From 75ca451a323d4ed369a5e0caaab461666ace9eb6 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Mon, 2 Sep 2024 17:05:57 +1000
Subject: [PATCH 1/6] basic fuzzing for C extraction of ML-KEM768

---
 libcrux-ml-kem/cg/fuzz/Makefile      | 35 +++++++++++++++
 libcrux-ml-kem/cg/fuzz/dec_fuzz.cc   | 49 +++++++++++++++++++++
 libcrux-ml-kem/cg/fuzz/enc_fuzz.cc   | 32 ++++++++++++++
 libcrux-ml-kem/cg/fuzz/mkcorpus.c    | 66 ++++++++++++++++++++++++++++
 libcrux-ml-kem/cg/fuzz/valid_fuzz.cc | 30 +++++++++++++
 5 files changed, 212 insertions(+)
 create mode 100644 libcrux-ml-kem/cg/fuzz/Makefile
 create mode 100644 libcrux-ml-kem/cg/fuzz/dec_fuzz.cc
 create mode 100644 libcrux-ml-kem/cg/fuzz/enc_fuzz.cc
 create mode 100644 libcrux-ml-kem/cg/fuzz/mkcorpus.c
 create mode 100644 libcrux-ml-kem/cg/fuzz/valid_fuzz.cc

diff --git a/libcrux-ml-kem/cg/fuzz/Makefile b/libcrux-ml-kem/cg/fuzz/Makefile
new file mode 100644
index 000000000..aa6434598
--- /dev/null
+++ b/libcrux-ml-kem/cg/fuzz/Makefile
@@ -0,0 +1,35 @@
+CC=clang-16
+CXX=clang++-16
+FUZZ_FLAGS=-fsanitize=address,undefined,fuzzer -fno-omit-frame-pointer
+FUZZ_LIBS=-L/usr/lib/llvm-16/lib -lFuzzer
+
+CXXFLAGS=-O2 -g -Wall -Wextra -Wno-unused-parameter -Wno-exceptions -I..
+CFLAGS=$(CXXFLAGS)
+LDFLAGS=-g
+LIBS=
+COMMON_DEPS=
+
+TARGETS=enc_fuzz valid_fuzz dec_fuzz mkcorpus
+
+all: $(TARGETS)
+
+.cc.o:
+	$(CXX) $(CXXFLAGS) $(FUZZ_FLAGS) -c $< -o $@
+
+.c.o:
+	$(CC) $(CFLAGS) -c $< -o $@
+
+enc_fuzz: enc_fuzz.o $(COMMON_DEPS)
+	$(CXX) -o $@ enc_fuzz.o $(LDFLAGS) $(LIBS) $(FUZZ_FLAGS) $(FUZZ_LIBS)
+
+dec_fuzz: dec_fuzz.o $(COMMON_DEPS)
+	$(CXX) -o $@ dec_fuzz.o $(LDFLAGS) $(LIBS) $(FUZZ_FLAGS) $(FUZZ_LIBS)
+
+valid_fuzz: valid_fuzz.o $(COMMON_DEPS)
+	$(CXX) -o $@ valid_fuzz.o $(LDFLAGS) $(LIBS) $(FUZZ_FLAGS) $(FUZZ_LIBS)
+
+mkcorpus: mkcorpus.o
+	$(CC) -o $@ mkcorpus.o
+
+clean:
+	-rm -f *.o $(TARGETS)
diff --git a/libcrux-ml-kem/cg/fuzz/dec_fuzz.cc b/libcrux-ml-kem/cg/fuzz/dec_fuzz.cc
new file mode 100644
index 000000000..9720aa8fa
--- /dev/null
+++ b/libcrux-ml-kem/cg/fuzz/dec_fuzz.cc
@@ -0,0 +1,49 @@
+// Basic fuzz test for depcapsulate operation,
+
+#include <stddef.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "libcrux_mlkem768_portable.h"
+
+extern "C" {
+
+void privkeys(libcrux_ml_kem_types_MlKemPrivateKey_55 *zero_sk,
+    libcrux_ml_kem_types_MlKemPrivateKey_55 *rnd_sk)
+{
+	uint8_t rnd[64];
+	memset(rnd, 0, sizeof(rnd));
+	auto kp = libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(rnd);
+	*zero_sk = kp.sk;
+	(void)getentropy(rnd, sizeof(rnd));
+	kp = libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(rnd);
+	*rnd_sk = kp.sk;
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t* input, size_t len)
+{
+	static bool once;
+	uint8_t ret[32];
+	libcrux_ml_kem_types_MlKemPrivateKey_55 zero_sk, rnd_sk;
+	libcrux_ml_kem_mlkem768_MlKem768Ciphertext ct;
+
+	if (!once) {
+		privkeys(&zero_sk, &rnd_sk);
+		once = true;
+	}
+
+	memset(&ct, 0, sizeof(ct));
+	if (len > sizeof(ct.value)) {
+		len = sizeof(ct.value);
+	}
+	memcpy(ct.value, input, len);
+
+	libcrux_ml_kem_mlkem768_portable_decapsulate(&zero_sk, &ct, ret);
+	libcrux_ml_kem_mlkem768_portable_decapsulate(&rnd_sk, &ct, ret);
+	return 0;
+}
+
+} // extern
diff --git a/libcrux-ml-kem/cg/fuzz/enc_fuzz.cc b/libcrux-ml-kem/cg/fuzz/enc_fuzz.cc
