyber_compress_decompress_message_coefficient( + coefficient_compressed); re[(size_t)8U * i + j] = uu____2; } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } - memcpy(ret, re, (size_t)256U * sizeof (int32_t)); + memcpy(ret, re, (size_t)256U * sizeof(int32_t)); } K___uint8_t_uint8_t_uint8_t_uint8_t_uint8_t -libcrux_kyber_serialize_compress_coefficients_5( - uint8_t coefficient2, - uint8_t coefficient1, - uint8_t coefficient4, - uint8_t coefficient3, - uint8_t coefficient5, - uint8_t coefficient7, - uint8_t coefficient6, - uint8_t coefficient8 -) +libcrux_kyber_serialize_compress_coefficients_5(uint8_t coefficient2, + uint8_t coefficient1, + uint8_t coefficient4, + uint8_t coefficient3, + uint8_t coefficient5, + uint8_t coefficient7, + uint8_t coefficient6, + uint8_t coefficient8) { uint8_t coef1 = ((uint32_t)coefficient2 & 7U) << 5U | (uint32_t)coefficient1; - uint8_t - coef2 = - (((uint32_t)coefficient4 & 1U) << 7U | (uint32_t)coefficient3 << 2U) - | (uint32_t)coefficient2 >> 3U; - uint8_t coef3 = ((uint32_t)coefficient5 & 15U) << 4U | (uint32_t)coefficient4 >> 1U; - uint8_t - coef4 = - (((uint32_t)coefficient7 & 3U) << 6U | (uint32_t)coefficient6 << 1U) - | (uint32_t)coefficient5 >> 4U; + uint8_t coef2 = + (((uint32_t)coefficient4 & 1U) << 7U | (uint32_t)coefficient3 << 2U) | + (uint32_t)coefficient2 >> 3U; + uint8_t coef3 = + ((uint32_t)coefficient5 & 15U) << 4U | (uint32_t)coefficient4 >> 1U; + uint8_t coef4 = + (((uint32_t)coefficient7 & 3U) << 6U | (uint32_t)coefficient6 << 1U) | + (uint32_t)coefficient5 >> 4U; uint8_t coef5 = (uint32_t)coefficient8 << 3U | (uint32_t)coefficient7 >> 2U; - return - ( - (K___uint8_t_uint8_t_uint8_t_uint8_t_uint8_t){ - .fst = coef1, - .snd = coef2, - .thd = coef3, - .f3 = coef4, - .f4 = coef5 - } - ); + return ((K___uint8_t_uint8_t_uint8_t_uint8_t_uint8_t){ + .fst = coef1, .snd = coef2, .thd = coef3, .f3 = coef4, .f4 = coef5 }); } K___int32_t_int32_t_int32_t_int32_t -libcrux_kyber_serialize_decompress_coefficients_10( - int32_t byte2, - int32_t byte1, - int32_t byte3, - int32_t byte4, - int32_t byte5 -) +libcrux_kyber_serialize_decompress_coefficients_10(int32_t byte2, + int32_t byte1, + int32_t byte3, + int32_t byte4, + int32_t byte5) { int32_t coefficient1 = (byte2 & (int32_t)3) << 8U | (byte1 & (int32_t)255); int32_t coefficient2 = (byte3 & (int32_t)15) << 6U | byte2 >> 2U; int32_t coefficient3 = (byte4 & (int32_t)63) << 4U | byte3 >> 4U; int32_t coefficient4 = byte5 << 2U | byte4 >> 6U; - return - ( - (K___int32_t_int32_t_int32_t_int32_t){ - .fst = coefficient1, - .snd = coefficient2, - .thd = coefficient3, - .f3 = coefficient4 - } - ); + return ((K___int32_t_int32_t_int32_t_int32_t){ .fst = coefficient1, + .snd = coefficient2, + .thd = coefficient3, + .f3 = coefficient4 }); } void libcrux_kyber_serialize_deserialize_then_decompress_10( Eurydice_slice serialized, - int32_t ret[256U] -) + int32_t ret[256U]) { int32_t re[256U]; - memcpy(re, + memcpy( + re, libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement__ZERO, - (size_t)256U * sizeof (int32_t)); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(serialized, uint8_t) / (size_t)5U - } - ), - core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + (size_t)256U * sizeof(int32_t)); + core_ops_range_Range__size_t iter = core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(serialized, uint8_t) / (size_t)5U }), + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i * (size_t)5U, - .end = i * (size_t)5U + (size_t)5U - } - ), - uint8_t, - core_ops_range_Range__size_t); + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){ .start = i * (size_t)5U, + .end = i * (size_t)5U + (size_t)5U }), + uint8_t, + core_ops_range_Range__size_t); int32_t byte1 = (int32_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t); int32_t byte2 = (int32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t); int32_t byte3 = (int32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t); int32_t byte4 = (int32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t); int32_t byte5 = (int32_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t); - K___int32_t_int32_t_int32_t_int32_t - uu____1 = - libcrux_kyber_serialize_decompress_coefficients_10(byte2, - byte1, - byte3, - byte4, - byte5); + K___int32_t_int32_t_int32_t_int32_t uu____1 = + libcrux_kyber_serialize_decompress_coefficients_10( + byte2, byte1, byte3, byte4, byte5); int32_t coefficient1 = uu____1.fst; int32_t coefficient2 = uu____1.snd; int32_t coefficient3 = uu____1.thd; int32_t coefficient4 = uu____1.f3; - int32_t uu____2 = libcrux_kyber_compress_decompress_ciphertext_coefficient(10U, coefficient1); + int32_t uu____2 = + libcrux_kyber_compress_decompress_ciphertext_coefficient(10U, + coefficient1); re[(size_t)4U * i] = uu____2; - int32_t uu____3 = libcrux_kyber_compress_decompress_ciphertext_coefficient(10U, coefficient2); + int32_t uu____3 = + libcrux_kyber_compress_decompress_ciphertext_coefficient(10U, + coefficient2); re[(size_t)4U * i + (size_t)1U] = uu____3; - int32_t uu____4 = libcrux_kyber_compress_decompress_ciphertext_coefficient(10U, coefficient3); + int32_t uu____4 = + libcrux_kyber_compress_decompress_ciphertext_coefficient(10U, + coefficient3); re[(size_t)4U * i + (size_t)2U] = uu____4; - int32_t uu____5 = libcrux_kyber_compress_decompress_ciphertext_coefficient(10U, coefficient4); + int32_t uu____5 = + libcrux_kyber_compress_decompress_ciphertext_coefficient(10U, + coefficient4); re[(size_t)4U * i + (size_t)3U] = uu____5; } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } - memcpy(ret, re, (size_t)256U * sizeof (int32_t)); + memcpy(ret, re, (size_t)256U * sizeof(int32_t)); } K___int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t -libcrux_kyber_serialize_decompress_coefficients_11( - int32_t byte2, - int32_t byte1, - int32_t byte3, - int32_t byte5, - int32_t byte4, - int32_t byte6, - int32_t byte7, - int32_t byte9, - int32_t byte8, - int32_t byte10, - int32_t byte11 -) +libcrux_kyber_serialize_decompress_coefficients_11(int32_t byte2, + int32_t byte1, + int32_t byte3, + int32_t byte5, + int32_t byte4, + int32_t byte6, + int32_t byte7, + int32_t byte9, + int32_t byte8, + int32_t byte10, + int32_t byte11) { int32_t coefficient1 = (byte2 & (int32_t)7) << 8U | byte1; int32_t coefficient2 = (byte3 & (int32_t)63) << 5U | byte2 >> 3U; - int32_t coefficient3 = ((byte5 & (int32_t)1) << 10U | byte4 << 2U) | byte3 >> 6U; + int32_t coefficient3 = + ((byte5 & (int32_t)1) << 10U | byte4 << 2U) | byte3 >> 6U; int32_t coefficient4 = (byte6 & (int32_t)15) << 7U | byte5 >> 1U; int32_t coefficient5 = (byte7 & (int32_t)127) << 4U | byte6 >> 4U; - int32_t coefficient6 = ((byte9 & (int32_t)3) << 9U | byte8 << 1U) | byte7 >> 7U; + int32_t coefficient6 = + ((byte9 & (int32_t)3) << 9U | byte8 << 1U) | byte7 >> 7U; int32_t coefficient7 = (byte10 & (int32_t)31) << 6U | byte9 >> 2U; int32_t coefficient8 = byte11 << 3U | byte10 >> 5U; - return - ( - (K___int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t){ - .fst = coefficient1, - .snd = coefficient2, - .thd = coefficient3, - .f3 = coefficient4, - .f4 = coefficient5, - .f5 = coefficient6, - .f6 = coefficient7, - .f7 = coefficient8 - } - ); + return ((K___int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t){ + .fst = coefficient1, + .snd = coefficient2, + .thd = coefficient3, + .f3 = coefficient4, + .f4 = coefficient5, + .f5 = coefficient6, + .f6 = coefficient7, + .f7 = coefficient8 }); } void libcrux_kyber_serialize_deserialize_then_decompress_11( Eurydice_slice serialized, - int32_t ret[256U] -) + int32_t ret[256U]) { int32_t re[256U]; - memcpy(re, + memcpy( + re, libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement__ZERO, - (size_t)256U * sizeof (int32_t)); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(serialized, uint8_t) / (size_t)11U - } - ), - core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + (size_t)256U * sizeof(int32_t)); + core_ops_range_Range__size_t iter = core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(serialized, uint8_t) / (size_t)11U }), + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i * (size_t)11U, - .end = i * (size_t)11U + (size_t)11U - } - ), - uint8_t, - core_ops_range_Range__size_t); + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){ + .start = i * (size_t)11U, .end = i * (size_t)11U + (size_t)11U }), + uint8_t, + core_ops_range_Range__size_t); int32_t byte1 = (int32_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t); int32_t byte2 = (int32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t); int32_t byte3 = (int32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t); @@ -1556,21 +1254,22 @@ libcrux_kyber_serialize_deserialize_then_decompress_11( int32_t byte7 = (int32_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t); int32_t byte8 = (int32_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t); int32_t byte9 = (int32_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t); - int32_t byte10 = (int32_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t); - int32_t byte11 = (int32_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t); + int32_t byte10 = + (int32_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t); + int32_t byte11 = + (int32_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t); K___int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t - uu____1 = - libcrux_kyber_serialize_decompress_coefficients_11(byte2, - byte1, - byte3, - byte5, - byte4, - byte6, - byte7, - byte9, - byte8, - byte10, - byte11); + uu____1 = libcrux_kyber_serialize_decompress_coefficients_11(byte2, + byte1, + byte3, + byte5, + byte4, + byte6, + byte7, + byte9, + byte8, + byte10, + byte11); int32_t coefficient1 = uu____1.fst; int32_t coefficient2 = uu____1.snd; int32_t coefficient3 = uu____1.thd; @@ -1579,106 +1278,108 @@ libcrux_kyber_serialize_deserialize_then_decompress_11( int32_t coefficient6 = uu____1.f5; int32_t coefficient7 = uu____1.f6; int32_t coefficient8 = uu____1.f7; - int32_t uu____2 = libcrux_kyber_compress_decompress_ciphertext_coefficient(11U, coefficient1); + int32_t uu____2 = + libcrux_kyber_compress_decompress_ciphertext_coefficient(11U, + coefficient1); re[(size_t)8U * i] = uu____2; - int32_t uu____3 = libcrux_kyber_compress_decompress_ciphertext_coefficient(11U, coefficient2); + int32_t uu____3 = + libcrux_kyber_compress_decompress_ciphertext_coefficient(11U, + coefficient2); re[(size_t)8U * i + (size_t)1U] = uu____3; - int32_t uu____4 = libcrux_kyber_compress_decompress_ciphertext_coefficient(11U, coefficient3); + int32_t uu____4 = + libcrux_kyber_compress_decompress_ciphertext_coefficient(11U, + coefficient3); re[(size_t)8U * i + (size_t)2U] = uu____4; - int32_t uu____5 = libcrux_kyber_compress_decompress_ciphertext_coefficient(11U, coefficient4); + int32_t uu____5 = + libcrux_kyber_compress_decompress_ciphertext_coefficient(11U, + coefficient4); re[(size_t)8U * i + (size_t)3U] = uu____5; - int32_t uu____6 = libcrux_kyber_compress_decompress_ciphertext_coefficient(11U, coefficient5); + int32_t uu____6 = + libcrux_kyber_compress_decompress_ciphertext_coefficient(11U, + coefficient5); re[(size_t)8U * i + (size_t)4U] = uu____6; - int32_t uu____7 = libcrux_kyber_compress_decompress_ciphertext_coefficient(11U, coefficient6); + int32_t uu____7 = + libcrux_kyber_compress_decompress_ciphertext_coefficient(11U, + coefficient6); re[(size_t)8U * i + (size_t)5U] = uu____7; - int32_t uu____8 = libcrux_kyber_compress_decompress_ciphertext_coefficient(11U, coefficient7); + int32_t uu____8 = + libcrux_kyber_compress_decompress_ciphertext_coefficient(11U, + coefficient7); re[(size_t)8U * i + (size_t)6U] = uu____8; - int32_t uu____9 = libcrux_kyber_compress_decompress_ciphertext_coefficient(11U, coefficient8); + int32_t uu____9 = + libcrux_kyber_compress_decompress_ciphertext_coefficient(11U, + coefficient8); re[(size_t)8U * i + (size_t)7U] = uu____9; } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } - memcpy(ret, re, (size_t)256U * sizeof (int32_t)); + memcpy(ret, re, (size_t)256U * sizeof(int32_t)); } void -libcrux_kyber_ntt_ntt_at_layer_3328( - size_t *zeta_i, - int32_t re[256U], - size_t layer, - int32_t ret[256U] -) +libcrux_kyber_ntt_ntt_at_layer_3328(size_t* zeta_i, + int32_t re[256U], + size_t layer, + int32_t ret[256U]) { int32_t ret0[256U]; libcrux_kyber_ntt_ntt_at_layer(zeta_i, re, layer, (size_t)3328U, ret0); - memcpy(ret, ret0, (size_t)256U * sizeof (int32_t)); + memcpy(ret, ret0, (size_t)256U * sizeof(int32_t)); } -K___int32_t_int32_t libcrux_kyber_serialize_decompress_coefficients_4(uint8_t *byte) +K___int32_t_int32_t +libcrux_kyber_serialize_decompress_coefficients_4(uint8_t* byte) { int32_t coefficient1 = (int32_t)Eurydice_bitand_pv_u8(byte, 15U); - int32_t coefficient2 = (int32_t)((uint32_t)Eurydice_shr_pv_u8(byte, (int32_t)4) & 15U); + int32_t coefficient2 = + (int32_t)((uint32_t)Eurydice_shr_pv_u8(byte, (int32_t)4) & 15U); return ((K___int32_t_int32_t){ .fst = coefficient1, .snd = coefficient2 }); } void -libcrux_kyber_serialize_deserialize_then_decompress_4( - Eurydice_slice serialized, - int32_t ret[256U] -) +libcrux_kyber_serialize_deserialize_then_decompress_4(Eurydice_slice serialized, + int32_t ret[256U]) { int32_t re[256U]; - memcpy(re, + memcpy( + re, libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement__ZERO, - (size_t)256U * sizeof (int32_t)); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(serialized, uint8_t) - } - ), - core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + (size_t)256U * sizeof(int32_t)); + core_ops_range_Range__size_t iter = core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(serialized, uint8_t) }), + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; - uint8_t *byte = &Eurydice_slice_index(serialized, i, uint8_t); - K___int32_t_int32_t uu____1 = libcrux_kyber_serialize_decompress_coefficients_4(byte); + uint8_t* byte = &Eurydice_slice_index(serialized, i, uint8_t); + K___int32_t_int32_t uu____1 = + libcrux_kyber_serialize_decompress_coefficients_4(byte); int32_t coefficient1 = uu____1.fst; int32_t coefficient2 = uu____1.snd; - int32_t uu____2 = libcrux_kyber_compress_decompress_ciphertext_coefficient(4U, coefficient1); + int32_t uu____2 = + libcrux_kyber_compress_decompress_ciphertext_coefficient(4U, + coefficient1); re[(size_t)2U * i] = uu____2; - int32_t uu____3 = libcrux_kyber_compress_decompress_ciphertext_coefficient(4U, coefficient2); + int32_t uu____3 = + libcrux_kyber_compress_decompress_ciphertext_coefficient(4U, + coefficient2); re[(size_t)2U * i + (size_t)1U] = uu____3; } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } - memcpy(ret, re, (size_t)256U * sizeof (int32_t)); + memcpy(ret, re, (size_t)256U * sizeof(int32_t)); } K___int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t -libcrux_kyber_serialize_decompress_coefficients_5( - int32_t byte1, - int32_t byte2, - int32_t byte3, - int32_t byte4, - int32_t byte5 -) +libcrux_kyber_serialize_decompress_coefficients_5(int32_t byte1, + int32_t byte2, + int32_t byte3, + int32_t byte4, + int32_t byte5) { int32_t coefficient1 = byte1 & (int32_t)31; int32_t coefficient2 = (byte2 & (int32_t)3) << 3U | byte1 >> 5U; @@ -1688,67 +1389,52 @@ libcrux_kyber_serialize_decompress_coefficients_5( int32_t coefficient6 = byte4 >> 1U & (int32_t)31; int32_t coefficient7 = (byte5 & (int32_t)7) << 2U | byte4 >> 6U; int32_t coefficient8 = byte5 >> 3U; - return - ( - (K___int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t){ - .fst = coefficient1, - .snd = coefficient2, - .thd = coefficient3, - .f3 = coefficient4, - .f4 = coefficient5, - .f5 = coefficient6, - .f6 = coefficient7, - .f7 = coefficient8 - } - ); + return ((K___int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t){ + .fst = coefficient1, + .snd = coefficient2, + .thd = coefficient3, + .f3 = coefficient4, + .f4 = coefficient5, + .f5 = coefficient6, + .f6 = coefficient7, + .f7 = coefficient8 }); } void -libcrux_kyber_serialize_deserialize_then_decompress_5( - Eurydice_slice serialized, - int32_t ret[256U] -) +libcrux_kyber_serialize_deserialize_then_decompress_5(Eurydice_slice serialized, + int32_t ret[256U]) { int32_t re[256U]; - memcpy(re, + memcpy( + re, libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement__ZERO, - (size_t)256U * sizeof (int32_t)); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(serialized, uint8_t) / (size_t)5U - } - ), - core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + (size_t)256U * sizeof(int32_t)); + core_ops_range_Range__size_t iter = core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(serialized, uint8_t) / (size_t)5U }), + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; - Eurydice_slice - bytes = - Eurydice_slice_subslice(serialized, - ( - (core_ops_range_Range__size_t){ - .start = i * (size_t)5U, - .end = i * (size_t)5U + (size_t)5U - } - ), - uint8_t, - core_ops_range_Range__size_t); + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + ((core_ops_range_Range__size_t){ .start = i * (size_t)5U, + .end = i * (size_t)5U + (size_t)5U }), + uint8_t, + core_ops_range_Range__size_t); int32_t byte1 = (int32_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t); int32_t byte2 = (int32_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t); int32_t byte3 = (int32_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t); int32_t byte4 = (int32_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t); int32_t byte5 = (int32_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t); K___int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t_int32_t - uu____1 = libcrux_kyber_serialize_decompress_coefficients_5(byte1, byte2, byte3, byte4, byte5); + uu____1 = libcrux_kyber_serialize_decompress_coefficients_5( + byte1, byte2, byte3, byte4, byte5); int32_t coefficient1 = uu____1.fst; int32_t coefficient2 = uu____1.snd; int32_t coefficient3 = uu____1.thd; @@ -1757,208 +1443,168 @@ libcrux_kyber_serialize_deserialize_then_decompress_5( int32_t coefficient6 = uu____1.f5; int32_t coefficient7 = uu____1.f6; int32_t coefficient8 = uu____1.f7; - int32_t uu____2 = libcrux_kyber_compress_decompress_ciphertext_coefficient(5U, coefficient1); + int32_t uu____2 = + libcrux_kyber_compress_decompress_ciphertext_coefficient(5U, + coefficient1); re[(size_t)8U * i] = uu____2; - int32_t uu____3 = libcrux_kyber_compress_decompress_ciphertext_coefficient(5U, coefficient2); + int32_t uu____3 = + libcrux_kyber_compress_decompress_ciphertext_coefficient(5U, + coefficient2); re[(size_t)8U * i + (size_t)1U] = uu____3; - int32_t uu____4 = libcrux_kyber_compress_decompress_ciphertext_coefficient(5U, coefficient3); + int32_t uu____4 = + libcrux_kyber_compress_decompress_ciphertext_coefficient(5U, + coefficient3); re[(size_t)8U * i + (size_t)2U] = uu____4; - int32_t uu____5 = libcrux_kyber_compress_decompress_ciphertext_coefficient(5U, coefficient4); + int32_t uu____5 = + libcrux_kyber_compress_decompress_ciphertext_coefficient(5U, + coefficient4); re[(size_t)8U * i + (size_t)3U] = uu____5; - int32_t uu____6 = libcrux_kyber_compress_decompress_ciphertext_coefficient(5U, coefficient5); + int32_t uu____6 = + libcrux_kyber_compress_decompress_ciphertext_coefficient(5U, + coefficient5); re[(size_t)8U * i + (size_t)4U] = uu____6; - int32_t uu____7 = libcrux_kyber_compress_decompress_ciphertext_coefficient(5U, coefficient6); + int32_t uu____7 = + libcrux_kyber_compress_decompress_ciphertext_coefficient(5U, + coefficient6); re[(size_t)8U * i + (size_t)5U] = uu____7; - int32_t uu____8 = libcrux_kyber_compress_decompress_ciphertext_coefficient(5U, coefficient7); + int32_t uu____8 = + libcrux_kyber_compress_decompress_ciphertext_coefficient(5U, + coefficient7); re[(size_t)8U * i + (size_t)6U] = uu____8; - int32_t uu____9 = libcrux_kyber_compress_decompress_ciphertext_coefficient(5U, coefficient8); + int32_t uu____9 = + libcrux_kyber_compress_decompress_ciphertext_coefficient(5U, + coefficient8); re[(size_t)8U * i + (size_t)7U] = uu____9; } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } - memcpy(ret, re, (size_t)256U * sizeof (int32_t)); + memcpy(ret, re, (size_t)256U * sizeof(int32_t)); } void -libcrux_kyber_serialize_compress_then_serialize_message(int32_t re[256U], uint8_t ret[32U]) +libcrux_kyber_serialize_compress_then_serialize_message(int32_t re[256U], + uint8_t ret[32U]) { uint8_t serialized[32U]; for (size_t i = (size_t)0U; i < (size_t)32U; i++) serialized[i] = 0U; core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)256U, re, int32_t), - int32_t) - / (size_t)8U; - core_ops_range_Range__size_t - iter0 = core_iter_traits_collect__I__into_iter(lit, core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter0, size_t); + lit.end = core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)256U, re, int32_t), int32_t) / + (size_t)8U; + core_ops_range_Range__size_t iter0 = + core_iter_traits_collect__I__into_iter(lit, core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter0, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; - Eurydice_slice - coefficients = - Eurydice_array_to_subslice((size_t)256U, - re, - ( - (core_ops_range_Range__size_t){ - .start = i * (size_t)8U, - .end = i * (size_t)8U + (size_t)8U - } - ), - int32_t, - core_ops_range_Range__size_t); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(coefficients, int32_t) - } - ), + Eurydice_slice coefficients = Eurydice_array_to_subslice( + (size_t)256U, + re, + ((core_ops_range_Range__size_t){ .start = i * (size_t)8U, + .end = i * (size_t)8U + (size_t)8U }), + int32_t, + core_ops_range_Range__size_t); + core_ops_range_Range__size_t iter = + core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(coefficients, int32_t) }), core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____1 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + while (true) { + core_option_Option__size_t uu____1 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____1.tag == core_option_None) break; - else if (uu____1.tag == core_option_Some) - { + else { size_t j = uu____1.f0; - int32_t *coefficient = &Eurydice_slice_index(coefficients, j, int32_t); - uint16_t - coefficient0 = libcrux_kyber_arithmetic_to_unsigned_representative(coefficient[0U]); - uint8_t - coefficient_compressed = libcrux_kyber_compress_compress_message_coefficient(coefficient0); + int32_t* coefficient = + &Eurydice_slice_index(coefficients, j, int32_t); + uint16_t coefficient0 = + libcrux_kyber_arithmetic_to_unsigned_representative( + coefficient[0U]); + uint8_t coefficient_compressed = + libcrux_kyber_compress_compress_message_coefficient(coefficient0); size_t uu____2 = i; - serialized[uu____2] = - (uint32_t)serialized[uu____2] - | (uint32_t)coefficient_compressed << (uint32_t)j; - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); + serialized[uu____2] = (uint32_t)serialized[uu____2] | + (uint32_t)coefficient_compressed << (uint32_t)j; } } } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } uint8_t uu____3[32U]; - memcpy(uu____3, serialized, (size_t)32U * sizeof (uint8_t)); - memcpy(ret, uu____3, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____3, serialized, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, uu____3, (size_t)32U * sizeof(uint8_t)); } const size_t libcrux_kyber_kyber768_RANK_768 = (size_t)3U; -const -size_t -libcrux_kyber_kyber768_RANKED_BYTES_PER_RING_ELEMENT_768 = - libcrux_kyber_kyber768_RANK_768 - * libcrux_kyber_constants_BITS_PER_RING_ELEMENT - / (size_t)8U; - -const -size_t -libcrux_kyber_kyber768_T_AS_NTT_ENCODED_SIZE_768 = - libcrux_kyber_kyber768_RANK_768 - * libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT - * libcrux_kyber_constants_BITS_PER_COEFFICIENT - / (size_t)8U; - -const size_t libcrux_kyber_kyber768_VECTOR_U_COMPRESSION_FACTOR_768 = (size_t)10U; - -const -size_t -libcrux_kyber_kyber768_C1_BLOCK_SIZE_768 = - libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT - * libcrux_kyber_kyber768_VECTOR_U_COMPRESSION_FACTOR_768 - / (size_t)8U; - -const -size_t -libcrux_kyber_kyber768_C1_SIZE_768 = - libcrux_kyber_kyber768_C1_BLOCK_SIZE_768 - * libcrux_kyber_kyber768_RANK_768; - -const size_t libcrux_kyber_kyber768_VECTOR_V_COMPRESSION_FACTOR_768 = (size_t)4U; - -const -size_t -libcrux_kyber_kyber768_C2_SIZE_768 = - libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT - * libcrux_kyber_kyber768_VECTOR_V_COMPRESSION_FACTOR_768 - / (size_t)8U; - -const -size_t -libcrux_kyber_kyber768_CPA_PKE_SECRET_KEY_SIZE_768 = - libcrux_kyber_kyber768_RANK_768 - * libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT - * libcrux_kyber_constants_BITS_PER_COEFFICIENT - / (size_t)8U; - -const -size_t -libcrux_kyber_kyber768_CPA_PKE_PUBLIC_KEY_SIZE_768 = - libcrux_kyber_kyber768_T_AS_NTT_ENCODED_SIZE_768 - + (size_t)32U; - -const -size_t -libcrux_kyber_kyber768_CPA_PKE_CIPHERTEXT_SIZE_768 = - libcrux_kyber_kyber768_C1_SIZE_768 - + libcrux_kyber_kyber768_C2_SIZE_768; - -const -size_t -libcrux_kyber_kyber768_SECRET_KEY_SIZE_768 = - libcrux_kyber_kyber768_CPA_PKE_SECRET_KEY_SIZE_768 - + libcrux_kyber_kyber768_CPA_PKE_PUBLIC_KEY_SIZE_768 - + libcrux_kyber_constants_H_DIGEST_SIZE - + libcrux_kyber_constants_SHARED_SECRET_SIZE; +const size_t libcrux_kyber_kyber768_RANKED_BYTES_PER_RING_ELEMENT_768 = + libcrux_kyber_kyber768_RANK_768 * + libcrux_kyber_constants_BITS_PER_RING_ELEMENT / (size_t)8U; -const size_t libcrux_kyber_kyber768_ETA1 = (size_t)2U; +const size_t libcrux_kyber_kyber768_T_AS_NTT_ENCODED_SIZE_768 = + libcrux_kyber_kyber768_RANK_768 * + libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT * + libcrux_kyber_constants_BITS_PER_COEFFICIENT / (size_t)8U; -const -size_t -libcrux_kyber_kyber768_ETA1_RANDOMNESS_SIZE = libcrux_kyber_kyber768_ETA1 * (size_t)64U; +const size_t libcrux_kyber_kyber768_VECTOR_U_COMPRESSION_FACTOR_768 = + (size_t)10U; -const size_t libcrux_kyber_kyber768_ETA2 = (size_t)2U; +const size_t libcrux_kyber_kyber768_C1_BLOCK_SIZE_768 = + libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT * + libcrux_kyber_kyber768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U; + +const size_t libcrux_kyber_kyber768_C1_SIZE_768 = + libcrux_kyber_kyber768_C1_BLOCK_SIZE_768 * libcrux_kyber_kyber768_RANK_768; + +const size_t libcrux_kyber_kyber768_VECTOR_V_COMPRESSION_FACTOR_768 = + (size_t)4U; + +const size_t libcrux_kyber_kyber768_C2_SIZE_768 = + libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT * + libcrux_kyber_kyber768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U; + +const size_t libcrux_kyber_kyber768_CPA_PKE_SECRET_KEY_SIZE_768 = + libcrux_kyber_kyber768_RANK_768 * + libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT * + libcrux_kyber_constants_BITS_PER_COEFFICIENT / (size_t)8U; + +const size_t libcrux_kyber_kyber768_CPA_PKE_PUBLIC_KEY_SIZE_768 = + libcrux_kyber_kyber768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U; + +const size_t libcrux_kyber_kyber768_CPA_PKE_CIPHERTEXT_SIZE_768 = + libcrux_kyber_kyber768_C1_SIZE_768 + libcrux_kyber_kyber768_C2_SIZE_768; + +const size_t libcrux_kyber_kyber768_SECRET_KEY_SIZE_768 = + libcrux_kyber_kyber768_CPA_PKE_SECRET_KEY_SIZE_768 + + libcrux_kyber_kyber768_CPA_PKE_PUBLIC_KEY_SIZE_768 + + libcrux_kyber_constants_H_DIGEST_SIZE + + libcrux_kyber_constants_SHARED_SECRET_SIZE; + +const size_t libcrux_kyber_kyber768_ETA1 = (size_t)2U; -const -size_t -libcrux_kyber_kyber768_ETA2_RANDOMNESS_SIZE = libcrux_kyber_kyber768_ETA2 * (size_t)64U; +const size_t libcrux_kyber_kyber768_ETA1_RANDOMNESS_SIZE = + libcrux_kyber_kyber768_ETA1 * (size_t)64U; -const -size_t -libcrux_kyber_kyber768_IMPLICIT_REJECTION_HASH_INPUT_SIZE = - libcrux_kyber_constants_SHARED_SECRET_SIZE - + libcrux_kyber_kyber768_CPA_PKE_CIPHERTEXT_SIZE_768; +const size_t libcrux_kyber_kyber768_ETA2 = (size_t)2U; +const size_t libcrux_kyber_kyber768_ETA2_RANDOMNESS_SIZE = + libcrux_kyber_kyber768_ETA2 * (size_t)64U; +const size_t libcrux_kyber_kyber768_IMPLICIT_REJECTION_HASH_INPUT_SIZE = + libcrux_kyber_constants_SHARED_SECRET_SIZE + + libcrux_kyber_kyber768_CPA_PKE_CIPHERTEXT_SIZE_768; void -libcrux_kyber_hash_functions_XOFx4___3size_t(uint8_t input[3U][34U], uint8_t ret[3U][840U]) +libcrux_kyber_hash_functions_XOFx4___3size_t(uint8_t input[3U][34U], + uint8_t ret[3U][840U]) { uint8_t out[3U][840U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { out[i][0U] = 0U; out[i][1U] = 0U; out[i][2U] = 0U; @@ -2805,56 +2451,46 @@ libcrux_kyber_hash_functions_XOFx4___3size_t(uint8_t input[3U][34U], uint8_t ret uu____0 = true; else uu____0 = !false; - if (uu____0) - { - core_ops_range_Range__size_t - iter = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)3U } - ), - core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____1 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + if (uu____0) { + core_ops_range_Range__size_t iter = core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ .start = (size_t)0U, + .end = (size_t)3U }), + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____1 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____1.tag == core_option_None) break; - else if (uu____1.tag == core_option_Some) - { + else { size_t i = uu____1.f0; uint8_t uu____2[840U]; - libcrux_digest_shake128((size_t)840U, + libcrux_digest_shake128( + (size_t)840U, Eurydice_array_to_slice((size_t)34U, input[i], uint8_t), uu____2); - memcpy(out[i], uu____2, (size_t)840U * sizeof (uint8_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); + memcpy(out[i], uu____2, (size_t)840U * sizeof(uint8_t)); } } - } - else - { + } else { uint8_t d00[840U]; uint8_t d10[840U]; - __uint8_t_840size_t__uint8_t_840size_t__uint8_t_840size_t__uint8_t_840size_t_ uu____3; + __uint8_t_840size_t__uint8_t_840size_t__uint8_t_840size_t__uint8_t_840size_t_ + uu____3; Eurydice_slice uu____4; - uint8_t *uu____5; - uint8_t *uu____6; + uint8_t* uu____5; + uint8_t* uu____6; size_t uu____7; Eurydice_slice uu____8; - uint8_t *uu____9; - uint8_t *uu____10; + uint8_t* uu____9; + uint8_t* uu____10; size_t uu____11; Eurydice_slice uu____12; - uint8_t *uu____13; - uint8_t *uu____14; + uint8_t* uu____13; + uint8_t* uu____14; size_t uu____15; Eurydice_slice uu____16; - uint8_t *uu____17; - uint8_t *uu____18; + uint8_t* uu____17; + uint8_t* uu____18; size_t uu____19; uint8_t uu____20[840U]; size_t uu____21; @@ -2863,22 +2499,23 @@ libcrux_kyber_hash_functions_XOFx4___3size_t(uint8_t input[3U][34U], uint8_t ret uint8_t d01[840U]; uint8_t d11[840U]; uint8_t d20[840U]; - __uint8_t_840size_t__uint8_t_840size_t__uint8_t_840size_t__uint8_t_840size_t_ uu____24; + __uint8_t_840size_t__uint8_t_840size_t__uint8_t_840size_t__uint8_t_840size_t_ + uu____24; Eurydice_slice uu____25; - uint8_t *uu____26; - uint8_t *uu____27; + uint8_t* uu____26; + uint8_t* uu____27; size_t uu____28; Eurydice_slice uu____29; - uint8_t *uu____30; - uint8_t *uu____31; + uint8_t* uu____30; + uint8_t* uu____31; size_t uu____32; Eurydice_slice uu____33; - uint8_t *uu____34; - uint8_t *uu____35; + uint8_t* uu____34; + uint8_t* uu____35; size_t uu____36; Eurydice_slice uu____37; - uint8_t *uu____38; - uint8_t *uu____39; + uint8_t* uu____38; + uint8_t* uu____39; size_t uu____40; uint8_t uu____41[840U]; size_t uu____42; @@ -2890,22 +2527,23 @@ libcrux_kyber_hash_functions_XOFx4___3size_t(uint8_t input[3U][34U], uint8_t ret uint8_t d1[840U]; uint8_t d2[840U]; uint8_t d3[840U]; - __uint8_t_840size_t__uint8_t_840size_t__uint8_t_840size_t__uint8_t_840size_t_ uu____47; + __uint8_t_840size_t__uint8_t_840size_t__uint8_t_840size_t__uint8_t_840size_t_ + uu____47; Eurydice_slice uu____48; - uint8_t *uu____49; - uint8_t *uu____50; + uint8_t* uu____49; + uint8_t* uu____50; size_t uu____51; Eurydice_slice uu____52; - uint8_t *uu____53; - uint8_t *uu____54; + uint8_t* uu____53; + uint8_t* uu____54; size_t uu____55; Eurydice_slice uu____56; - uint8_t *uu____57; - uint8_t *uu____58; + uint8_t* uu____57; + uint8_t* uu____58; size_t uu____59; Eurydice_slice uu____60; - uint8_t *uu____61; - uint8_t *uu____62; + uint8_t* uu____61; + uint8_t* uu____62; size_t uu____63; uint8_t uu____64[840U]; size_t uu____65; @@ -2915,706 +2553,615 @@ libcrux_kyber_hash_functions_XOFx4___3size_t(uint8_t input[3U][34U], uint8_t ret size_t uu____69; uint8_t uu____70[840U]; size_t uu____71; - uint8_t (*uu____72)[840U]; - uint8_t *uu____73; - uint8_t (*uu____74)[840U]; - uint8_t *uu____75; - uint8_t (*uu____76)[34U]; - uint8_t *uu____77; - uint8_t (*uu____78)[34U]; - uint8_t *uu____79; - uint8_t (*uu____80)[34U]; - uint8_t *uu____81; - uint8_t (*uu____82)[34U]; - uint8_t *uu____83; - uint8_t (*uu____84)[840U]; - uint8_t *uu____85; - uint8_t (*uu____86)[840U]; - uint8_t *uu____87; - uint8_t (*uu____88)[840U]; - uint8_t *uu____89; - uint8_t (*uu____90)[34U]; - uint8_t *uu____91; - uint8_t (*uu____92)[34U]; - uint8_t *uu____93; - uint8_t (*uu____94)[34U]; - uint8_t *uu____95; - uint8_t (*uu____96)[34U]; - uint8_t *uu____97; - uint8_t (*uu____98)[840U]; - uint8_t *uu____99; - uint8_t (*uu____100)[840U]; - uint8_t *uu____101; - uint8_t (*uu____102)[840U]; - uint8_t *uu____103; - uint8_t (*uu____104)[840U]; - uint8_t *uu____105; - uint8_t (*uu____106)[34U]; - uint8_t *uu____107; - uint8_t (*uu____108)[34U]; - uint8_t *uu____109; - uint8_t (*uu____110)[34U]; - uint8_t *uu____111; - uint8_t (*uu____112)[34U]; - uint8_t *uu____113; - switch ((uint8_t)(size_t)3U) - { - case 2U: - { - uu____7 = (size_t)0U; - uu____82 = input; - uu____83 = uu____82[uu____7]; - uu____6 = uu____83; - uu____5 = uu____6; - uu____4 = Eurydice_array_to_slice((size_t)34U, uu____5, uint8_t); - uu____11 = (size_t)1U; - uu____80 = input; - uu____81 = uu____80[uu____11]; - uu____10 = uu____81; - uu____9 = uu____10; - uu____8 = Eurydice_array_to_slice((size_t)34U, uu____9, uint8_t); - uu____15 = (size_t)0U; - uu____78 = input; - uu____79 = uu____78[uu____15]; - uu____14 = uu____79; - uu____13 = uu____14; - uu____12 = Eurydice_array_to_slice((size_t)34U, uu____13, uint8_t); - uu____19 = (size_t)1U; - uu____76 = input; - uu____77 = uu____76[uu____19]; - uu____18 = uu____77; - uu____17 = uu____18; - uu____16 = Eurydice_array_to_slice((size_t)34U, uu____17, uint8_t); - uu____3 = libcrux_digest_shake128x4((size_t)840U, uu____4, uu____8, uu____12, uu____16); - memcpy(d00, uu____3.fst, (size_t)840U * sizeof (uint8_t)); - memcpy(d10, uu____3.snd, (size_t)840U * sizeof (uint8_t)); - memcpy(uu____20, d00, (size_t)840U * sizeof (uint8_t)); - uu____21 = (size_t)0U; - uu____74 = out; - uu____75 = uu____74[uu____21]; - uu____75 = uu____20; - memcpy(uu____22, d10, (size_t)840U * sizeof (uint8_t)); - uu____23 = (size_t)1U; - uu____72 = out; - uu____73 = uu____72[uu____23]; - uu____73 = uu____22; - break; - } - case 3U: - { - uu____28 = (size_t)0U; - uu____96 = input; - uu____97 = uu____96[uu____28]; - uu____27 = uu____97; - uu____26 = uu____27; - uu____25 = Eurydice_array_to_slice((size_t)34U, uu____26, uint8_t); - uu____32 = (size_t)1U; - uu____94 = input; - uu____95 = uu____94[uu____32]; - uu____31 = uu____95; - uu____30 = uu____31; - uu____29 = Eurydice_array_to_slice((size_t)34U, uu____30, uint8_t); - uu____36 = (size_t)2U; - uu____92 = input; - uu____93 = uu____92[uu____36]; - uu____35 = uu____93; - uu____34 = uu____35; - uu____33 = Eurydice_array_to_slice((size_t)34U, uu____34, uint8_t); - uu____40 = (size_t)0U; - uu____90 = input; - uu____91 = uu____90[uu____40]; - uu____39 = uu____91; - uu____38 = uu____39; - uu____37 = Eurydice_array_to_slice((size_t)34U, uu____38, uint8_t); - uu____24 = libcrux_digest_shake128x4((size_t)840U, uu____25, uu____29, uu____33, uu____37); - memcpy(d01, uu____24.fst, (size_t)840U * sizeof (uint8_t)); - memcpy(d11, uu____24.snd, (size_t)840U * sizeof (uint8_t)); - memcpy(d20, uu____24.thd, (size_t)840U * sizeof (uint8_t)); - memcpy(uu____41, d01, (size_t)840U * sizeof (uint8_t)); - uu____42 = (size_t)0U; - uu____88 = out; - uu____89 = uu____88[uu____42]; - uu____89 = uu____41; - memcpy(uu____43, d11, (size_t)840U * sizeof (uint8_t)); - uu____44 = (size_t)1U; - uu____86 = out; - uu____87 = uu____86[uu____44]; - uu____87 = uu____43; - memcpy(uu____45, d20, (size_t)840U * sizeof (uint8_t)); - uu____46 = (size_t)2U; - uu____84 = out; - uu____85 = uu____84[uu____46]; - uu____85 = uu____45; - break; - } - case 4U: - { - uu____51 = (size_t)0U; - uu____112 = input; - uu____113 = uu____112[uu____51]; - uu____50 = uu____113; - uu____49 = uu____50; - uu____48 = Eurydice_array_to_slice((size_t)34U, uu____49, uint8_t); - uu____55 = (size_t)1U; - uu____110 = input; - uu____111 = uu____110[uu____55]; - uu____54 = uu____111; - uu____53 = uu____54; - uu____52 = Eurydice_array_to_slice((size_t)34U, uu____53, uint8_t); - uu____59 = (size_t)2U; - uu____108 = input; - uu____109 = uu____108[uu____59]; - uu____58 = uu____109; - uu____57 = uu____58; - uu____56 = Eurydice_array_to_slice((size_t)34U, uu____57, uint8_t); - uu____63 = (size_t)3U; - uu____106 = input; - uu____107 = uu____106[uu____63]; - uu____62 = uu____107; - uu____61 = uu____62; - uu____60 = Eurydice_array_to_slice((size_t)34U, uu____61, uint8_t); - uu____47 = libcrux_digest_shake128x4((size_t)840U, uu____48, uu____52, uu____56, uu____60); - memcpy(d0, uu____47.fst, (size_t)840U * sizeof (uint8_t)); - memcpy(d1, uu____47.snd, (size_t)840U * sizeof (uint8_t)); - memcpy(d2, uu____47.thd, (size_t)840U * sizeof (uint8_t)); - memcpy(d3, uu____47.f3, (size_t)840U * sizeof (uint8_t)); - memcpy(uu____64, d0, (size_t)840U * sizeof (uint8_t)); - uu____65 = (size_t)0U; - uu____104 = out; - uu____105 = uu____104[uu____65]; - uu____105 = uu____64; - memcpy(uu____66, d1, (size_t)840U * sizeof (uint8_t)); - uu____67 = (size_t)1U; - uu____102 = out; - uu____103 = uu____102[uu____67]; - uu____103 = uu____66; - memcpy(uu____68, d2, (size_t)840U * sizeof (uint8_t)); - uu____69 = (size_t)2U; - uu____100 = out; - uu____101 = uu____100[uu____69]; - uu____101 = uu____68; - memcpy(uu____70, d3, (size_t)840U * sizeof (uint8_t)); - uu____71 = (size_t)3U; - uu____98 = out; - uu____99 = uu____98[uu____71]; - uu____99 = uu____70; - break; - } - default: - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } + uint8_t(*uu____72)[840U]; + uint8_t* uu____73; + uint8_t(*uu____74)[840U]; + uint8_t* uu____75; + uint8_t(*uu____76)[34U]; + uint8_t* uu____77; + uint8_t(*uu____78)[34U]; + uint8_t* uu____79; + uint8_t(*uu____80)[34U]; + uint8_t* uu____81; + uint8_t(*uu____82)[34U]; + uint8_t* uu____83; + uint8_t(*uu____84)[840U]; + uint8_t* uu____85; + uint8_t(*uu____86)[840U]; + uint8_t* uu____87; + uint8_t(*uu____88)[840U]; + uint8_t* uu____89; + uint8_t(*uu____90)[34U]; + uint8_t* uu____91; + uint8_t(*uu____92)[34U]; + uint8_t* uu____93; + uint8_t(*uu____94)[34U]; + uint8_t* uu____95; + uint8_t(*uu____96)[34U]; + uint8_t* uu____97; + uint8_t(*uu____98)[840U]; + uint8_t* uu____99; + uint8_t(*uu____100)[840U]; + uint8_t* uu____101; + uint8_t(*uu____102)[840U]; + uint8_t* uu____103; + uint8_t(*uu____104)[840U]; + uint8_t* uu____105; + uint8_t(*uu____106)[34U]; + uint8_t* uu____107; + uint8_t(*uu____108)[34U]; + uint8_t* uu____109; + uint8_t(*uu____110)[34U]; + uint8_t* uu____111; + uint8_t(*uu____112)[34U]; + uint8_t* uu____113; + switch ((uint8_t)(size_t)3U) { + case 2U: { + uu____7 = (size_t)0U; + uu____82 = input; + uu____83 = uu____82[uu____7]; + uu____6 = uu____83; + uu____5 = uu____6; + uu____4 = Eurydice_array_to_slice((size_t)34U, uu____5, uint8_t); + uu____11 = (size_t)1U; + uu____80 = input; + uu____81 = uu____80[uu____11]; + uu____10 = uu____81; + uu____9 = uu____10; + uu____8 = Eurydice_array_to_slice((size_t)34U, uu____9, uint8_t); + uu____15 = (size_t)0U; + uu____78 = input; + uu____79 = uu____78[uu____15]; + uu____14 = uu____79; + uu____13 = uu____14; + uu____12 = Eurydice_array_to_slice((size_t)34U, uu____13, uint8_t); + uu____19 = (size_t)1U; + uu____76 = input; + uu____77 = uu____76[uu____19]; + uu____18 = uu____77; + uu____17 = uu____18; + uu____16 = Eurydice_array_to_slice((size_t)34U, uu____17, uint8_t); + uu____3 = libcrux_digest_shake128x4( + (size_t)840U, uu____4, uu____8, uu____12, uu____16); + memcpy(d00, uu____3.fst, (size_t)840U * sizeof(uint8_t)); + memcpy(d10, uu____3.snd, (size_t)840U * sizeof(uint8_t)); + memcpy(uu____20, d00, (size_t)840U * sizeof(uint8_t)); + uu____21 = (size_t)0U; + uu____74 = out; + uu____75 = uu____74[uu____21]; + uu____75 = uu____20; + memcpy(uu____22, d10, (size_t)840U * sizeof(uint8_t)); + uu____23 = (size_t)1U; + uu____72 = out; + uu____73 = uu____72[uu____23]; + uu____73 = uu____22; + break; + } + case 3U: { + uu____28 = (size_t)0U; + uu____96 = input; + uu____97 = uu____96[uu____28]; + uu____27 = uu____97; + uu____26 = uu____27; + uu____25 = Eurydice_array_to_slice((size_t)34U, uu____26, uint8_t); + uu____32 = (size_t)1U; + uu____94 = input; + uu____95 = uu____94[uu____32]; + uu____31 = uu____95; + uu____30 = uu____31; + uu____29 = Eurydice_array_to_slice((size_t)34U, uu____30, uint8_t); + uu____36 = (size_t)2U; + uu____92 = input; + uu____93 = uu____92[uu____36]; + uu____35 = uu____93; + uu____34 = uu____35; + uu____33 = Eurydice_array_to_slice((size_t)34U, uu____34, uint8_t); + uu____40 = (size_t)0U; + uu____90 = input; + uu____91 = uu____90[uu____40]; + uu____39 = uu____91; + uu____38 = uu____39; + uu____37 = Eurydice_array_to_slice((size_t)34U, uu____38, uint8_t); + uu____24 = libcrux_digest_shake128x4( + (size_t)840U, uu____25, uu____29, uu____33, uu____37); + memcpy(d01, uu____24.fst, (size_t)840U * sizeof(uint8_t)); + memcpy(d11, uu____24.snd, (size_t)840U * sizeof(uint8_t)); + memcpy(d20, uu____24.thd, (size_t)840U * sizeof(uint8_t)); + memcpy(uu____41, d01, (size_t)840U * sizeof(uint8_t)); + uu____42 = (size_t)0U; + uu____88 = out; + uu____89 = uu____88[uu____42]; + uu____89 = uu____41; + memcpy(uu____43, d11, (size_t)840U * sizeof(uint8_t)); + uu____44 = (size_t)1U; + uu____86 = out; + uu____87 = uu____86[uu____44]; + uu____87 = uu____43; + memcpy(uu____45, d20, (size_t)840U * sizeof(uint8_t)); + uu____46 = (size_t)2U; + uu____84 = out; + uu____85 = uu____84[uu____46]; + uu____85 = uu____45; + break; + } + case 4U: { + uu____51 = (size_t)0U; + uu____112 = input; + uu____113 = uu____112[uu____51]; + uu____50 = uu____113; + uu____49 = uu____50; + uu____48 = Eurydice_array_to_slice((size_t)34U, uu____49, uint8_t); + uu____55 = (size_t)1U; + uu____110 = input; + uu____111 = uu____110[uu____55]; + uu____54 = uu____111; + uu____53 = uu____54; + uu____52 = Eurydice_array_to_slice((size_t)34U, uu____53, uint8_t); + uu____59 = (size_t)2U; + uu____108 = input; + uu____109 = uu____108[uu____59]; + uu____58 = uu____109; + uu____57 = uu____58; + uu____56 = Eurydice_array_to_slice((size_t)34U, uu____57, uint8_t); + uu____63 = (size_t)3U; + uu____106 = input; + uu____107 = uu____106[uu____63]; + uu____62 = uu____107; + uu____61 = uu____62; + uu____60 = Eurydice_array_to_slice((size_t)34U, uu____61, uint8_t); + uu____47 = libcrux_digest_shake128x4( + (size_t)840U, uu____48, uu____52, uu____56, uu____60); + memcpy(d0, uu____47.fst, (size_t)840U * sizeof(uint8_t)); + memcpy(d1, uu____47.snd, (size_t)840U * sizeof(uint8_t)); + memcpy(d2, uu____47.thd, (size_t)840U * sizeof(uint8_t)); + memcpy(d3, uu____47.f3, (size_t)840U * sizeof(uint8_t)); + memcpy(uu____64, d0, (size_t)840U * sizeof(uint8_t)); + uu____65 = (size_t)0U; + uu____104 = out; + uu____105 = uu____104[uu____65]; + uu____105 = uu____64; + memcpy(uu____66, d1, (size_t)840U * sizeof(uint8_t)); + uu____67 = (size_t)1U; + uu____102 = out; + uu____103 = uu____102[uu____67]; + uu____103 = uu____66; + memcpy(uu____68, d2, (size_t)840U * sizeof(uint8_t)); + uu____69 = (size_t)2U; + uu____100 = out; + uu____101 = uu____100[uu____69]; + uu____101 = uu____68; + memcpy(uu____70, d3, (size_t)840U * sizeof(uint8_t)); + uu____71 = (size_t)3U; + uu____98 = out; + uu____99 = uu____98[uu____71]; + uu____99 = uu____70; + break; + } + default: { + KRML_HOST_EPRINTF( + "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); + } } } uint8_t uu____114[3U][840U]; - memcpy(uu____114, out, (size_t)3U * sizeof (uint8_t [840U])); - memcpy(ret, uu____114, (size_t)3U * sizeof (uint8_t [840U])); + memcpy(uu____114, out, (size_t)3U * sizeof(uint8_t[840U])); + memcpy(ret, uu____114, (size_t)3U * sizeof(uint8_t[840U])); } void -libcrux_kyber_matrix_sample_matrix_A___3size_t( - uint8_t seed[34U], - bool transpose, - int32_t ret[3U][3U][256U] -) +libcrux_kyber_matrix_sample_matrix_A___3size_t(uint8_t seed[34U], + bool transpose, + int32_t ret[3U][3U][256U]) { int32_t A_transpose[3U][3U][256U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) - { - memcpy(A_transpose[i][0U], + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + memcpy( + A_transpose[i][0U], libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement__ZERO, - (size_t)256U * sizeof (int32_t)); - memcpy(A_transpose[i][1U], + (size_t)256U * sizeof(int32_t)); + memcpy( + A_transpose[i][1U], libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement__ZERO, - (size_t)256U * sizeof (int32_t)); - memcpy(A_transpose[i][2U], + (size_t)256U * sizeof(int32_t)); + memcpy( + A_transpose[i][2U], libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement__ZERO, - (size_t)256U * sizeof (int32_t)); + (size_t)256U * sizeof(int32_t)); } - core_ops_range_Range__size_t - iter0 = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)3U } - ), - core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter0, size_t); + core_ops_range_Range__size_t iter0 = core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)3U }), + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter0, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i0 = uu____0.f0; uint8_t uu____1[34U]; - memcpy(uu____1, seed, (size_t)34U * sizeof (uint8_t)); + memcpy(uu____1, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) - memcpy(seeds[i], uu____1, (size_t)34U * sizeof (uint8_t)); - core_ops_range_Range__size_t - iter0 = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)3U } - ), + memcpy(seeds[i], uu____1, (size_t)34U * sizeof(uint8_t)); + core_ops_range_Range__size_t iter0 = + core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ .start = (size_t)0U, + .end = (size_t)3U }), core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____2 = core_iter_range__core__ops__range__Range_A__3__next(&iter0, size_t); + while (true) { + core_option_Option__size_t uu____2 = + core_iter_range__core__ops__range__Range_A__3__next(&iter0, size_t); if (uu____2.tag == core_option_None) break; - else if (uu____2.tag == core_option_Some) - { + else { size_t j = uu____2.f0; seeds[j][32U] = (uint8_t)i0; seeds[j][33U] = (uint8_t)j; } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } uint8_t uu____3[3U][34U]; - memcpy(uu____3, seeds, (size_t)3U * sizeof (uint8_t [34U])); + memcpy(uu____3, seeds, (size_t)3U * sizeof(uint8_t[34U])); uint8_t xof_bytes[3U][840U]; libcrux_kyber_hash_functions_XOFx4___3size_t(uu____3, xof_bytes); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)3U } - ), + core_ops_range_Range__size_t iter = + core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ .start = (size_t)0U, + .end = (size_t)3U }), core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____4 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + while (true) { + core_option_Option__size_t uu____4 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____4.tag == core_option_None) break; - else if (uu____4.tag == core_option_Some) - { + else { size_t j = uu____4.f0; uint8_t uu____5[840U]; - memcpy(uu____5, xof_bytes[j], (size_t)840U * sizeof (uint8_t)); + memcpy(uu____5, xof_bytes[j], (size_t)840U * sizeof(uint8_t)); int32_t sampled[256U]; - libcrux_kyber_sampling_sample_from_uniform_distribution(uu____5, sampled); + libcrux_kyber_sampling_sample_from_uniform_distribution(uu____5, + sampled); if (transpose) - memcpy(A_transpose[j][i0], sampled, (size_t)256U * sizeof (int32_t)); + memcpy(A_transpose[j][i0], sampled, (size_t)256U * sizeof(int32_t)); else - memcpy(A_transpose[i0][j], sampled, (size_t)256U * sizeof (int32_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); + memcpy(A_transpose[i0][j], sampled, (size_t)256U * sizeof(int32_t)); } } } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } int32_t uu____6[3U][3U][256U]; - memcpy(uu____6, A_transpose, (size_t)3U * sizeof (int32_t [3U][256U])); - memcpy(ret, uu____6, (size_t)3U * sizeof (int32_t [3U][256U])); + memcpy(uu____6, A_transpose, (size_t)3U * sizeof(int32_t[3U][256U])); + memcpy(ret, uu____6, (size_t)3U * sizeof(int32_t[3U][256U])); } -void libcrux_kyber_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]) +void +libcrux_kyber_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, + uint8_t ret[34U]) { if (false) - if (!(core_slice___Slice_T___len(slice, uint8_t) <= (size_t)34U)) - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "assert failure"); + if (!(core_slice___Slice_T___len(slice, uint8_t) <= (size_t)34U)) { + KRML_HOST_EPRINTF( + "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "assert failure"); KRML_HOST_EXIT(255U); } uint8_t out[34U]; for (size_t i = (size_t)0U; i < (size_t)34U; i++) out[i] = 0U; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)34U, + uint8_t* uu____0 = out; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)34U, uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t) - } - ), + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t) }), uint8_t, core_ops_range_Range__size_t), slice, uint8_t); uint8_t uu____1[34U]; - memcpy(uu____1, out, (size_t)34U * sizeof (uint8_t)); - memcpy(ret, uu____1, (size_t)34U * sizeof (uint8_t)); + memcpy(uu____1, out, (size_t)34U * sizeof(uint8_t)); + memcpy(ret, uu____1, (size_t)34U * sizeof(uint8_t)); } -void libcrux_kyber_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]) +void +libcrux_kyber_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, + uint8_t ret[33U]) { if (false) - if (!(core_slice___Slice_T___len(slice, uint8_t) <= (size_t)33U)) - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "assert failure"); + if (!(core_slice___Slice_T___len(slice, uint8_t) <= (size_t)33U)) { + KRML_HOST_EPRINTF( + "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "assert failure"); KRML_HOST_EXIT(255U); } uint8_t out[33U]; for (size_t i = (size_t)0U; i < (size_t)33U; i++) out[i] = 0U; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)33U, + uint8_t* uu____0 = out; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)33U, uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t) - } - ), + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t) }), uint8_t, core_ops_range_Range__size_t), slice, uint8_t); uint8_t uu____1[33U]; - memcpy(uu____1, out, (size_t)33U * sizeof (uint8_t)); - memcpy(ret, uu____1, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____1, out, (size_t)33U * sizeof(uint8_t)); + memcpy(ret, uu____1, (size_t)33U * sizeof(uint8_t)); } -void libcrux_kyber_hash_functions_PRF___128size_t(Eurydice_slice input, uint8_t ret[128U]) +void +libcrux_kyber_hash_functions_PRF___128size_t(Eurydice_slice input, + uint8_t ret[128U]) { uint8_t ret0[128U]; libcrux_digest_shake256((size_t)128U, input, ret0); - memcpy(ret, ret0, (size_t)128U * sizeof (uint8_t)); + memcpy(ret, ret0, (size_t)128U * sizeof(uint8_t)); } void libcrux_kyber_sampling_sample_from_binomial_distribution___2size_t( Eurydice_slice randomness, - int32_t ret[256U] -) + int32_t ret[256U]) { int32_t uu____0[256U]; Eurydice_slice uu____1; Eurydice_slice uu____2; - switch ((uint32_t)(size_t)2U) - { - case 2U: - { - uu____1 = randomness; - libcrux_kyber_sampling_sample_from_binomial_distribution_2(uu____1, uu____0); - break; - } - case 3U: - { - uu____2 = randomness; - libcrux_kyber_sampling_sample_from_binomial_distribution_3(uu____2, uu____0); - break; - } - default: - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } + switch ((uint32_t)(size_t)2U) { + case 2U: { + uu____1 = randomness; + libcrux_kyber_sampling_sample_from_binomial_distribution_2(uu____1, + uu____0); + break; + } + case 3U: { + uu____2 = randomness; + libcrux_kyber_sampling_sample_from_binomial_distribution_3(uu____2, + uu____0); + break; + } + default: { + KRML_HOST_EPRINTF( + "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); + } } - memcpy(ret, uu____0, (size_t)256U * sizeof (int32_t)); + memcpy(ret, uu____0, (size_t)256U * sizeof(int32_t)); } K___libcrux_kyber_arithmetic_PolynomialRingElement_3size_t__uint8_t libcrux_kyber_ind_cpa_sample_vector_cbd_then_ntt___3size_t_2size_t_128size_t( uint8_t prf_input[33U], - uint8_t domain_separator -) + uint8_t domain_separator) { int32_t