new file mode 100644
index 000000000..9a2637cc9
--- /dev/null
+++ b/libcrux-ml-kem/cg/fuzz/enc_fuzz.cc
@@ -0,0 +1,32 @@
+// Basic fuzz test for encapsulate operation.
+
+#include <stddef.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "libcrux_mlkem768_portable.h"
+
+extern "C" {
+
+int LLVMFuzzerTestOneInput(const uint8_t* input, size_t len)
+{
+	uint8_t rnd[32];
+	libcrux_ml_kem_mlkem768_MlKem768PublicKey pk;
+
+	memset(rnd, 0, sizeof(rnd));
+	memset(&pk, 0, sizeof(pk));
+	if (len > sizeof(pk.value)) {
+		len = sizeof(pk.value);
+	}
+	memcpy(pk.value, input, len);
+
+	(void)libcrux_ml_kem_mlkem768_portable_encapsulate(&pk, rnd);
+	(void)getentropy(rnd, sizeof(rnd));
+	(void)libcrux_ml_kem_mlkem768_portable_encapsulate(&pk, rnd);
+	return 0;
+}
+
+} // extern
diff --git a/libcrux-ml-kem/cg/fuzz/mkcorpus.c b/libcrux-ml-kem/cg/fuzz/mkcorpus.c
new file mode 100644
index 000000000..5d488d429
--- /dev/null
+++ b/libcrux-ml-kem/cg/fuzz/mkcorpus.c
@@ -0,0 +1,66 @@
+// Makes basic seed corpora for other fuzzers
+//
+// Will write to ./pubkey_corpus (for valid_fuzz and enc_fuzz) and
+// to ./ciphertext_corpus (for dec_fuzz)
+
+#include <sys/stat.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <err.h>
+#include <errno.h>
+
+#include "libcrux_mlkem768_portable.h"
+
+#define NSEEDS 1000
+
+void write_blob(const char *path, int n, const char *suffix,
+    const void *p, size_t l)
+{
+	char name[256];
+	FILE *f;
+
+	snprintf(name, sizeof(name), "%s/%06d.%s", path, n, suffix);
+	if ((f = fopen(name, "wb+")) == NULL)
+		err(1, "fopen %s", name);
+	if (fwrite(p, l, 1, f) != 1)
+		err(1, "write %s", name);
+	fclose(f);
+}
+
+int main(void)
+{
+	int i;
+	uint8_t rnd[64];
+	libcrux_ml_kem_mlkem768_MlKem768KeyPair kp;
+	tuple_3c enc;
+
+	if (mkdir("pubkey_corpus", 0777) != 0 && errno != EEXIST)
+		err(1, "mkdir pubkey_corpus");
+	if (mkdir("ciphertext_corpus", 0777) != 0 && errno != EEXIST)
+		err(1, "mkdir ciphertext_corpus");
+
+	for (i = 0; i < NSEEDS; i++) {
+		if (i == 0) {
+			memset(rnd, 0, sizeof(rnd));
+		} else {
+			(void)getentropy(rnd, sizeof(rnd));
+		}
+		kp = libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(rnd);
+		write_blob("pubkey_corpus", i, "pk",
+		    kp.pk.value, sizeof(kp.pk.value));
+
+		if (i == 0) {
+			memset(rnd, 0, sizeof(rnd));
+		} else {
+			(void)getentropy(rnd, sizeof(rnd));
+		}
+		enc = libcrux_ml_kem_mlkem768_portable_encapsulate(&kp.pk, rnd);
+		write_blob("ciphertext_corpus", i, "ct",
+		    enc.fst.value, sizeof(enc.fst.value));
+	}
+	return 0;
+}
diff --git a/libcrux-ml-kem/cg/fuzz/valid_fuzz.cc b/libcrux-ml-kem/cg/fuzz/valid_fuzz.cc
new file mode 100644
index 000000000..ca9cf2a5a
--- /dev/null
+++ b/libcrux-ml-kem/cg/fuzz/valid_fuzz.cc
@@ -0,0 +1,30 @@
+// Basic fuzz test for pubkey validation.
+
+#include <stddef.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "libcrux_mlkem768_portable.h"
+
+extern "C" {
+
+int LLVMFuzzerTestOneInput(const uint8_t* input, size_t len)
+{
+	uint8_t rnd[32];
+	libcrux_ml_kem_mlkem768_MlKem768PublicKey pk;
+
+	memset(rnd, 0, sizeof(rnd));
+	memset(&pk, 0, sizeof(pk));
+	if (len > sizeof(pk.value)) {
+		len = sizeof(pk.value);
+	}
+	memcpy(pk.value, input, len);
+
+	(void)libcrux_ml_kem_mlkem768_portable_validate_public_key(&pk);
+	return 0;
+}
+
+} // extern

From 0c464d95c0300f0304cfa1bd244c755de37d3ef9 Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Thu, 19 Sep 2024 08:28:33 +0000
Subject: [PATCH 2/6] format and clang-18

---
 libcrux-ml-kem/cg/fuzz/Makefile      |  6 +--
 libcrux-ml-kem/cg/fuzz/dec_fuzz.cc   | 67 +++++++++++++++-------------
 libcrux-ml-kem/cg/fuzz/enc_fuzz.cc   | 34 +++++++-------
 libcrux-ml-kem/cg/fuzz/mkcorpus.c    | 23 ++++++----
 libcrux-ml-kem/cg/fuzz/valid_fuzz.cc | 30 +++++++------
 5 files changed, 87 insertions(+), 73 deletions(-)

diff --git a/libcrux-ml-kem/cg/fuzz/Makefile b/libcrux-ml-kem/cg/fuzz/Makefile
index aa6434598..bf98a1b02 100644
--- a/libcrux-ml-kem/cg/fuzz/Makefile
+++ b/libcrux-ml-kem/cg/fuzz/Makefile
@@ -1,7 +1,7 @@
-CC=clang-16
-CXX=clang++-16
+CC=clang-18
+CXX=clang++-18
 FUZZ_FLAGS=-fsanitize=address,undefined,fuzzer -fno-omit-frame-pointer
-FUZZ_LIBS=-L/usr/lib/llvm-16/lib -lFuzzer
+FUZZ_LIBS=-L/usr/lib/llvm-18/lib -lFuzzer
 
 CXXFLAGS=-O2 -g -Wall -Wextra -Wno-unused-parameter -Wno-exceptions -I..
 CFLAGS=$(CXXFLAGS)
diff --git a/libcrux-ml-kem/cg/fuzz/dec_fuzz.cc b/libcrux-ml-kem/cg/fuzz/dec_fuzz.cc
index 9720aa8fa..f6b35097d 100644
--- a/libcrux-ml-kem/cg/fuzz/dec_fuzz.cc
+++ b/libcrux-ml-kem/cg/fuzz/dec_fuzz.cc
@@ -9,41 +9,44 @@
 