re_as_ntt[3U][256U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) - memcpy(re_as_ntt[i], + memcpy( + re_as_ntt[i], libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement__ZERO, - (size_t)256U * sizeof (int32_t)); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)3U } - ), - core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + (size_t)256U * sizeof(int32_t)); + core_ops_range_Range__size_t iter = core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)3U }), + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; prf_input[32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U; uint8_t prf_output[128U]; - libcrux_kyber_hash_functions_PRF___128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t), - prf_output); + libcrux_kyber_hash_functions_PRF___128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); int32_t r[256U]; - libcrux_kyber_sampling_sample_from_binomial_distribution___2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t), - r); + libcrux_kyber_sampling_sample_from_binomial_distribution___2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t), r); int32_t uu____1[256U]; libcrux_kyber_ntt_ntt_binomially_sampled_ring_element(r, uu____1); - memcpy(re_as_ntt[i], uu____1, (size_t)256U * sizeof (int32_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); + memcpy(re_as_ntt[i], uu____1, (size_t)256U * sizeof(int32_t)); } } int32_t uu____2[3U][256U]; - memcpy(uu____2, re_as_ntt, (size_t)3U * sizeof (int32_t [256U])); + memcpy(uu____2, re_as_ntt, (size_t)3U * sizeof(int32_t[256U])); K___libcrux_kyber_arithmetic_PolynomialRingElement_3size_t__uint8_t lit; - memcpy(lit.fst, uu____2, (size_t)3U * sizeof (int32_t [256U])); + memcpy(lit.fst, uu____2, (size_t)3U * sizeof(int32_t[256U])); lit.snd = domain_separator; return lit; } void -libcrux_kyber_arithmetic_add_to_ring_element___3size_t( - int32_t lhs[256U], - int32_t (*rhs)[256U], - int32_t ret[256U] -) +libcrux_kyber_arithmetic_add_to_ring_element___3size_t(int32_t lhs[256U], + int32_t (*rhs)[256U], + int32_t ret[256U]) { core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)256U, lhs, int32_t), - int32_t); - core_ops_range_Range__size_t - iter = core_iter_traits_collect__I__into_iter(lit, core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + lit.end = core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)256U, lhs, int32_t), int32_t); + core_ops_range_Range__size_t iter = + core_iter_traits_collect__I__into_iter(lit, core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; size_t uu____1 = i; lhs[uu____1] = lhs[uu____1] + rhs[0U][i]; } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } - memcpy(ret, lhs, (size_t)256U * sizeof (int32_t)); + memcpy(ret, lhs, (size_t)256U * sizeof(int32_t)); } void -libcrux_kyber_matrix_compute_As_plus_e___3size_t( - int32_t (*matrix_A)[3U][256U], - int32_t (*s_as_ntt)[256U], - int32_t (*error_as_ntt)[256U], - int32_t ret[3U][256U] -) +libcrux_kyber_matrix_compute_As_plus_e___3size_t(int32_t (*matrix_A)[3U][256U], + int32_t (*s_as_ntt)[256U], + int32_t (*error_as_ntt)[256U], + int32_t ret[3U][256U]) { int32_t result[3U][256U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) - memcpy(result[i], + memcpy( + result[i], libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement__ZERO, - (size_t)256U * sizeof (int32_t)); + (size_t)256U * sizeof(int32_t)); core_ops_range_Range__size_t lit0; lit0.start = (size_t)0U; - lit0.end = - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - matrix_A, - Eurydice_error_t_cg_array), - int32_t [3U][256U]); - core_ops_range_Range__size_t - iter = core_iter_traits_collect__I__into_iter(lit0, core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + lit0.end = core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)3U, matrix_A, Eurydice_error_t_cg_array), + int32_t[3U][256U]); + core_ops_range_Range__size_t iter = + core_iter_traits_collect__I__into_iter(lit0, core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; - int32_t (*row)[256U] = matrix_A[i]; + int32_t(*row)[256U] = matrix_A[i]; core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, row, int32_t [256U]), - int32_t [256U]); - core_ops_range_Range__size_t - iter = core_iter_traits_collect__I__into_iter(lit, core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____1 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + lit.end = core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)3U, row, int32_t[256U]), int32_t[256U]); + core_ops_range_Range__size_t iter = + core_iter_traits_collect__I__into_iter(lit, + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____1 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____1.tag == core_option_None) break; - else if (uu____1.tag == core_option_Some) - { + else { size_t j = uu____1.f0; - int32_t (*matrix_element)[256U] = &row[j]; + int32_t(*matrix_element)[256U] = &row[j]; int32_t product[256U]; libcrux_kyber_ntt_ntt_multiply(matrix_element, &s_as_ntt[j], product); int32_t uu____2[256U]; - libcrux_kyber_arithmetic_add_to_ring_element___3size_t(result[i], &product, uu____2); - memcpy(result[i], uu____2, (size_t)256U * sizeof (int32_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); + libcrux_kyber_arithmetic_add_to_ring_element___3size_t( + result[i], &product, uu____2); + memcpy(result[i], uu____2, (size_t)256U * sizeof(int32_t)); } } - core_ops_range_Range__size_t - iter0 = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT - } - ), + core_ops_range_Range__size_t iter0 = + core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT }), core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____3 = core_iter_range__core__ops__range__Range_A__3__next(&iter0, size_t); + while (true) { + core_option_Option__size_t uu____3 = + core_iter_range__core__ops__range__Range_A__3__next(&iter0, size_t); if (uu____3.tag == core_option_None) break; - else if (uu____3.tag == core_option_Some) - { + else { size_t j = uu____3.f0; - int32_t - coefficient_normal_form = libcrux_kyber_arithmetic_to_standard_domain(result[i][j]); - int32_t - uu____4 = - libcrux_kyber_arithmetic_barrett_reduce(coefficient_normal_form + error_as_ntt[i][j]); + int32_t coefficient_normal_form = + libcrux_kyber_arithmetic_to_standard_domain(result[i][j]); + int32_t uu____4 = libcrux_kyber_arithmetic_barrett_reduce( + coefficient_normal_form + error_as_ntt[i][j]); result[i][j] = uu____4; } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } int32_t uu____5[3U][256U]; - memcpy(uu____5, result, (size_t)3U * sizeof (int32_t [256U])); - memcpy(ret, uu____5, (size_t)3U * sizeof (int32_t [256U])); + memcpy(uu____5, result, (size_t)3U * sizeof(int32_t[256U])); + memcpy(ret, uu____5, (size_t)3U * sizeof(int32_t[256U])); } void libcrux_kyber_ind_cpa_serialize_secret_key___3size_t_1152size_t( int32_t key[3U][256U], - uint8_t ret[1152U] -) + uint8_t ret[1152U]) { uint8_t out[1152U]; for (size_t i = (size_t)0U; i < (size_t)1152U; i++) out[i] = 0U; core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, key, int32_t [256U]), - int32_t [256U]); - core_ops_range_Range__size_t - iter = core_iter_traits_collect__I__into_iter(lit, core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + lit.end = core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)3U, key, int32_t[256U]), int32_t[256U]); + core_ops_range_Range__size_t iter = + core_iter_traits_collect__I__into_iter(lit, core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; - int32_t (*re)[256U] = &key[i]; - Eurydice_slice - uu____1 = - Eurydice_array_to_subslice((size_t)1152U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i * libcrux_kyber_constants_BYTES_PER_RING_ELEMENT, - .end = (i + (size_t)1U) * libcrux_kyber_constants_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t); + int32_t re[256U]; + memcpy(re, key[i], (size_t)256U * sizeof(int32_t)); + Eurydice_slice uu____1 = Eurydice_array_to_subslice( + (size_t)1152U, + out, + ((core_ops_range_Range__size_t){ + .start = i * libcrux_kyber_constants_BYTES_PER_RING_ELEMENT, + .end = (i + (size_t)1U) * + libcrux_kyber_constants_BYTES_PER_RING_ELEMENT }), + uint8_t, + core_ops_range_Range__size_t); uint8_t ret[384U]; - libcrux_kyber_serialize_serialize_uncompressed_ring_element(re[0U], ret); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_array_to_slice((size_t)384U, ret, uint8_t), - uint8_t); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); + libcrux_kyber_serialize_serialize_uncompressed_ring_element(re, ret); + core_slice___Slice_T___copy_from_slice( + uu____1, Eurydice_array_to_slice((size_t)384U, ret, uint8_t), uint8_t); } } uint8_t uu____2[1152U]; - memcpy(uu____2, out, (size_t)1152U * sizeof (uint8_t)); - memcpy(ret, uu____2, (size_t)1152U * sizeof (uint8_t)); + memcpy(uu____2, out, (size_t)1152U * sizeof(uint8_t)); + memcpy(ret, uu____2, (size_t)1152U * sizeof(uint8_t)); } void libcrux_kyber_ind_cpa_serialize_public_key___3size_t_1152size_t_1184size_t( int32_t t_as_ntt[3U][256U], Eurydice_slice seed_for_a, - uint8_t ret[1184U] -) + uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U]; for (size_t i = (size_t)0U; i < (size_t)1184U; i++) public_key_serialized[i] = 0U; - Eurydice_slice - uu____0 = + Eurydice_slice uu____0 = Eurydice_array_to_subslice((size_t)1184U, - public_key_serialized, - ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1152U }), - uint8_t, - core_ops_range_Range__size_t); + public_key_serialized, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)1152U }), + uint8_t, + core_ops_range_Range__size_t); int32_t uu____1[3U][256U]; - memcpy(uu____1, t_as_ntt, (size_t)3U * sizeof (int32_t [256U])); + memcpy(uu____1, t_as_ntt, (size_t)3U * sizeof(int32_t[256U])); uint8_t ret0[1152U]; - libcrux_kyber_ind_cpa_serialize_secret_key___3size_t_1152size_t(uu____1, ret0); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), - uint8_t); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)1184U, - public_key_serialized, - (size_t)1152U, - uint8_t, - size_t), + libcrux_kyber_ind_cpa_serialize_secret_key___3size_t_1152size_t(uu____1, + ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)1184U, public_key_serialized, (size_t)1152U, uint8_t, size_t), seed_for_a, uint8_t); uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); - memcpy(ret, uu____2, (size_t)1184U * sizeof (uint8_t)); + memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + memcpy(ret, uu____2, (size_t)1184U * sizeof(uint8_t)); } K___uint8_t_1152size_t__uint8_t_1184size_t_ libcrux_kyber_ind_cpa_generate_keypair___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( - Eurydice_slice key_generation_seed -) + Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; libcrux_kyber_hash_functions_G(key_generation_seed, hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t); Eurydice_slice seed_for_A = uu____0.fst; @@ -3624,46 +3171,45 @@ libcrux_kyber_ind_cpa_generate_keypair___3size_t_1152size_t_1184size_t_1152size_ libcrux_kyber_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); libcrux_kyber_matrix_sample_matrix_A___3size_t(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_kyber_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); + libcrux_kyber_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_kyber_arithmetic_PolynomialRingElement_3size_t__uint8_t - uu____2 = - libcrux_kyber_ind_cpa_sample_vector_cbd_then_ntt___3size_t_2size_t_128size_t(uu____1, - 0U); + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + K___libcrux_kyber_arithmetic_PolynomialRingElement_3size_t__uint8_t uu____2 = + libcrux_kyber_ind_cpa_sample_vector_cbd_then_ntt___3size_t_2size_t_128size_t( + uu____1, 0U); int32_t secret_as_ntt[3U][256U]; - memcpy(secret_as_ntt, uu____2.fst, (size_t)3U * sizeof (int32_t [256U])); + memcpy(secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(int32_t[256U])); uint8_t domain_separator = uu____2.snd; uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof (uint8_t)); + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); int32_t error_as_ntt[3U][256U]; - memcpy(error_as_ntt, - libcrux_kyber_ind_cpa_sample_vector_cbd_then_ntt___3size_t_2size_t_128size_t(uu____3, - domain_separator).fst, - (size_t)3U * sizeof (int32_t [256U])); - int32_t t_as_ntt[3U][256U]; - libcrux_kyber_matrix_compute_As_plus_e___3size_t(A_transpose, - secret_as_ntt, + memcpy( error_as_ntt, - t_as_ntt); + libcrux_kyber_ind_cpa_sample_vector_cbd_then_ntt___3size_t_2size_t_128size_t( + uu____3, domain_separator) + .fst, + (size_t)3U * sizeof(int32_t[256U])); + int32_t t_as_ntt[3U][256U]; + libcrux_kyber_matrix_compute_As_plus_e___3size_t( + A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); int32_t uu____4[3U][256U]; - memcpy(uu____4, t_as_ntt, (size_t)3U * sizeof (int32_t [256U])); + memcpy(uu____4, t_as_ntt, (size_t)3U * sizeof(int32_t[256U])); uint8_t public_key_serialized[1184U]; - libcrux_kyber_ind_cpa_serialize_public_key___3size_t_1152size_t_1184size_t(uu____4, - seed_for_A, - public_key_serialized); + libcrux_kyber_ind_cpa_serialize_public_key___3size_t_1152size_t_1184size_t( + uu____4, seed_for_A, public_key_serialized); int32_t uu____5[3U][256U]; - memcpy(uu____5, secret_as_ntt, (size_t)3U * sizeof (int32_t [256U])); + memcpy(uu____5, secret_as_ntt, (size_t)3U * sizeof(int32_t[256U])); uint8_t secret_key_serialized[1152U]; - libcrux_kyber_ind_cpa_serialize_secret_key___3size_t_1152size_t(uu____5, - secret_key_serialized); + libcrux_kyber_ind_cpa_serialize_secret_key___3size_t_1152size_t( + uu____5, secret_key_serialized); uint8_t uu____6[1152U]; - memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof (uint8_t)); + memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); uint8_t uu____7[1184U]; - memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof (uint8_t)); + memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1152U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1184U * sizeof (uint8_t)); + memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -3672,199 +3218,184 @@ libcrux_kyber_serialize_kem_secret_key___2400size_t( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, - uint8_t ret[2400U] -) + uint8_t ret[2400U]) { uint8_t out[2400U]; for (size_t i = (size_t)0U; i < (size_t)2400U; i++) out[i] = 0U; size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; + uint8_t* uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____0, - ( - (core_ops_range_Range__size_t){ - .start = uu____1, - .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t) - } - ), + ((core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + core_slice___Slice_T___len(private_key, uint8_t) }), uint8_t, core_ops_range_Range__size_t), private_key, uint8_t); pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t); - uint8_t *uu____3 = out; + uint8_t* uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____3, - ( - (core_ops_range_Range__size_t){ - .start = uu____4, - .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t) - } - ), + ((core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + core_slice___Slice_T___len(public_key, uint8_t) }), uint8_t, core_ops_range_Range__size_t), public_key, uint8_t); pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t); - Eurydice_slice - uu____6 = - Eurydice_array_to_subslice((size_t)2400U, - out, - ( - (core_ops_range_Range__size_t){ - .start = pointer, - .end = pointer + libcrux_kyber_constants_H_DIGEST_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)2400U, + out, + ((core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + libcrux_kyber_constants_H_DIGEST_SIZE }), + uint8_t, + core_ops_range_Range__size_t); uint8_t ret0[32U]; libcrux_kyber_hash_functions_H(public_key, ret0); - core_slice___Slice_T___copy_from_slice(uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), - uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + libcrux_kyber_constants_H_DIGEST_SIZE; - uint8_t *uu____7 = out; + uint8_t* uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)2400U, + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____7, - ( - (core_ops_range_Range__size_t){ - .start = uu____8, - .end = uu____9 + core_slice___Slice_T___len(implicit_rejection_value, uint8_t) - } - ), + ((core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + + core_slice___Slice_T___len(implicit_rejection_value, uint8_t) }), uint8_t, core_ops_range_Range__size_t), implicit_rejection_value, uint8_t); uint8_t uu____10[2400U]; - memcpy(uu____10, out, (size_t)2400U * sizeof (uint8_t)); - memcpy(ret, uu____10, (size_t)2400U * sizeof (uint8_t)); + memcpy(uu____10, out, (size_t)2400U * sizeof(uint8_t)); + memcpy(ret, uu____10, (size_t)2400U * sizeof(uint8_t)); } void libcrux_kyber_types__libcrux_kyber__types__KyberPrivateKey_SIZE__8__from___2400size_t( uint8_t value[2400U], - uint8_t ret[2400U] -) + uint8_t ret[2400U]) { uint8_t uu____0[2400U]; - memcpy(uu____0, value, (size_t)2400U * sizeof (uint8_t)); - memcpy(ret, uu____0, (size_t)2400U * sizeof (uint8_t)); + memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); + memcpy(ret, uu____0, (size_t)2400U * sizeof(uint8_t)); } libcrux_kyber_types_KyberKeyPair___2400size_t_1184size_t libcrux_kyber_types__libcrux_kyber__types__KyberKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( uint8_t sk[2400U], - uint8_t pk[1184U] -) + uint8_t pk[1184U]) { libcrux_kyber_types_KyberKeyPair___2400size_t_1184size_t lit; - memcpy(lit.sk, sk, (size_t)2400U * sizeof (uint8_t)); - memcpy(lit.pk, pk, (size_t)1184U * sizeof (uint8_t)); + memcpy(lit.sk, sk, (size_t)2400U * sizeof(uint8_t)); + memcpy(lit.pk, pk, (size_t)1184U * sizeof(uint8_t)); return lit; } libcrux_kyber_types_KyberKeyPair___2400size_t_1184size_t