 #include "libcrux_mlkem768_portable.h"
 
-extern "C" {
-
-void privkeys(libcrux_ml_kem_types_MlKemPrivateKey_55 *zero_sk,
-    libcrux_ml_kem_types_MlKemPrivateKey_55 *rnd_sk)
-{
-	uint8_t rnd[64];
-	memset(rnd, 0, sizeof(rnd));
-	auto kp = libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(rnd);
-	*zero_sk = kp.sk;
-	(void)getentropy(rnd, sizeof(rnd));
-	kp = libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(rnd);
-	*rnd_sk = kp.sk;
-}
-
-int LLVMFuzzerTestOneInput(const uint8_t* input, size_t len)
+extern "C"
 {
-	static bool once;
-	uint8_t ret[32];
-	libcrux_ml_kem_types_MlKemPrivateKey_55 zero_sk, rnd_sk;
-	libcrux_ml_kem_mlkem768_MlKem768Ciphertext ct;
-
-	if (!once) {
-		privkeys(&zero_sk, &rnd_sk);
-		once = true;
-	}
 
-	memset(&ct, 0, sizeof(ct));
-	if (len > sizeof(ct.value)) {
-		len = sizeof(ct.value);
+	void privkeys(libcrux_ml_kem_types_MlKemPrivateKey_55 *zero_sk,
+				  libcrux_ml_kem_types_MlKemPrivateKey_55 *rnd_sk)
+	{
+		uint8_t rnd[64];
+		memset(rnd, 0, sizeof(rnd));
+		auto kp = libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(rnd);
+		*zero_sk = kp.sk;
+		(void)getentropy(rnd, sizeof(rnd));
+		kp = libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(rnd);
+		*rnd_sk = kp.sk;
 	}
-	memcpy(ct.value, input, len);
 
-	libcrux_ml_kem_mlkem768_portable_decapsulate(&zero_sk, &ct, ret);
-	libcrux_ml_kem_mlkem768_portable_decapsulate(&rnd_sk, &ct, ret);
-	return 0;
-}
+	int LLVMFuzzerTestOneInput(const uint8_t *input, size_t len)
+	{
+		static bool once;
+		uint8_t ret[32];
+		libcrux_ml_kem_types_MlKemPrivateKey_55 zero_sk, rnd_sk;
+		libcrux_ml_kem_mlkem768_MlKem768Ciphertext ct;
+
+		if (!once)
+		{
+			privkeys(&zero_sk, &rnd_sk);
+			once = true;
+		}
+
+		memset(&ct, 0, sizeof(ct));
+		if (len > sizeof(ct.value))
+		{
+			len = sizeof(ct.value);
+		}
+		memcpy(ct.value, input, len);
+
+		libcrux_ml_kem_mlkem768_portable_decapsulate(&zero_sk, &ct, ret);
+		libcrux_ml_kem_mlkem768_portable_decapsulate(&rnd_sk, &ct, ret);
+		return 0;
+	}
 
 } // extern
diff --git a/libcrux-ml-kem/cg/fuzz/enc_fuzz.cc b/libcrux-ml-kem/cg/fuzz/enc_fuzz.cc
index 9a2637cc9..1cf5f9d2c 100644
--- a/libcrux-ml-kem/cg/fuzz/enc_fuzz.cc
+++ b/libcrux-ml-kem/cg/fuzz/enc_fuzz.cc
@@ -9,24 +9,26 @@
 
 #include "libcrux_mlkem768_portable.h"
 
-extern "C" {
-
-int LLVMFuzzerTestOneInput(const uint8_t* input, size_t len)
+extern "C"
 {
-	uint8_t rnd[32];
-	libcrux_ml_kem_mlkem768_MlKem768PublicKey pk;
 
-	memset(rnd, 0, sizeof(rnd));
-	memset(&pk, 0, sizeof(pk));
-	if (len > sizeof(pk.value)) {
-		len = sizeof(pk.value);
-	}
-	memcpy(pk.value, input, len);
+	int LLVMFuzzerTestOneInput(const uint8_t *input, size_t len)
+	{
+		uint8_t rnd[32];
+		libcrux_ml_kem_mlkem768_MlKem768PublicKey pk;
 
-	(void)libcrux_ml_kem_mlkem768_portable_encapsulate(&pk, rnd);
-	(void)getentropy(rnd, sizeof(rnd));
-	(void)libcrux_ml_kem_mlkem768_portable_encapsulate(&pk, rnd);
-	return 0;
-}
+		memset(rnd, 0, sizeof(rnd));
+		memset(&pk, 0, sizeof(pk));
+		if (len > sizeof(pk.value))
+		{
+			len = sizeof(pk.value);
+		}
+		memcpy(pk.value, input, len);
+
+		(void)libcrux_ml_kem_mlkem768_portable_encapsulate(&pk, rnd);
+		(void)getentropy(rnd, sizeof(rnd));
+		(void)libcrux_ml_kem_mlkem768_portable_encapsulate(&pk, rnd);
+		return 0;
+	}
 
 } // extern
diff --git a/libcrux-ml-kem/cg/fuzz/mkcorpus.c b/libcrux-ml-kem/cg/fuzz/mkcorpus.c
index 5d488d429..fdd8d3478 100644
--- a/libcrux-ml-kem/cg/fuzz/mkcorpus.c
+++ b/libcrux-ml-kem/cg/fuzz/mkcorpus.c
@@ -18,7 +18,7 @@
 #define NSEEDS 1000
 
 void write_blob(const char *path, int n, const char *suffix,
-    const void *p, size_t l)
+				const void *p, size_t l)
 {
 	char name[256];
 	FILE *f;
@@ -43,24 +43,31 @@ int main(void)
 	if (mkdir("ciphertext_corpus", 0777) != 0 && errno != EEXIST)
 		err(1, "mkdir ciphertext_corpus");
 
-	for (i = 0; i < NSEEDS; i++) {
-		if (i == 0) {
+	for (i = 0; i < NSEEDS; i++)
+	{
+		if (i == 0)
+		{
 			memset(rnd, 0, sizeof(rnd));
-		} else {
+		}
+		else
+		{
 			(void)getentropy(rnd, sizeof(rnd));
 		}
 		kp = libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(rnd);
 		write_blob("pubkey_corpus", i, "pk",
-		    kp.pk.value, sizeof(kp.pk.value));
+				   kp.pk.value, sizeof(kp.pk.value));
 
-		if (i == 0) {
+		if (i == 0)
+		{
 			memset(rnd, 0, sizeof(rnd));
-		} else {
+		}
+		else
+		{
 			(void)getentropy(rnd, sizeof(rnd));
 		}
 		enc = libcrux_ml_kem_mlkem768_portable_encapsulate(&kp.pk, rnd);
 		write_blob("ciphertext_corpus", i, "ct",
-		    enc.fst.value, sizeof(enc.fst.value));
+				   enc.fst.value, sizeof(enc.fst.value));
 	}
 	return 0;
 }
diff --git a/libcrux-ml-kem/cg/fuzz/valid_fuzz.cc b/libcrux-ml-kem/cg/fuzz/valid_fuzz.cc
index ca9cf2a5a..44c34945b 100644
--- a/libcrux-ml-kem/cg/fuzz/valid_fuzz.cc
+++ b/libcrux-ml-kem/cg/fuzz/valid_fuzz.cc
@@ -9,22 +9,24 @@
 
 #include "libcrux_mlkem768_portable.h"
 
-extern "C" {
-
-int LLVMFuzzerTestOneInput(const uint8_t* input, size_t len)
+extern "C"
 {
-	uint8_t rnd[32];
-	libcrux_ml_kem_mlkem768_MlKem768PublicKey pk;
 