libcrux_kyber_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( - uint8_t randomness[64U] -) + uint8_t randomness[64U]) { - Eurydice_slice - ind_cpa_keypair_randomness = - Eurydice_array_to_subslice((size_t)64U, - randomness, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = libcrux_kyber_constants_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - ), - uint8_t, - core_ops_range_Range__size_t); - Eurydice_slice - implicit_rejection_value = - Eurydice_array_to_subslice_from((size_t)64U, - randomness, - libcrux_kyber_constants_CPA_PKE_KEY_GENERATION_SEED_SIZE, - uint8_t, - size_t); - K___uint8_t_1152size_t__uint8_t_1184size_t_ - uu____0 = - libcrux_kyber_ind_cpa_generate_keypair___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t(ind_cpa_keypair_randomness); + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, + randomness, + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = libcrux_kyber_constants_CPA_PKE_KEY_GENERATION_SEED_SIZE }), + uint8_t, + core_ops_range_Range__size_t); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, + randomness, + libcrux_kyber_constants_CPA_PKE_KEY_GENERATION_SEED_SIZE, + uint8_t, + size_t); + K___uint8_t_1152size_t__uint8_t_1184size_t_ uu____0 = + libcrux_kyber_ind_cpa_generate_keypair___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof (uint8_t)); + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof (uint8_t)); - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t); + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t); uint8_t secret_key_serialized[2400U]; - libcrux_kyber_serialize_kem_secret_key___2400size_t(uu____1, + libcrux_kyber_serialize_kem_secret_key___2400size_t( + uu____1, Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); uint8_t uu____2[2400U]; - memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof (uint8_t)); + memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); uint8_t private_key[2400U]; - libcrux_kyber_types__libcrux_kyber__types__KyberPrivateKey_SIZE__8__from___2400size_t(uu____2, - private_key); + libcrux_kyber_types__libcrux_kyber__types__KyberPrivateKey_SIZE__8__from___2400size_t( + uu____2, private_key); uint8_t uu____3[2400U]; - memcpy(uu____3, private_key, (size_t)2400U * sizeof (uint8_t)); + memcpy(uu____3, private_key, (size_t)2400U * sizeof(uint8_t)); uint8_t uu____4[1184U]; - memcpy(uu____4, public_key, (size_t)1184U * sizeof (uint8_t)); - return - libcrux_kyber_types__libcrux_kyber__types__KyberKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t(uu____3, - uu____4); + memcpy(uu____4, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_kyber_types__libcrux_kyber__types__KyberKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( + uu____3, uu____4); } libcrux_kyber_types_KyberKeyPair___2400size_t_1184size_t libcrux_kyber_kyber768_generate_key_pair_768(uint8_t randomness[64U]) { uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof (uint8_t)); - return - libcrux_kyber_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t(uu____0); + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_kyber_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); } -void libcrux_kyber_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]) +void +libcrux_kyber_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, + uint8_t ret[64U]) { if (false) - if (!(core_slice___Slice_T___len(slice, uint8_t) <= (size_t)64U)) - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "assert failure"); + if (!(core_slice___Slice_T___len(slice, uint8_t) <= (size_t)64U)) { + KRML_HOST_EPRINTF( + "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "assert failure"); KRML_HOST_EXIT(255U); } uint8_t out[64U]; for (size_t i = (size_t)0U; i < (size_t)64U; i++) out[i] = 0U; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)64U, + uint8_t* uu____0 = out; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)64U, uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t) - } - ), + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t) }), uint8_t, core_ops_range_Range__size_t), slice, uint8_t); uint8_t uu____1[64U]; - memcpy(uu____1, out, (size_t)64U * sizeof (uint8_t)); - memcpy(ret, uu____1, (size_t)64U * sizeof (uint8_t)); + memcpy(uu____1, out, (size_t)64U * sizeof(uint8_t)); + memcpy(ret, uu____1, (size_t)64U * sizeof(uint8_t)); } -uint8_t -*libcrux_kyber_types__libcrux_kyber__types__KyberPublicKey_SIZE__18__as_slice___1184size_t( - uint8_t (*self)[1184U] -) +uint8_t* +libcrux_kyber_types__libcrux_kyber__types__KyberPublicKey_SIZE__18__as_slice___1184size_t( + uint8_t (*self)[1184U]) { return self[0U]; } @@ -3872,117 +3403,90 @@ uint8_t void libcrux_kyber_ind_cpa_deserialize_public_key___3size_t_1152size_t( Eurydice_slice public_key, - int32_t ret[3U][256U] -) + int32_t ret[3U][256U]) { int32_t t_as_ntt[3U][256U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) - memcpy(t_as_ntt[i], + memcpy( + t_as_ntt[i], libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement__ZERO, - (size_t)256U * sizeof (int32_t)); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(public_key, - uint8_t) - / libcrux_kyber_constants_BYTES_PER_RING_ELEMENT - } - ), - core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + (size_t)256U * sizeof(int32_t)); + core_ops_range_Range__size_t iter = core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(public_key, uint8_t) / + libcrux_kyber_constants_BYTES_PER_RING_ELEMENT }), + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; - Eurydice_slice - t_as_ntt_bytes = - Eurydice_slice_subslice(public_key, - ( - (core_ops_range_Range__size_t){ - .start = i * libcrux_kyber_constants_BYTES_PER_RING_ELEMENT, - .end = i - * libcrux_kyber_constants_BYTES_PER_RING_ELEMENT - + libcrux_kyber_constants_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t); + Eurydice_slice t_as_ntt_bytes = Eurydice_slice_subslice( + public_key, + ((core_ops_range_Range__size_t){ + .start = i * libcrux_kyber_constants_BYTES_PER_RING_ELEMENT, + .end = i * libcrux_kyber_constants_BYTES_PER_RING_ELEMENT + + libcrux_kyber_constants_BYTES_PER_RING_ELEMENT }), + uint8_t, + core_ops_range_Range__size_t); int32_t uu____1[256U]; - libcrux_kyber_serialize_deserialize_to_uncompressed_ring_element(t_as_ntt_bytes, uu____1); - memcpy(t_as_ntt[i], uu____1, (size_t)256U * sizeof (int32_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); + libcrux_kyber_serialize_deserialize_to_uncompressed_ring_element( + t_as_ntt_bytes, uu____1); + memcpy(t_as_ntt[i], uu____1, (size_t)256U * sizeof(int32_t)); } } int32_t uu____2[3U][256U]; - memcpy(uu____2, t_as_ntt, (size_t)3U * sizeof (int32_t [256U])); - memcpy(ret, uu____2, (size_t)3U * sizeof (int32_t [256U])); + memcpy(uu____2, t_as_ntt, (size_t)3U * sizeof(int32_t[256U])); + memcpy(ret, uu____2, (size_t)3U * sizeof(int32_t[256U])); } void libcrux_kyber_ind_cpa_sample_ring_element_cbd___3size_t_128size_t_2size_t( - uint8_t *prf_input, - uint8_t *domain_separator, - int32_t ret[3U][256U] -) + uint8_t* prf_input, + uint8_t* domain_separator, + int32_t ret[3U][256U]) { int32_t error_1[3U][256U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) - memcpy(error_1[i], + memcpy( + error_1[i], libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement__ZERO, - (size_t)256U * sizeof (int32_t)); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)3U } - ), - core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + (size_t)256U * sizeof(int32_t)); + core_ops_range_Range__size_t iter = core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)3U }), + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; prf_input[32U] = domain_separator[0U]; domain_separator[0U] = (uint32_t)domain_separator[0U] + 1U; uint8_t prf_output[128U]; - libcrux_kyber_hash_functions_PRF___128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t), - prf_output); + libcrux_kyber_hash_functions_PRF___128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); int32_t uu____1[256U]; - libcrux_kyber_sampling_sample_from_binomial_distribution___2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t), - uu____1); - memcpy(error_1[i], uu____1, (size_t)256U * sizeof (int32_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); + libcrux_kyber_sampling_sample_from_binomial_distribution___2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t), uu____1); + memcpy(error_1[i], uu____1, (size_t)256U * sizeof(int32_t)); } } int32_t uu____2[3U][256U]; - memcpy(uu____2, error_1, (size_t)3U * sizeof (int32_t [256U])); - memcpy(ret, uu____2, (size_t)3U * sizeof (int32_t [256U])); + memcpy(uu____2, error_1, (size_t)3U * sizeof(int32_t[256U])); + memcpy(ret, uu____2, (size_t)3U * sizeof(int32_t[256U])); } -void libcrux_kyber_ntt_invert_ntt_montgomery___3size_t(int32_t re[256U], int32_t ret[256U]) +void +libcrux_kyber_ntt_invert_ntt_montgomery___3size_t(int32_t re[256U], + int32_t ret[256U]) { - size_t zeta_i = libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + size_t zeta_i = + libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; libcrux_kyber_ntt_invert_ntt_at_layer(&zeta_i, re, (size_t)1U, re); libcrux_kyber_ntt_invert_ntt_at_layer(&zeta_i, re, (size_t)2U, re); libcrux_kyber_ntt_invert_ntt_at_layer(&zeta_i, re, (size_t)3U, re); @@ -3990,284 +3494,207 @@ void libcrux_kyber_ntt_invert_ntt_montgomery___3size_t(int32_t re[256U], int32_t libcrux_kyber_ntt_invert_ntt_at_layer(&zeta_i, re, (size_t)5U, re); libcrux_kyber_ntt_invert_ntt_at_layer(&zeta_i, re, (size_t)6U, re); libcrux_kyber_ntt_invert_ntt_at_layer(&zeta_i, re, (size_t)7U, re); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U } - ), - core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + core_ops_range_Range__size_t iter = core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)8U }), + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; int32_t uu____1 = libcrux_kyber_arithmetic_barrett_reduce(re[i]); re[i] = uu____1; } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } - memcpy(ret, re, (size_t)256U * sizeof (int32_t)); + memcpy(ret, re, (size_t)256U * sizeof(int32_t)); } void -libcrux_kyber_matrix_compute_vector_u___3size_t( - int32_t (*a_as_ntt)[3U][256U], - int32_t (*r_as_ntt)[256U], - int32_t (*error_1)[256U], - int32_t ret[3U][256U] -) +libcrux_kyber_matrix_compute_vector_u___3size_t(int32_t (*a_as_ntt)[3U][256U], + int32_t (*r_as_ntt)[256U], + int32_t (*error_1)[256U], + int32_t ret[3U][256U]) { int32_t result[3U][256U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) - memcpy(result[i], + memcpy( + result[i], libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement__ZERO, - (size_t)256U * sizeof (int32_t)); + (size_t)256U * sizeof(int32_t)); core_ops_range_Range__size_t lit0; lit0.start = (size_t)0U; - lit0.end = - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, - a_as_ntt, - Eurydice_error_t_cg_array), - int32_t [3U][256U]); - core_ops_range_Range__size_t - iter = core_iter_traits_collect__I__into_iter(lit0, core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + lit0.end = core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)3U, a_as_ntt, Eurydice_error_t_cg_array), + int32_t[3U][256U]); + core_ops_range_Range__size_t iter = + core_iter_traits_collect__I__into_iter(lit0, core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; - int32_t (*row)[256U] = a_as_ntt[i]; + int32_t(*row)[256U] = a_as_ntt[i]; core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, row, int32_t [256U]), - int32_t [256U]); - core_ops_range_Range__size_t - iter = core_iter_traits_collect__I__into_iter(lit, core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____1 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + lit.end = core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)3U, row, int32_t[256U]), int32_t[256U]); + core_ops_range_Range__size_t iter = + core_iter_traits_collect__I__into_iter(lit, + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____1 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____1.tag == core_option_None) break; - else if (uu____1.tag == core_option_Some) - { + else { size_t j = uu____1.f0; - int32_t (*a_element)[256U] = &row[j]; + int32_t(*a_element)[256U] = &row[j]; int32_t product[256U]; libcrux_kyber_ntt_ntt_multiply(a_element, &r_as_ntt[j], product); int32_t uu____2[256U]; - libcrux_kyber_arithmetic_add_to_ring_element___3size_t(result[i], &product, uu____2); - memcpy(result[i], uu____2, (size_t)256U * sizeof (int32_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); + libcrux_kyber_arithmetic_add_to_ring_element___3size_t( + result[i], &product, uu____2); + memcpy(result[i], uu____2, (size_t)256U * sizeof(int32_t)); } } int32_t uu____3[256U]; libcrux_kyber_ntt_invert_ntt_montgomery___3size_t(result[i], uu____3); - memcpy(result[i], uu____3, (size_t)256U * sizeof (int32_t)); - core_ops_range_Range__size_t - iter0 = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT - } - ), + memcpy(result[i], uu____3, (size_t)256U * sizeof(int32_t)); + core_ops_range_Range__size_t iter0 = + core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT }), core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____4 = core_iter_range__core__ops__range__Range_A__3__next(&iter0, size_t); + while (true) { + core_option_Option__size_t uu____4 = + core_iter_range__core__ops__range__Range_A__3__next(&iter0, size_t); if (uu____4.tag == core_option_None) break; - else if (uu____4.tag == core_option_Some) - { + else { size_t j = uu____4.f0; - int32_t - coefficient_normal_form = - libcrux_kyber_arithmetic_montgomery_reduce(result[i][j] * (int32_t)1441); - int32_t - uu____5 = libcrux_kyber_arithmetic_barrett_reduce(coefficient_normal_form + error_1[i][j]); + int32_t coefficient_normal_form = + libcrux_kyber_arithmetic_montgomery_reduce(result[i][j] * + (int32_t)1441); + int32_t uu____5 = libcrux_kyber_arithmetic_barrett_reduce( + coefficient_normal_form + error_1[i][j]); result[i][j] = uu____5; } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } int32_t uu____6[3U][256U]; - memcpy(uu____6, result, (size_t)3U * sizeof (int32_t [256U])); - memcpy(ret, uu____6, (size_t)3U * sizeof (int32_t [256U])); + memcpy(uu____6, result, (size_t)3U * sizeof(int32_t[256U])); + memcpy(ret, uu____6, (size_t)3U * sizeof(int32_t[256U])); } void -libcrux_kyber_matrix_compute_ring_element_v___3size_t( - int32_t (*t_as_ntt)[256U], - int32_t (*r_as_ntt)[256U], - int32_t (*error_2)[256U], - int32_t (*message)[256U], - int32_t ret[256U] -) +libcrux_kyber_matrix_compute_ring_element_v___3size_t(int32_t (*t_as_ntt)[256U], + int32_t (*r_as_ntt)[256U], + int32_t (*error_2)[256U], + int32_t (*message)[256U], + int32_t ret[256U]) { int32_t result[256U]; - memcpy(result, + memcpy( + result, libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement__ZERO, - (size_t)256U * sizeof (int32_t)); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)3U } - ), - core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + (size_t)256U * sizeof(int32_t)); + core_ops_range_Range__size_t iter = core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)3U }), + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; int32_t product[256U]; libcrux_kyber_ntt_ntt_multiply(&t_as_ntt[i], &r_as_ntt[i], product); - libcrux_kyber_arithmetic_add_to_ring_element___3size_t(result, &product, result); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); + libcrux_kyber_arithmetic_add_to_ring_element___3size_t( + result, &product, result); } } libcrux_kyber_ntt_invert_ntt_montgomery___3size_t(result, result); - core_ops_range_Range__size_t - iter0 = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT - } - ), - core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____1 = core_iter_range__core__ops__range__Range_A__3__next(&iter0, size_t); + core_ops_range_Range__size_t iter0 = core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT }), + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____1 = + core_iter_range__core__ops__range__Range_A__3__next(&iter0, size_t); if (uu____1.tag == core_option_None) break; - else if (uu____1.tag == core_option_Some) - { + else { size_t i = uu____1.f0; - int32_t - coefficient_normal_form = + int32_t coefficient_normal_form = libcrux_kyber_arithmetic_montgomery_reduce(result[i] * (int32_t)1441); - int32_t - uu____2 = - libcrux_kyber_arithmetic_barrett_reduce(coefficient_normal_form - + error_2[0U][i] - + message[0U][i]); + int32_t uu____2 = libcrux_kyber_arithmetic_barrett_reduce( + coefficient_normal_form + error_2[0U][i] + message[0U][i]); result[i] = uu____2; } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } - memcpy(ret, result, (size_t)256U * sizeof (int32_t)); + memcpy(ret, result, (size_t)256U * sizeof(int32_t)); } void libcrux_kyber_serialize_compress_then_serialize_10___320size_t( int32_t re[256U], - uint8_t ret[320U] -) + uint8_t ret[320U]) { uint8_t serialized[320U]; for (size_t i = (size_t)0U; i < (size_t)320U; i++) serialized[i] = 0U; core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)256U, re, int32_t), - int32_t) - / (size_t)4U; - core_ops_range_Range__size_t - iter = core_iter_traits_collect__I__into_iter(lit, core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + lit.end = core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)256U, re, int32_t), int32_t) / + (size_t)4U; + core_ops_range_Range__size_t iter = + core_iter_traits_collect__I__into_iter(lit, core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; - Eurydice_slice - coefficients = - Eurydice_array_to_subslice((size_t)256U, - re, - ( - (core_ops_range_Range__size_t){ - .start = i * (size_t)4U, - .end = i * (size_t)4U + (size_t)4U - } - ), - int32_t, - core_ops_range_Range__size_t); - int32_t - coefficient1 = - libcrux_kyber_compress_compress_ciphertext_coefficient(10U, - libcrux_kyber_arithmetic_to_unsigned_representative(Eurydice_slice_index(coefficients, - (size_t)0U, - int32_t))); - int32_t - coefficient2 = - libcrux_kyber_compress_compress_ciphertext_coefficient(10U, - libcrux_kyber_arithmetic_to_unsigned_representative(Eurydice_slice_index(coefficients, - (size_t)1U, - int32_t))); - int32_t - coefficient3 = - libcrux_kyber_compress_compress_ciphertext_coefficient(10U, - libcrux_kyber_arithmetic_to_unsigned_representative(Eurydice_slice_index(coefficients, - (size_t)2U, - int32_t))); - int32_t - coefficient4 = - libcrux_kyber_compress_compress_ciphertext_coefficient(10U, - libcrux_kyber_arithmetic_to_unsigned_representative(Eurydice_slice_index(coefficients, - (size_t)3U, - int32_t))); - K___uint8_t_uint8_t_uint8_t_uint8_t_uint8_t - uu____1 = - libcrux_kyber_serialize_compress_coefficients_10(coefficient1, - coefficient2, - coefficient3, - coefficient4); + Eurydice_slice coefficients = Eurydice_array_to_subslice( + (size_t)256U, + re, + ((core_ops_range_Range__size_t){ .start = i * (size_t)4U, + .end = i * (size_t)4U + (size_t)4U }), + int32_t, + core_ops_range_Range__size_t); + int32_t coefficient1 = + libcrux_kyber_compress_compress_ciphertext_coefficient( + 10U, + libcrux_kyber_arithmetic_to_unsigned_representative( + Eurydice_slice_index(coefficients, (size_t)0U, int32_t))); + int32_t coefficient2 = + libcrux_kyber_compress_compress_ciphertext_coefficient( + 10U, + libcrux_kyber_arithmetic_to_unsigned_representative( + Eurydice_slice_index(coefficients, (size_t)1U, int32_t))); + int32_t coefficient3 = + libcrux_kyber_compress_compress_ciphertext_coefficient( + 10U, + libcrux_kyber_arithmetic_to_unsigned_representative( + Eurydice_slice_index(coefficients, (size_t)2U, int32_t))); + int32_t coefficient4 = + libcrux_kyber_compress_compress_ciphertext_coefficient( + 10U, + libcrux_kyber_arithmetic_to_unsigned_representative( + Eurydice_slice_index(coefficients, (size_t)3U, int32_t))); + K___uint8_t_uint8_t_uint8_t_uint8_t_uint8_t uu____1 = + libcrux_kyber_serialize_compress_coefficients_10( + coefficient1, coefficient2, coefficient3, coefficient4); uint8_t coef1 = uu____1.fst; uint8_t coef2 = uu____1.snd; uint8_t coef3 = uu____1.thd; @@ -4279,113 +3706,91 @@ libcrux_kyber_serialize_compress_then_serialize_10___320size_t( serialized[(size_t)5U * i + (size_t)3U] = coef4; serialized[(size_t)5U * i + (size_t)4U] = coef5; } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } uint8_t uu____2[320U]; - memcpy(uu____2, serialized, (size_t)320U * sizeof (uint8_t)); - memcpy(ret, uu____2, (size_t)320U * sizeof (uint8_t)); + memcpy(uu____2, serialized, (size_t)320U * sizeof(uint8_t)); + memcpy(ret, uu____2, (size_t)320U * sizeof(uint8_t)); } void libcrux_kyber_serialize_compress_then_serialize_11___320size_t( int32_t re[256U], - uint8_t ret[320U] -) + uint8_t ret[320U]) { uint8_t serialized[320U]; for (size_t i = (size_t)0U; i < (size_t)320U; i++) serialized[i] = 0U; core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)256U, re, int32_t), - int32_t) - / (size_t)8U; - core_ops_range_Range__size_t - iter = core_iter_traits_collect__I__into_iter(lit, core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + lit.end = core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)256U, re, int32_t), int32_t) / + (size_t)8U; + core_ops_range_Range__size_t iter = + core_iter_traits_collect__I__into_iter(lit, core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; - Eurydice_slice - coefficients = - Eurydice_array_to_subslice((size_t)256U, - re, - ( - (core_ops_range_Range__size_t){ - .start = i * (size_t)8U, - .end = i * (size_t)8U + (size_t)8U - } - ), - int32_t, - core_ops_range_Range__size_t); - int32_t - coefficient1 = - libcrux_kyber_compress_compress_ciphertext_coefficient(11U, - libcrux_kyber_arithmetic_to_unsigned_representative(Eurydice_slice_index(coefficients, - (size_t)0U, - int32_t))); - int32_t - coefficient2 = - libcrux_kyber_compress_compress_ciphertext_coefficient(11U, - libcrux_kyber_arithmetic_to_unsigned_representative(Eurydice_slice_index(coefficients, - (size_t)1U, - int32_t))); - int32_t - coefficient3 = - libcrux_kyber_compress_compress_ciphertext_coefficient(11U, - libcrux_kyber_arithmetic_to_unsigned_representative(Eurydice_slice_index(coefficients, - (size_t)2U, - int32_t))); - int32_t - coefficient4 = - libcrux_kyber_compress_compress_ciphertext_coefficient(11U, - libcrux_kyber_arithmetic_to_unsigned_representative(Eurydice_slice_index(coefficients, - (size_t)3U, - int32_t))); - int32_t - coefficient5 = - libcrux_kyber_compress_compress_ciphertext_coefficient(11U, - libcrux_kyber_arithmetic_to_unsigned_representative(Eurydice_slice_index(coefficients, - (size_t)4U, - int32_t))); - int32_t - coefficient6 = - libcrux_kyber_compress_compress_ciphertext_coefficient(11U, - libcrux_kyber_arithmetic_to_unsigned_representative(Eurydice_slice_index(coefficients, - (size_t)5U, - int32_t))); - int32_t - coefficient7 = - libcrux_kyber_compress_compress_ciphertext_coefficient(11U, - libcrux_kyber_arithmetic_to_unsigned_representative(Eurydice_slice_index(coefficients, - (size_t)6U, - int32_t))); - int32_t - coefficient8 = - libcrux_kyber_compress_compress_ciphertext_coefficient(11U, - libcrux_kyber_arithmetic_to_unsigned_representative(Eurydice_slice_index(coefficients, - (size_t)7U, - int32_t))); + Eurydice_slice coefficients = Eurydice_array_to_subslice( + (size_t)256U, + re, + ((core_ops_range_Range__size_t){ .start = i * (size_t)8U, + .end = i * (size_t)8U + (size_t)8U }), + int32_t, + core_ops_range_Range__size_t); + int32_t coefficient1 = + libcrux_kyber_compress_compress_ciphertext_coefficient( + 11U, + libcrux_kyber_arithmetic_to_unsigned_representative( + Eurydice_slice_index(coefficients, (size_t)0U, int32_t))); + int32_t coefficient2 = + libcrux_kyber_compress_compress_ciphertext_coefficient( + 11U, + libcrux_kyber_arithmetic_to_unsigned_representative( + Eurydice_slice_index(coefficients, (size_t)1U, int32_t))); + int32_t coefficient3 = + libcrux_kyber_compress_compress_ciphertext_coefficient( + 11U, + libcrux_kyber_arithmetic_to_unsigned_representative( + Eurydice_slice_index(coefficients, (size_t)2U, int32_t))); + int32_t coefficient4 = + libcrux_kyber_compress_compress_ciphertext_coefficient( + 11U, + libcrux_kyber_arithmetic_to_unsigned_representative( + Eurydice_slice_index(coefficients, (size_t)3U, int32_t))); + int32_t coefficient5 = + libcrux_kyber_compress_compress_ciphertext_coefficient( + 11U, + libcrux_kyber_arithmetic_to_unsigned_representative( + Eurydice_slice_index(coefficients, (size_t)4U, int32_t))); + int32_t coefficient6 = + libcrux_kyber_compress_compress_ciphertext_coefficient( + 11U, + libcrux_kyber_arithmetic_to_unsigned_representative( + Eurydice_slice_index(coefficients, (size_t)5U, int32_t))); + int32_t coefficient7 = + libcrux_kyber_compress_compress_ciphertext_coefficient( + 11U, + libcrux_kyber_arithmetic_to_unsigned_representative( + Eurydice_slice_index(coefficients, (size_t)6U, int32_t))); + int32_t coefficient8 = + libcrux_kyber_compress_compress_ciphertext_coefficient( + 11U, + libcrux_kyber_arithmetic_to_unsigned_representative( + Eurydice_slice_index(coefficients, (size_t)7U, int32_t))); K___uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t_uint8_t - uu____1 = - libcrux_kyber_serialize_compress_coefficients_11(coefficient1, - coefficient2, - coefficient3, - coefficient4, - coefficient5, - coefficient6, - coefficient7, - coefficient8); + uu____1 = + libcrux_kyber_serialize_compress_coefficients_11(coefficient1, + coefficient2, + coefficient3, + coefficient4, + coefficient5, + coefficient6, + coefficient7, + coefficient8); uint8_t coef1 = uu____1.fst; uint8_t coef2 = uu____1.snd; uint8_t coef3 = uu____1.thd; @@ -4409,264 +3814,208 @@ libcrux_kyber_serialize_compress_then_serialize_11___320size_t( serialized[(size_t)11U * i + (size_t)9U] = coef10; serialized[(size_t)11U * i + (size_t)10U] = coef11; } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } uint8_t uu____2[320U]; - memcpy(uu____2, serialized, (size_t)320U * sizeof (uint8_t)); - memcpy(ret, uu____2, (size_t)320U * sizeof (uint8_t)); + memcpy(uu____2, serialized, (size_t)320U * sizeof(uint8_t)); + memcpy(ret, uu____2, (size_t)320U * sizeof(uint8_t)); } void libcrux_kyber_serialize_compress_then_serialize_ring_element_u___10size_t_320size_t( int32_t re[256U], - uint8_t ret[320U] -) + uint8_t ret[320U]) { uint8_t uu____0[320U]; int32_t uu____1[256U]; int32_t uu____2[256U]; - switch ((uint32_t)(size_t)10U) - { - case 10U: - { - memcpy(uu____1, re, (size_t)256U * sizeof (int32_t)); - libcrux_kyber_serialize_compress_then_serialize_10___320size_t(uu____1, uu____0); - break; - } - case 11U: - { - memcpy(uu____2, re, (size_t)256U * sizeof (int32_t)); - libcrux_kyber_serialize_compress_then_serialize_11___320size_t(uu____2, uu____0); - break; - } - default: - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } + switch ((uint32_t)(size_t)10U) { + case 10U: { + memcpy(uu____1, re, (size_t)256U * sizeof(int32_t)); + libcrux_kyber_serialize_compress_then_serialize_10___320size_t(uu____1, + uu____0); + break; + } + case 11U: { + memcpy(uu____2, re, (size_t)256U * sizeof(int32_t)); + libcrux_kyber_serialize_compress_then_serialize_11___320size_t(uu____2, + uu____0); + break; + } + default: { + KRML_HOST_EPRINTF( + "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); + } } - memcpy(ret, uu____0, (size_t)320U * sizeof (uint8_t)); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } void libcrux_kyber_ind_cpa_compress_then_serialize_u___3size_t_960size_t_10size_t_320size_t( int32_t input[3U][256U], - uint8_t ret[960U] -) + uint8_t ret[960U]) { uint8_t out[960U]; for (size_t i = (size_t)0U; i < (size_t)960U; i++) out[i] = 0U; core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)3U, input, int32_t [256U]), - int32_t [256U]); - core_ops_range_Range__size_t - iter = core_iter_traits_collect__I__into_iter(lit, core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + lit.end = core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)3U, input, int32_t[256U]), int32_t[256U]); + core_ops_range_Range__size_t iter = + core_iter_traits_collect__I__into_iter(lit, core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; - int32_t (*re)[256U] = &input[i]; - Eurydice_slice - uu____1 = - Eurydice_array_to_subslice((size_t)960U, - out, - ( - (core_ops_range_Range__size_t){ - .start = i * ((size_t)960U / (size_t)3U), - .end = (i + (size_t)1U) * ((size_t)960U / (size_t)3U) - } - ), - uint8_t, - core_ops_range_Range__size_t); + int32_t re[256U]; + memcpy(re, input[i], (size_t)256U * sizeof(int32_t)); + Eurydice_slice uu____1 = Eurydice_array_to_subslice( + (size_t)960U, + out, + ((core_ops_range_Range__size_t){ + .start = i * ((size_t)960U / (size_t)3U), + .end = (i + (size_t)1U) * ((size_t)960U / (size_t)3U) }), + uint8_t, + core_ops_range_Range__size_t); uint8_t ret[320U]; - libcrux_kyber_serialize_compress_then_serialize_ring_element_u___10size_t_320size_t(re[0U], - ret); - core_slice___Slice_T___copy_from_slice(uu____1, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t), - uint8_t); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); + libcrux_kyber_serialize_compress_then_serialize_ring_element_u___10size_t_320size_t( + re, ret); + core_slice___Slice_T___copy_from_slice( + uu____1, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } uint8_t uu____2[960U]; - memcpy(uu____2, out, (size_t)960U * sizeof (uint8_t)); - memcpy(ret, uu____2, (size_t)960U * sizeof (uint8_t)); + memcpy(uu____2, out, (size_t)960U * sizeof(uint8_t)); + memcpy(ret, uu____2, (size_t)960U * sizeof(uint8_t)); } void -libcrux_kyber_serialize_compress_then_serialize_4___128size_t( - int32_t re[256U], - uint8_t ret[128U] -) +libcrux_kyber_serialize_compress_then_serialize_4___128size_t(int32_t re[256U], + uint8_t ret[128U]) { uint8_t serialized[128U]; for (size_t i = (size_t)0U; i < (size_t)128U; i++) serialized[i] = 0U; core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)256U, re, int32_t), - int32_t) - / (size_t)2U; - core_ops_range_Range__size_t - iter = core_iter_traits_collect__I__into_iter(lit, core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + lit.end = core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)256U, re, int32_t), int32_t) / + (size_t)2U; + core_ops_range_Range__size_t iter = + core_iter_traits_collect__I__into_iter(lit, core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; - Eurydice_slice - coefficients = - Eurydice_array_to_subslice((size_t)256U, - re, - ( - (core_ops_range_Range__size_t){ - .start = i * (size_t)2U, - .end = i * (size_t)2U + (size_t)2U - } - ), - int32_t, - core_ops_range_Range__size_t); - uint8_t - coefficient1 = - (uint8_t)libcrux_kyber_compress_compress_ciphertext_coefficient(4U, - libcrux_kyber_arithmetic_to_unsigned_representative(Eurydice_slice_index(coefficients, - (size_t)0U, - int32_t))); - uint8_t - coefficient2 = - (uint8_t)libcrux_kyber_compress_compress_ciphertext_coefficient(4U, - libcrux_kyber_arithmetic_to_unsigned_representative(Eurydice_slice_index(coefficients, - (size_t)1U, - int32_t))); + Eurydice_slice coefficients = Eurydice_array_to_subslice( + (size_t)256U, + re, + ((core_ops_range_Range__size_t){ .start = i * (size_t)2U, + .end = i * (size_t)2U + (size_t)2U }), + int32_t, + core_ops_range_Range__size_t); + uint8_t coefficient1 = + (uint8_t)libcrux_kyber_compress_compress_ciphertext_coefficient( + 4U, + libcrux_kyber_arithmetic_to_unsigned_representative( + Eurydice_slice_index(coefficients, (size_t)0U, int32_t))); + uint8_t coefficient2 = + (uint8_t)libcrux_kyber_compress_compress_ciphertext_coefficient( + 4U, + libcrux_kyber_arithmetic_to_unsigned_representative( + Eurydice_slice_index(coefficients, (size_t)1U, int32_t))); serialized[i] = (uint32_t)coefficient2 << 4U | (uint32_t)coefficient1; } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } uint8_t uu____1[128U]; - memcpy(uu____1, serialized, (size_t)128U * sizeof (uint8_t)); - memcpy(ret, uu____1, (size_t)128U * sizeof (uint8_t)); + memcpy(uu____1, serialized, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, uu____1, (size_t)128U * sizeof(uint8_t)); } void -libcrux_kyber_serialize_compress_then_serialize_5___128size_t( - int32_t re[256U], - uint8_t ret[128U] -) +libcrux_kyber_serialize_compress_then_serialize_5___128size_t(int32_t re[256U], + uint8_t ret[128U]) { uint8_t serialized[128U]; for (size_t i = (size_t)0U; i < (size_t)128U; i++) serialized[i] = 0U; core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = - core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)256U, re, int32_t), - int32_t) - / (size_t)8U; - core_ops_range_Range__size_t - iter = core_iter_traits_collect__I__into_iter(lit, core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + lit.end = core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)256U, re, int32_t), int32_t) / + (size_t)8U; + core_ops_range_Range__size_t iter = + core_iter_traits_collect__I__into_iter(lit, core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; - Eurydice_slice - coefficients = - Eurydice_array_to_subslice((size_t)256U, - re, - ( - (core_ops_range_Range__size_t){ - .start = i * (size_t)8U, - .end = i * (size_t)8U + (size_t)8U - } - ), - int32_t, - core_ops_range_Range__size_t); - uint8_t - coefficient1 = - (uint8_t)libcrux_kyber_compress_compress_ciphertext_coefficient(5U, - libcrux_kyber_arithmetic_to_unsigned_representative(Eurydice_slice_index(coefficients, - (size_t)0U, - int32_t))); - uint8_t - coefficient2 = - (uint8_t)libcrux_kyber_compress_compress_ciphertext_coefficient(5U, - libcrux_kyber_arithmetic_to_unsigned_representative(Eurydice_slice_index(coefficients, - (size_t)1U, - int32_t))); - uint8_t - coefficient3 = - (uint8_t)libcrux_kyber_compress_compress_ciphertext_coefficient(5U, - libcrux_kyber_arithmetic_to_unsigned_representative(Eurydice_slice_index(coefficients, - (size_t)2U, - int32_t))); - uint8_t - coefficient4 = - (uint8_t)libcrux_kyber_compress_compress_ciphertext_coefficient(5U, - libcrux_kyber_arithmetic_to_unsigned_representative(Eurydice_slice_index(coefficients, - (size_t)3U, - int32_t))); - uint8_t - coefficient5 = - (uint8_t)libcrux_kyber_compress_compress_ciphertext_coefficient(5U, - libcrux_kyber_arithmetic_to_unsigned_representative(Eurydice_slice_index(coefficients, - (size_t)4U, - int32_t))); - uint8_t - coefficient6 = - (uint8_t)libcrux_kyber_compress_compress_ciphertext_coefficient(5U, - libcrux_kyber_arithmetic_to_unsigned_representative(Eurydice_slice_index(coefficients, - (size_t)5U, - int32_t))); - uint8_t - coefficient7 = - (uint8_t)libcrux_kyber_compress_compress_ciphertext_coefficient(5U, - libcrux_kyber_arithmetic_to_unsigned_representative(Eurydice_slice_index(coefficients, - (size_t)6U, - int32_t))); - uint8_t - coefficient8 = - (uint8_t)libcrux_kyber_compress_compress_ciphertext_coefficient(5U, - libcrux_kyber_arithmetic_to_unsigned_representative(Eurydice_slice_index(coefficients, - (size_t)7U, - int32_t))); - K___uint8_t_uint8_t_uint8_t_uint8_t_uint8_t - uu____1 = + Eurydice_slice coefficients = Eurydice_array_to_subslice( + (size_t)256U, + re, + ((core_ops_range_Range__size_t){ .start = i * (size_t)8U, + .end = i * (size_t)8U + (size_t)8U }), + int32_t, + core_ops_range_Range__size_t); + uint8_t