-	memset(rnd, 0, sizeof(rnd));
-	memset(&pk, 0, sizeof(pk));
-	if (len > sizeof(pk.value)) {
-		len = sizeof(pk.value);
-	}
-	memcpy(pk.value, input, len);
+	int LLVMFuzzerTestOneInput(const uint8_t *input, size_t len)
+	{
+		uint8_t rnd[32];
+		libcrux_ml_kem_mlkem768_MlKem768PublicKey pk;
 
-	(void)libcrux_ml_kem_mlkem768_portable_validate_public_key(&pk);
-	return 0;
-}
+		memset(rnd, 0, sizeof(rnd));
+		memset(&pk, 0, sizeof(pk));
+		if (len > sizeof(pk.value))
+		{
+			len = sizeof(pk.value);
+		}
+		memcpy(pk.value, input, len);
+
+		(void)libcrux_ml_kem_mlkem768_portable_validate_public_key(&pk);
+		return 0;
+	}
 
 } // extern

From 9b25aeb8335450979d5c87529002776d2ace4a39 Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Thu, 19 Sep 2024 08:29:16 +0000
Subject: [PATCH 3/6] git ignore fuzz build artifacts

---
 libcrux-ml-kem/cg/fuzz/.gitignore | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 libcrux-ml-kem/cg/fuzz/.gitignore

diff --git a/libcrux-ml-kem/cg/fuzz/.gitignore b/libcrux-ml-kem/cg/fuzz/.gitignore
new file mode 100644
index 000000000..d28f1baa8
--- /dev/null
+++ b/libcrux-ml-kem/cg/fuzz/.gitignore
@@ -0,0 +1,5 @@
+dec_fuzz
+enc_fuzz
+mkcorpus
+valid_fuzz
+*.o

From e2639a98860deff40f5d13efaee7d393ce9e1954 Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Thu, 19 Sep 2024 08:32:14 +0000
Subject: [PATCH 4/6] formatting and eurydice_glue warning fix

---
 libcrux-ml-kem/cg/eurydice_glue.h |  56 ++++++++---------
 libcrux-ml-kem/cg/fuzz/mkcorpus.c | 100 ++++++++++++++----------------
 2 files changed, 73 insertions(+), 83 deletions(-)

diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h
index bc07ba4b9..c77ff6b1c 100644
--- a/libcrux-ml-kem/cg/eurydice_glue.h
+++ b/libcrux-ml-kem/cg/eurydice_glue.h
@@ -53,7 +53,7 @@ typedef struct {
 // (included), and an end index in x (excluded). The argument x must be suitably
 // cast to something that can decay (see remark above about how pointer
 // arithmetic works in C), meaning either pointer or array type.
-#define EURYDICE_SLICE(x, start, end) \
+#define EURYDICE_SLICE(x, start, end)                                          \
   (CLITERAL(Eurydice_slice){.ptr = (void *)(x + start), .len = end - start})
 #define EURYDICE_SLICE_LEN(s, _) s.len
 // This macro is a pain because in case the dereferenced element type is an
@@ -62,40 +62,40 @@ typedef struct {
 // adds an extra argument to this macro at the last minute so that we have the
 // correct type of *pointers* to elements.
 #define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i])
-#define Eurydice_slice_subslice(s, r, t, _) \
+#define Eurydice_slice_subslice(s, r, t, _)                                    \
   EURYDICE_SLICE((t *)s.ptr, r.start, r.end)
 // Variant for when the start and end indices are statically known (i.e., the
 // range argument `r` is a literal).
-#define Eurydice_slice_subslice2(s, start, end, t) \
+#define Eurydice_slice_subslice2(s, start, end, t)                             \
   EURYDICE_SLICE((t *)s.ptr, start, end)
-#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \
+#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _)                  \
   EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos)
-#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \
+#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _)              \
   EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len)
-#define Eurydice_array_to_slice(end, x, t) \
-  EURYDICE_SLICE(x, 0,                     \
+#define Eurydice_array_to_slice(end, x, t)                                     \
+  EURYDICE_SLICE(x, 0,                                                         \
                  end) /* x is already at an array type, no need for cast */
-#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \
+#define Eurydice_array_to_subslice(_arraylen, x, r, t, _)                      \
   EURYDICE_SLICE((t *)x, r.start, r.end)
 // Same as above, variant for when start and end are statically known
-#define Eurydice_array_to_subslice2(x, start, end, t) \
+#define Eurydice_array_to_subslice2(x, start, end, t)                          \
   EURYDICE_SLICE((t *)x, start, end)
-#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \
+#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t)                \
   EURYDICE_SLICE((t *)x, 0, r)
-#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \
+#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t)               \
   EURYDICE_SLICE((t *)x, r, size)
 #define Eurydice_slice_len(s, t) EURYDICE_SLICE_LEN(s, t)
-#define Eurydice_slice_copy(dst, src, t) \
+#define Eurydice_slice_copy(dst, src, t)                                       \
   memcpy(dst.ptr, src.ptr, dst.len * sizeof(t))
-#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \
+#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t)           \
   ((Eurydice_slice){.ptr = ptr_, .len = len_})
 