coefficient1 = + (uint8_t)libcrux_kyber_compress_compress_ciphertext_coefficient( + 5U, + libcrux_kyber_arithmetic_to_unsigned_representative( + Eurydice_slice_index(coefficients, (size_t)0U, int32_t))); + uint8_t coefficient2 = + (uint8_t)libcrux_kyber_compress_compress_ciphertext_coefficient( + 5U, + libcrux_kyber_arithmetic_to_unsigned_representative( + Eurydice_slice_index(coefficients, (size_t)1U, int32_t))); + uint8_t coefficient3 = + (uint8_t)libcrux_kyber_compress_compress_ciphertext_coefficient( + 5U, + libcrux_kyber_arithmetic_to_unsigned_representative( + Eurydice_slice_index(coefficients, (size_t)2U, int32_t))); + uint8_t coefficient4 = + (uint8_t)libcrux_kyber_compress_compress_ciphertext_coefficient( + 5U, + libcrux_kyber_arithmetic_to_unsigned_representative( + Eurydice_slice_index(coefficients, (size_t)3U, int32_t))); + uint8_t coefficient5 = + (uint8_t)libcrux_kyber_compress_compress_ciphertext_coefficient( + 5U, + libcrux_kyber_arithmetic_to_unsigned_representative( + Eurydice_slice_index(coefficients, (size_t)4U, int32_t))); + uint8_t coefficient6 = + (uint8_t)libcrux_kyber_compress_compress_ciphertext_coefficient( + 5U, + libcrux_kyber_arithmetic_to_unsigned_representative( + Eurydice_slice_index(coefficients, (size_t)5U, int32_t))); + uint8_t coefficient7 = + (uint8_t)libcrux_kyber_compress_compress_ciphertext_coefficient( + 5U, + libcrux_kyber_arithmetic_to_unsigned_representative( + Eurydice_slice_index(coefficients, (size_t)6U, int32_t))); + uint8_t coefficient8 = + (uint8_t)libcrux_kyber_compress_compress_ciphertext_coefficient( + 5U, + libcrux_kyber_arithmetic_to_unsigned_representative( + Eurydice_slice_index(coefficients, (size_t)7U, int32_t))); + K___uint8_t_uint8_t_uint8_t_uint8_t_uint8_t uu____1 = libcrux_kyber_serialize_compress_coefficients_5(coefficient2, - coefficient1, - coefficient4, - coefficient3, - coefficient5, - coefficient7, - coefficient6, - coefficient8); + coefficient1, + coefficient4, + coefficient3, + coefficient5, + coefficient7, + coefficient6, + coefficient8); uint8_t coef1 = uu____1.fst; uint8_t coef2 = uu____1.snd; uint8_t coef3 = uu____1.thd; @@ -4678,77 +4027,70 @@ libcrux_kyber_serialize_compress_then_serialize_5___128size_t( serialized[(size_t)5U * i + (size_t)3U] = coef4; serialized[(size_t)5U * i + (size_t)4U] = coef5; } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } uint8_t uu____2[128U]; - memcpy(uu____2, serialized, (size_t)128U * sizeof (uint8_t)); - memcpy(ret, uu____2, (size_t)128U * sizeof (uint8_t)); + memcpy(uu____2, serialized, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, uu____2, (size_t)128U * sizeof(uint8_t)); } void libcrux_kyber_serialize_compress_then_serialize_ring_element_v___4size_t_128size_t( int32_t re[256U], - uint8_t ret[128U] -) + uint8_t ret[128U]) { uint8_t uu____0[128U]; int32_t uu____1[256U]; int32_t uu____2[256U]; - switch ((uint32_t)(size_t)4U) - { - case 4U: - { - memcpy(uu____1, re, (size_t)256U * sizeof (int32_t)); - libcrux_kyber_serialize_compress_then_serialize_4___128size_t(uu____1, uu____0); - break; - } - case 5U: - { - memcpy(uu____2, re, (size_t)256U * sizeof (int32_t)); - libcrux_kyber_serialize_compress_then_serialize_5___128size_t(uu____2, uu____0); - break; - } - default: - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } + switch ((uint32_t)(size_t)4U) { + case 4U: { + memcpy(uu____1, re, (size_t)256U * sizeof(int32_t)); + libcrux_kyber_serialize_compress_then_serialize_4___128size_t(uu____1, + uu____0); + break; + } + case 5U: { + memcpy(uu____2, re, (size_t)256U * sizeof(int32_t)); + libcrux_kyber_serialize_compress_then_serialize_5___128size_t(uu____2, + uu____0); + break; + } + default: { + KRML_HOST_EPRINTF( + "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); + } } - memcpy(ret, uu____0, (size_t)128U * sizeof (uint8_t)); + memcpy(ret, uu____0, (size_t)128U * sizeof(uint8_t)); } void -libcrux_kyber_ind_cpa_into_padded_array___1088size_t(Eurydice_slice slice, uint8_t ret[1088U]) +libcrux_kyber_ind_cpa_into_padded_array___1088size_t(Eurydice_slice slice, + uint8_t ret[1088U]) { if (false) - if (!(core_slice___Slice_T___len(slice, uint8_t) <= (size_t)1088U)) - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "assert failure"); + if (!(core_slice___Slice_T___len(slice, uint8_t) <= (size_t)1088U)) { + KRML_HOST_EPRINTF( + "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "assert failure"); KRML_HOST_EXIT(255U); } uint8_t out[1088U]; for (size_t i = (size_t)0U; i < (size_t)1088U; i++) out[i] = 0U; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1088U, + uint8_t* uu____0 = out; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1088U, uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t) - } - ), + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t) }), uint8_t, core_ops_range_Range__size_t), slice, uint8_t); uint8_t uu____1[1088U]; - memcpy(uu____1, out, (size_t)1088U * sizeof (uint8_t)); - memcpy(ret, uu____1, (size_t)1088U * sizeof (uint8_t)); + memcpy(uu____1, out, (size_t)1088U * sizeof(uint8_t)); + memcpy(ret, uu____1, (size_t)1088U * sizeof(uint8_t)); } void @@ -4756,12 +4098,13 @@ libcrux_kyber_ind_cpa_encrypt___3size_t_1088size_t_1152size_t_960size_t_128size_ Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[1088U] -) + uint8_t ret[1088U]) { int32_t t_as_ntt[3U][256U]; - libcrux_kyber_ind_cpa_deserialize_public_key___3size_t_1152size_t(public_key, t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); + libcrux_kyber_ind_cpa_deserialize_public_key___3size_t_1152size_t(public_key, + t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); int32_t A_transpose[3U][3U][256U]; uint8_t ret0[34U]; libcrux_kyber_ind_cpa_into_padded_array___34size_t(seed, ret0); @@ -4769,203 +4112,175 @@ libcrux_kyber_ind_cpa_encrypt___3size_t_1088size_t_1152size_t_960size_t_128size_ uint8_t prf_input[33U]; libcrux_kyber_ind_cpa_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof (uint8_t)); - K___libcrux_kyber_arithmetic_PolynomialRingElement_3size_t__uint8_t - uu____1 = - libcrux_kyber_ind_cpa_sample_vector_cbd_then_ntt___3size_t_2size_t_128size_t(uu____0, - 0U); + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + K___libcrux_kyber_arithmetic_PolynomialRingElement_3size_t__uint8_t uu____1 = + libcrux_kyber_ind_cpa_sample_vector_cbd_then_ntt___3size_t_2size_t_128size_t( + uu____0, 0U); int32_t r_as_ntt[3U][256U]; - memcpy(r_as_ntt, uu____1.fst, (size_t)3U * sizeof (int32_t [256U])); + memcpy(r_as_ntt, uu____1.fst, (size_t)3U * sizeof(int32_t[256U])); uint8_t domain_separator = uu____1.snd; int32_t error_1[3U][256U]; - libcrux_kyber_ind_cpa_sample_ring_element_cbd___3size_t_128size_t_2size_t(prf_input, - &domain_separator, - error_1); + libcrux_kyber_ind_cpa_sample_ring_element_cbd___3size_t_128size_t_2size_t( + prf_input, &domain_separator, error_1); prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_kyber_hash_functions_PRF___128size_t(Eurydice_array_to_slice((size_t)33U, - prf_input, - uint8_t), - prf_output); + libcrux_kyber_hash_functions_PRF___128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); int32_t error_2[256U]; - libcrux_kyber_sampling_sample_from_binomial_distribution___2size_t(Eurydice_array_to_slice((size_t)128U, - prf_output, - uint8_t), - error_2); + libcrux_kyber_sampling_sample_from_binomial_distribution___2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t), error_2); int32_t u[3U][256U]; - libcrux_kyber_matrix_compute_vector_u___3size_t(A_transpose, r_as_ntt, error_1, u); + libcrux_kyber_matrix_compute_vector_u___3size_t( + A_transpose, r_as_ntt, error_1, u); uint8_t uu____2[32U]; - memcpy(uu____2, message, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____2, message, (size_t)32U * sizeof(uint8_t)); int32_t message_as_ring_element[256U]; - libcrux_kyber_serialize_deserialize_then_decompress_message(uu____2, message_as_ring_element); + libcrux_kyber_serialize_deserialize_then_decompress_message( + uu____2, message_as_ring_element); int32_t v[256U]; - libcrux_kyber_matrix_compute_ring_element_v___3size_t(t_as_ntt, - r_as_ntt, - &error_2, - &message_as_ring_element, - v); + libcrux_kyber_matrix_compute_ring_element_v___3size_t( + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element, v); int32_t uu____3[3U][256U]; - memcpy(uu____3, u, (size_t)3U * sizeof (int32_t [256U])); + memcpy(uu____3, u, (size_t)3U * sizeof(int32_t[256U])); uint8_t c1[960U]; - libcrux_kyber_ind_cpa_compress_then_serialize_u___3size_t_960size_t_10size_t_320size_t(uu____3, - c1); + libcrux_kyber_ind_cpa_compress_then_serialize_u___3size_t_960size_t_10size_t_320size_t( + uu____3, c1); uint8_t c2[128U]; - libcrux_kyber_serialize_compress_then_serialize_ring_element_v___4size_t_128size_t(v, c2); + libcrux_kyber_serialize_compress_then_serialize_ring_element_v___4size_t_128size_t( + v, c2); uint8_t ciphertext[1088U]; - libcrux_kyber_ind_cpa_into_padded_array___1088size_t(Eurydice_array_to_slice((size_t)960U, - c1, - uint8_t), - ciphertext); - Eurydice_slice - uu____4 = - Eurydice_array_to_subslice_from((size_t)1088U, - ciphertext, - (size_t)960U, - uint8_t, - size_t); - core_slice___Slice_T___copy_from_slice(uu____4, + libcrux_kyber_ind_cpa_into_padded_array___1088size_t( + Eurydice_array_to_slice((size_t)960U, c1, uint8_t), ciphertext); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____4, core_array___Array_T__N__23__as_slice((size_t)128U, c2, uint8_t), uint8_t); uint8_t uu____5[1088U]; - memcpy(uu____5, ciphertext, (size_t)1088U * sizeof (uint8_t)); - memcpy(ret, uu____5, (size_t)1088U * sizeof (uint8_t)); + memcpy(uu____5, ciphertext, (size_t)1088U * sizeof(uint8_t)); + memcpy(ret, uu____5, (size_t)1088U * sizeof(uint8_t)); } K___libcrux_kyber_types_KyberCiphertext__1088size_t___uint8_t_32size_t_ libcrux_kyber_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( uint8_t (*public_key)[1184U], - uint8_t randomness[32U] -) + uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_kyber_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - randomness, - uint8_t), - to_hash); - Eurydice_slice - uu____0 = + libcrux_kyber_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from((size_t)64U, - to_hash, - libcrux_kyber_constants_H_DIGEST_SIZE, - uint8_t, - size_t); + to_hash, + libcrux_kyber_constants_H_DIGEST_SIZE, + uint8_t, + size_t); uint8_t ret[32U]; - libcrux_kyber_hash_functions_H(Eurydice_array_to_slice((size_t)1184U, - libcrux_kyber_types__libcrux_kyber__types__KyberPublicKey_SIZE__18__as_slice___1184size_t(public_key), + libcrux_kyber_hash_functions_H( + Eurydice_array_to_slice( + (size_t)1184U, + libcrux_kyber_types__libcrux_kyber__types__KyberPublicKey_SIZE__18__as_slice___1184size_t( + public_key), uint8_t), ret); - core_slice___Slice_T___copy_from_slice(uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t), - uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_kyber_hash_functions_G(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + libcrux_kyber_hash_functions_G( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), libcrux_kyber_constants_SHARED_SECRET_SIZE, uint8_t); Eurydice_slice shared_secret0 = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice - uu____2 = - Eurydice_array_to_slice((size_t)1184U, - libcrux_kyber_types__libcrux_kyber__types__KyberPublicKey_SIZE__18__as_slice___1184size_t(public_key), - uint8_t); + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, + libcrux_kyber_types__libcrux_kyber__types__KyberPublicKey_SIZE__18__as_slice___1184size_t( + public_key), + uint8_t); uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_kyber_ind_cpa_encrypt___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____2, - uu____3, - pseudorandomness, - ciphertext); + libcrux_kyber_ind_cpa_encrypt___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, shared_secret0, Eurydice_slice, uint8_t [32U]); - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError uu____4 = dst; - if (!(uu____4.tag == core_result_Ok)) - { - if (uu____4.tag == core_result_Err) - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } + Eurydice_slice_to_array2(&dst, shared_secret0, Eurydice_slice, uint8_t[32U]); + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError uu____4 = + dst; + if (!(uu____4.tag == core_result_Ok)) { + KRML_HOST_EPRINTF( + "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); } - uint8_t ss[32U]; - memcpy(ss, uu____4.val.case_Ok, (size_t)32U * sizeof (uint8_t)); + uint8_t shared_secret1[32U]; + memcpy(shared_secret1, uu____4.val.case_Ok, (size_t)32U * sizeof(uint8_t)); uint8_t shared_secret[32U]; - memcpy(shared_secret, ss, (size_t)32U * sizeof (uint8_t)); + memcpy(shared_secret, shared_secret1, (size_t)32U * sizeof(uint8_t)); uint8_t uu____5[1088U]; - memcpy(uu____5, ciphertext, (size_t)1088U * sizeof (uint8_t)); + memcpy(uu____5, ciphertext, (size_t)1088U * sizeof(uint8_t)); uint8_t uu____6[1088U]; - memcpy(uu____6, uu____5, (size_t)1088U * sizeof (uint8_t)); + memcpy(uu____6, uu____5, (size_t)1088U * sizeof(uint8_t)); uint8_t uu____7[32U]; - memcpy(uu____7, shared_secret, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____7, shared_secret, (size_t)32U * sizeof(uint8_t)); K___libcrux_kyber_types_KyberCiphertext__1088size_t___uint8_t_32size_t_ lit; - memcpy(lit.fst, uu____6, (size_t)1088U * sizeof (uint8_t)); - memcpy(lit.snd, uu____7, (size_t)32U * sizeof (uint8_t)); + memcpy(lit.fst, uu____6, (size_t)1088U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)32U * sizeof(uint8_t)); return lit; } K___libcrux_kyber_types_KyberCiphertext__1088size_t___uint8_t_32size_t_ -libcrux_kyber_kyber768_encapsulate_768(uint8_t (*public_key)[1184U], uint8_t randomness[32U]) +libcrux_kyber_kyber768_encapsulate_768(uint8_t (*public_key)[1184U], + uint8_t randomness[32U]) { - uint8_t (*uu____0)[1184U] = public_key; + uint8_t(*uu____0)[1184U] = public_key; uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof (uint8_t)); - return - libcrux_kyber_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____0, - uu____1); + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_kyber_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); } K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t libcrux_kyber_types__libcrux_kyber__types__KyberPrivateKey_SIZE__12__split_at___2400size_t( uint8_t (*self)[2400U], - size_t mid -) + size_t mid) { - return - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)2400U, self[0U], uint8_t), - mid, - uint8_t); + return core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, self[0U], uint8_t), mid, uint8_t); } void libcrux_kyber_serialize_deserialize_then_decompress_ring_element_u___10size_t( Eurydice_slice serialized, - int32_t ret[256U] -) + int32_t ret[256U]) { int32_t uu____0[256U]; Eurydice_slice uu____1; Eurydice_slice uu____2; - switch ((uint32_t)(size_t)10U) - { - case 10U: - { - uu____1 = serialized; - libcrux_kyber_serialize_deserialize_then_decompress_10(uu____1, uu____0); - break; - } - case 11U: - { - uu____2 = serialized; - libcrux_kyber_serialize_deserialize_then_decompress_11(uu____2, uu____0); - break; - } - default: - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } + switch ((uint32_t)(size_t)10U) { + case 10U: { + uu____1 = serialized; + libcrux_kyber_serialize_deserialize_then_decompress_10(uu____1, uu____0); + break; + } + case 11U: { + uu____2 = serialized; + libcrux_kyber_serialize_deserialize_then_decompress_11(uu____2, uu____0); + break; + } + default: { + KRML_HOST_EPRINTF( + "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); + } } - memcpy(ret, uu____0, (size_t)256U * sizeof (int32_t)); + memcpy(ret, uu____0, (size_t)256U * sizeof(int32_t)); } -void libcrux_kyber_ntt_ntt_vector_u___10size_t(int32_t re[256U], int32_t ret[256U]) +void +libcrux_kyber_ntt_ntt_vector_u___10size_t(int32_t re[256U], int32_t ret[256U]) { size_t zeta_i = (size_t)0U; libcrux_kyber_ntt_ntt_at_layer_3328(&zeta_i, re, (size_t)7U, re); @@ -4975,363 +4290,289 @@ void libcrux_kyber_ntt_ntt_vector_u___10size_t(int32_t re[256U], int32_t ret[256 libcrux_kyber_ntt_ntt_at_layer_3328(&zeta_i, re, (size_t)3U, re); libcrux_kyber_ntt_ntt_at_layer_3328(&zeta_i, re, (size_t)2U, re); libcrux_kyber_ntt_ntt_at_layer_3328(&zeta_i, re, (size_t)1U, re); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT - } - ), - core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + core_ops_range_Range__size_t iter = core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT }), + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; int32_t uu____1 = libcrux_kyber_arithmetic_barrett_reduce(re[i]); re[i] = uu____1; } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } - memcpy(ret, re, (size_t)256U * sizeof (int32_t)); + memcpy(ret, re, (size_t)256U * sizeof(int32_t)); } void libcrux_kyber_ind_cpa_deserialize_then_decompress_u___3size_t_1088size_t_960size_t_10size_t( - uint8_t *ciphertext, - int32_t ret[3U][256U] -) + uint8_t* ciphertext, + int32_t ret[3U][256U]) { int32_t u_as_ntt[3U][256U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) - memcpy(u_as_ntt[i], + memcpy( + u_as_ntt[i], libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement__ZERO, - (size_t)256U * sizeof (int32_t)); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(Eurydice_array_to_slice((size_t)1088U, - ciphertext, - uint8_t), - uint8_t) - / (libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) - } - ), - core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + (size_t)256U * sizeof(int32_t)); + core_ops_range_Range__size_t iter = core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), + uint8_t) / + (libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) }), + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; - Eurydice_slice - u_bytes = - Eurydice_array_to_subslice((size_t)1088U, - ciphertext, - ( - (core_ops_range_Range__size_t){ - .start = i - * (libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U), - .end = i - * (libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U) - + libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U - } - ), - uint8_t, - core_ops_range_Range__size_t); + Eurydice_slice u_bytes = Eurydice_array_to_subslice( + (size_t)1088U, + ciphertext, + ((core_ops_range_Range__size_t){ + .start = i * (libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + .end = i * (libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U }), + uint8_t, + core_ops_range_Range__size_t); int32_t u[256U]; - libcrux_kyber_serialize_deserialize_then_decompress_ring_element_u___10size_t(u_bytes, u); + libcrux_kyber_serialize_deserialize_then_decompress_ring_element_u___10size_t( + u_bytes, u); int32_t uu____1[256U]; libcrux_kyber_ntt_ntt_vector_u___10size_t(u, uu____1); - memcpy(u_as_ntt[i], uu____1, (size_t)256U * sizeof (int32_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); + memcpy(u_as_ntt[i], uu____1, (size_t)256U * sizeof(int32_t)); } } int32_t uu____2[3U][256U]; - memcpy(uu____2, u_as_ntt, (size_t)3U * sizeof (int32_t [256U])); - memcpy(ret, uu____2, (size_t)3U * sizeof (int32_t [256U])); + memcpy(uu____2, u_as_ntt, (size_t)3U * sizeof(int32_t[256U])); + memcpy(ret, uu____2, (size_t)3U * sizeof(int32_t[256U])); } void libcrux_kyber_serialize_deserialize_then_decompress_ring_element_v___4size_t( Eurydice_slice serialized, - int32_t ret[256U] -) + int32_t ret[256U]) { int32_t uu____0[256U]; Eurydice_slice uu____1; Eurydice_slice uu____2; - switch ((uint32_t)(size_t)4U) - { - case 4U: - { - uu____1 = serialized; - libcrux_kyber_serialize_deserialize_then_decompress_4(uu____1, uu____0); - break; - } - case 5U: - { - uu____2 = serialized; - libcrux_kyber_serialize_deserialize_then_decompress_5(uu____2, uu____0); - break; - } - default: - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } + switch ((uint32_t)(size_t)4U) { + case 4U: { + uu____1 = serialized; + libcrux_kyber_serialize_deserialize_then_decompress_4(uu____1, uu____0); + break; + } + case 5U: { + uu____2 = serialized; + libcrux_kyber_serialize_deserialize_then_decompress_5(uu____2, uu____0); + break; + } + default: { + KRML_HOST_EPRINTF( + "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); + KRML_HOST_EXIT(255U); + } } - memcpy(ret, uu____0, (size_t)256U * sizeof (int32_t)); + memcpy(ret, uu____0, (size_t)256U * sizeof(int32_t)); } void libcrux_kyber_ind_cpa_deserialize_secret_key___3size_t( Eurydice_slice secret_key, - int32_t ret[3U][256U] -) + int32_t ret[3U][256U]) { int32_t secret_as_ntt[3U][256U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) - memcpy(secret_as_ntt[i], + memcpy( + secret_as_ntt[i], libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement__ZERO, - (size_t)256U * sizeof (int32_t)); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(secret_key, - uint8_t) - / libcrux_kyber_constants_BYTES_PER_RING_ELEMENT - } - ), - core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + (size_t)256U * sizeof(int32_t)); + core_ops_range_Range__size_t iter = core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(secret_key, uint8_t) / + libcrux_kyber_constants_BYTES_PER_RING_ELEMENT }), + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; - Eurydice_slice - secret_bytes = - Eurydice_slice_subslice(secret_key, - ( - (core_ops_range_Range__size_t){ - .start = i * libcrux_kyber_constants_BYTES_PER_RING_ELEMENT, - .end = i - * libcrux_kyber_constants_BYTES_PER_RING_ELEMENT - + libcrux_kyber_constants_BYTES_PER_RING_ELEMENT - } - ), - uint8_t, - core_ops_range_Range__size_t); + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + ((core_ops_range_Range__size_t){ + .start = i * libcrux_kyber_constants_BYTES_PER_RING_ELEMENT, + .end = i * libcrux_kyber_constants_BYTES_PER_RING_ELEMENT + + libcrux_kyber_constants_BYTES_PER_RING_ELEMENT }), + uint8_t, + core_ops_range_Range__size_t); int32_t uu____1[256U]; - libcrux_kyber_serialize_deserialize_to_uncompressed_ring_element(secret_bytes, uu____1); - memcpy(secret_as_ntt[i], uu____1, (size_t)256U * sizeof (int32_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); + libcrux_kyber_serialize_deserialize_to_uncompressed_ring_element( + secret_bytes, uu____1); + memcpy(secret_as_ntt[i], uu____1, (size_t)256U * sizeof(int32_t)); } } int32_t uu____2[3U][256U]; - memcpy(uu____2, secret_as_ntt, (size_t)3U * sizeof (int32_t [256U])); - memcpy(ret, uu____2, (size_t)3U * sizeof (int32_t [256U])); + memcpy(uu____2, secret_as_ntt, (size_t)3U * sizeof(int32_t[256U])); + memcpy(ret, uu____2, (size_t)3U * sizeof(int32_t[256U])); } void -libcrux_kyber_matrix_compute_message___3size_t( - int32_t (*v)[256U], - int32_t (*secret_as_ntt)[256U], - int32_t (*u_as_ntt)[256U], - int32_t ret[256U] -) +libcrux_kyber_matrix_compute_message___3size_t(int32_t (*v)[256U], + int32_t (*secret_as_ntt)[256U], + int32_t (*u_as_ntt)[256U], + int32_t ret[256U]) { int32_t result[256U]; - memcpy(result, + memcpy( + result, libcrux_kyber_arithmetic__libcrux_kyber__arithmetic__PolynomialRingElement__ZERO, - (size_t)256U * sizeof (int32_t)); - core_ops_range_Range__size_t - iter = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)3U } - ), - core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + (size_t)256U * sizeof(int32_t)); + core_ops_range_Range__size_t iter = core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)3U }), + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; int32_t product[256U]; libcrux_kyber_ntt_ntt_multiply(&secret_as_ntt[i], &u_as_ntt[i], product); - libcrux_kyber_arithmetic_add_to_ring_element___3size_t(result, &product, result); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); + libcrux_kyber_arithmetic_add_to_ring_element___3size_t( + result, &product, result); } } libcrux_kyber_ntt_invert_ntt_montgomery___3size_t(result, result); - core_ops_range_Range__size_t - iter0 = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT - } - ), - core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____1 = core_iter_range__core__ops__range__Range_A__3__next(&iter0, size_t); + core_ops_range_Range__size_t iter0 = core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = libcrux_kyber_constants_COEFFICIENTS_IN_RING_ELEMENT }), + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____1 = + core_iter_range__core__ops__range__Range_A__3__next(&iter0, size_t); if (uu____1.tag == core_option_None) break; - else if (uu____1.tag == core_option_Some) - { + else { size_t i = uu____1.f0; - int32_t - coefficient_normal_form = + int32_t coefficient_normal_form = libcrux_kyber_arithmetic_montgomery_reduce(result[i] * (int32_t)1441); - int32_t uu____2 = libcrux_kyber_arithmetic_barrett_reduce(v[0U][i] - coefficient_normal_form); + int32_t uu____2 = libcrux_kyber_arithmetic_barrett_reduce( + v[0U][i] - coefficient_normal_form); result[i] = uu____2; } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); - } } - memcpy(ret, result, (size_t)256U * sizeof (int32_t)); + memcpy(ret, result, (size_t)256U * sizeof(int32_t)); } void libcrux_kyber_ind_cpa_decrypt___3size_t_1088size_t_960size_t_10size_t_4size_t( Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U] -) + uint8_t* ciphertext, + uint8_t ret[32U]) { int32_t u_as_ntt[3U][256U]; - libcrux_kyber_ind_cpa_deserialize_then_decompress_u___3size_t_1088size_t_960size_t_10size_t(ciphertext, - u_as_ntt); + libcrux_kyber_ind_cpa_deserialize_then_decompress_u___3size_t_1088size_t_960size_t_10size_t( + ciphertext, u_as_ntt); int32_t v[256U]; - libcrux_kyber_serialize_deserialize_then_decompress_ring_element_v___4size_t(Eurydice_array_to_subslice_from((size_t)1088U, - ciphertext, - (size_t)960U, - uint8_t, - size_t), + libcrux_kyber_serialize_deserialize_then_decompress_ring_element_v___4size_t( + Eurydice_array_to_subslice_from( + (size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t), v); int32_t secret_as_ntt[3U][256U]; - libcrux_kyber_ind_cpa_deserialize_secret_key___3size_t(secret_key, secret_as_ntt); + libcrux_kyber_ind_cpa_deserialize_secret_key___3size_t(secret_key, + secret_as_ntt); int32_t message[256U]; - libcrux_kyber_matrix_compute_message___3size_t(&v, secret_as_ntt, u_as_ntt, message); + libcrux_kyber_matrix_compute_message___3size_t( + &v, secret_as_ntt, u_as_ntt, message); uint8_t ret0[32U]; libcrux_kyber_serialize_compress_then_serialize_message(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } void -libcrux_kyber_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, uint8_t ret[1120U]) +libcrux_kyber_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, + uint8_t ret[1120U]) { if (false) - if (!(core_slice___Slice_T___len(slice, uint8_t) <= (size_t)1120U)) - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "assert failure"); + if (!(core_slice___Slice_T___len(slice, uint8_t) <= (size_t)1120U)) { + KRML_HOST_EPRINTF( + "KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "assert failure"); KRML_HOST_EXIT(255U); } uint8_t out[1120U]; for (size_t i = (size_t)0U; i < (size_t)1120U; i++) out[i] = 0U; - uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice((size_t)1120U, + uint8_t* uu____0 = out; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1120U, uu____0, - ( - (core_ops_range_Range__size_t){ - .start = (size_t)0U, - .end = core_slice___Slice_T___len(slice, uint8_t) - } - ), + ((core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = core_slice___Slice_T___len(slice, uint8_t) }), uint8_t, core_ops_range_Range__size_t), slice, uint8_t); uint8_t uu____1[1120U]; - memcpy(uu____1, out, (size_t)1120U * sizeof (uint8_t)); - memcpy(ret, uu____1, (size_t)1120U * sizeof (uint8_t)); + memcpy(uu____1, out, (size_t)1120U * sizeof(uint8_t)); + memcpy(ret, uu____1, (size_t)1120U * sizeof(uint8_t)); } Eurydice_slice libcrux_kyber_types__libcrux_kyber__types__KyberCiphertext_SIZE__1__as_ref___1088size_t( - uint8_t (*self)[1088U] -) + uint8_t (*self)[1088U]) { return Eurydice_array_to_slice((size_t)1088U, self[0U], uint8_t); } -void libcrux_kyber_hash_functions_PRF___32size_t(Eurydice_slice input, uint8_t ret[32U]) +void +libcrux_kyber_hash_functions_PRF___32size_t(Eurydice_slice input, + uint8_t ret[32U]) { uint8_t ret0[32U]; libcrux_digest_shake256((size_t)32U, input, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } uint8_t libcrux_kyber_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( Eurydice_slice lhs, - Eurydice_slice rhs -) + Eurydice_slice rhs) { uint8_t r = 0U; - core_ops_range_Range__size_t - iter = - core_iter_traits_collect__I__into_iter(( - (core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1088U } - ), - core_ops_range_Range__size_t); - while (true) - { - core_option_Option__size_t - uu____0 = core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); + core_ops_range_Range__size_t iter = core_iter_traits_collect__I__into_iter( + ((core_ops_range_Range__size_t){ .start = (size_t)0U, + .end = (size_t)1088U }), + core_ops_range_Range__size_t); + while (true) { + core_option_Option__size_t uu____0 = + core_iter_range__core__ops__range__Range_A__3__next(&iter, size_t); if (uu____0.tag == core_option_None) break; - else if (uu____0.tag == core_option_Some) - { + else { size_t i = uu____0.f0; uint8_t uu____1 = Eurydice_slice_index(lhs, i, uint8_t); - r = (uint32_t)r | ((uint32_t)uu____1 ^ (uint32_t)Eurydice_slice_index(rhs, i, uint8_t)); - } - else - { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); - KRML_HOST_EXIT(255U); + r = (uint32_t)r | + ((uint32_t)uu____1 ^ (uint32_t)Eurydice_slice_index(rhs, i, uint8_t)); } } return libcrux_kyber_constant_time_ops_is_non_zero(r); @@ -5341,110 +4582,99 @@ void libcrux_kyber_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( uint8_t (*secret_key)[2400U], uint8_t (*ciphertext)[1088U], - uint8_t ret[32U] -) + uint8_t ret[32U]) { - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____0 = - libcrux_kyber_types__libcrux_kyber__types__KyberPrivateKey_SIZE__12__split_at___2400size_t(secret_key, - (size_t)1152U); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + libcrux_kyber_types__libcrux_kyber__types__KyberPrivateKey_SIZE__12__split_at___2400size_t( + secret_key, (size_t)1152U); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____1 = core_slice___Slice_T___split_at(secret_key0, (size_t)1184U, uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at(secret_key0, (size_t)1184U, uint8_t); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key1 = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____2 = - core_slice___Slice_T___split_at(secret_key1, - libcrux_kyber_constants_H_DIGEST_SIZE, - uint8_t); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key1, libcrux_kyber_constants_H_DIGEST_SIZE, uint8_t); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_kyber_ind_cpa_decrypt___3size_t_1088size_t_960size_t_10size_t_4size_t(ind_cpa_secret_key, - ciphertext[0U], - decrypted); + libcrux_kyber_ind_cpa_decrypt___3size_t_1088size_t_960size_t_10size_t_4size_t( + ind_cpa_secret_key, ciphertext[0U], decrypted); uint8_t to_hash0[64U]; - libcrux_kyber_ind_cpa_into_padded_array___64size_t(Eurydice_array_to_slice((size_t)32U, - decrypted, - uint8_t), - to_hash0); - core_slice___Slice_T___copy_from_slice(Eurydice_array_to_subslice_from((size_t)64U, - to_hash0, - libcrux_kyber_constants_SHARED_SECRET_SIZE, - uint8_t, - size_t), + libcrux_kyber_ind_cpa_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)64U, + to_hash0, + libcrux_kyber_constants_SHARED_SECRET_SIZE, + uint8_t, + size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_kyber_hash_functions_G(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), - hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t - uu____3 = - core_slice___Slice_T___split_at(Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + libcrux_kyber_hash_functions_G( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), libcrux_kyber_constants_SHARED_SECRET_SIZE, uint8_t); Eurydice_slice shared_secret = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_kyber_ind_cpa_into_padded_array___1120size_t(implicit_rejection_value, to_hash); - Eurydice_slice - uu____4 = + libcrux_kyber_ind_cpa_into_padded_array___1120size_t(implicit_rejection_value, + to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from((size_t)1120U, - to_hash, - libcrux_kyber_constants_SHARED_SECRET_SIZE, - uint8_t, - size_t); - core_slice___Slice_T___copy_from_slice(uu____4, - libcrux_kyber_types__libcrux_kyber__types__KyberCiphertext_SIZE__1__as_ref___1088size_t(ciphertext), + to_hash, + libcrux_kyber_constants_SHARED_SECRET_SIZE, + uint8_t, + size_t); + core_slice___Slice_T___copy_from_slice( + uu____4, + libcrux_kyber_types__libcrux_kyber__types__KyberCiphertext_SIZE__1__as_ref___1088size_t( + ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_kyber_hash_functions_PRF___32size_t(Eurydice_array_to_slice((size_t)1120U, - to_hash, - uint8_t), + libcrux_kyber_hash_functions_PRF___32size_t( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof (uint8_t)); + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_kyber_ind_cpa_encrypt___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t(uu____5, - uu____6, - pseudorandomness, - expected_ciphertext); - Eurydice_slice - uu____7 = - libcrux_kyber_types__libcrux_kyber__types__KyberCiphertext_SIZE__1__as_ref___1088size_t(ciphertext); - uint8_t - selector = - libcrux_kyber_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t(uu____7, + libcrux_kyber_ind_cpa_encrypt___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____5, uu____6, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____7 = + libcrux_kyber_types__libcrux_kyber__types__KyberCiphertext_SIZE__1__as_ref___1088size_t( + ciphertext); + uint8_t selector = + libcrux_kyber_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + uu____7, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); Eurydice_slice uu____8 = shared_secret; uint8_t ret0[32U]; - libcrux_kyber_constant_time_ops_select_shared_secret_in_constant_time(uu____8, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), + libcrux_kyber_constant_time_ops_select_shared_secret_in_constant_time( + uu____8, + Eurydice_array_to_slice( + (size_t)32U, implicit_rejection_shared_secret, uint8_t), selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } void -libcrux_kyber_kyber768_decapsulate_768( - uint8_t (*secret_key)[2400U], - uint8_t (*ciphertext)[1088U], - uint8_t ret[32U] -) +libcrux_kyber_kyber768_decapsulate_768(uint8_t (*secret_key)[2400U], + uint8_t (*ciphertext)[1088U], + uint8_t ret[32U]) { uint8_t ret0[32U]; - libcrux_kyber_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t(secret_key, - ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof (uint8_t)); + libcrux_kyber_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + secret_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -const -size_t -libcrux_kyber_KEY_GENERATION_SEED_SIZE = - libcrux_kyber_constants_CPA_PKE_KEY_GENERATION_SEED_SIZE - + libcrux_kyber_constants_SHARED_SECRET_SIZE; - +const size_t libcrux_kyber_KEY_GENERATION_SEED_SIZE = + libcrux_kyber_constants_CPA_PKE_KEY_GENERATION_SEED_SIZE + + libcrux_kyber_constants_SHARED_SECRET_SIZE;