-#define core_array___core__clone__Clone_for__Array_T__N___20__clone( \
-    len, src, dst, elem_type, _ret_t)                                \
+#define core_array___core__clone__Clone_for__Array_T__N___20__clone(           \
+    len, src, dst, elem_type, _ret_t)                                          \
   (memcpy(dst, src, len * sizeof(elem_type)))
 #define TryFromSliceError uint8_t
 
-#define Eurydice_array_eq(sz, a1, a2, t, _) \
+#define Eurydice_array_eq(sz, a1, a2, t, _)                                    \
   (memcmp(a1, a2, sz * sizeof(t)) == 0)
 #define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \
     sz, a1, a2, t, _, _ret_t)                                                           \
@@ -104,21 +104,21 @@ typedef struct {
     sz, a1, a2, t, _, _ret_t)                                                               \
   Eurydice_array_eq(sz, a1, ((a2)->ptr), t, _)
 
-#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \
-  (CLITERAL(ret_t){                                              \
-      .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid),  \
+#define Eurydice_slice_split_at(slice, mid, element_type, ret_t)               \
+  (CLITERAL(ret_t){                                                            \
+      .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid),                \
       .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)})
-#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \
-  (CLITERAL(ret_t){                                                  \
-      .fst = {.ptr = slice.ptr, .len = mid},                         \
-      .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \
+#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t)           \
+  (CLITERAL(ret_t){                                                            \
+      .fst = {.ptr = slice.ptr, .len = mid},                                   \
+      .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type),           \
               .len = slice.len - mid}})
 
 // Conversion of slice to an array, rewritten (by Eurydice) to name the
 // destination array, since arrays are not values in C.
 // N.B.: see note in karamel/lib/Inlining.ml if you change this.
-#define Eurydice_slice_to_array2(dst, src, _, t_arr)                      \
-  Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \
+#define Eurydice_slice_to_array2(dst, src, _, t_arr)                           \
+  Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src,      \
                            sizeof(t_arr))
 
 static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, char *dst_ok,
@@ -162,9 +162,9 @@ static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) {
 
 // ITERATORS
 
-#define Eurydice_range_iter_next(iter_ptr, t, ret_t) \
-  (((iter_ptr)->start == (iter_ptr)->end)            \
-       ? (CLITERAL(ret_t){.tag = None})              \
+#define Eurydice_range_iter_next(iter_ptr, t, ret_t)                           \
+  (((iter_ptr)->start == (iter_ptr)->end)                                      \
+       ? (CLITERAL(ret_t){.tag = None, .f0 = 0})                               \
        : (CLITERAL(ret_t){.tag = Some, .f0 = (iter_ptr)->start++}))
 
 #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next \
diff --git a/libcrux-ml-kem/cg/fuzz/mkcorpus.c b/libcrux-ml-kem/cg/fuzz/mkcorpus.c
index fdd8d3478..452282086 100644
--- a/libcrux-ml-kem/cg/fuzz/mkcorpus.c
+++ b/libcrux-ml-kem/cg/fuzz/mkcorpus.c
@@ -3,71 +3,61 @@
 // Will write to ./pubkey_corpus (for valid_fuzz and enc_fuzz) and
 // to ./ciphertext_corpus (for dec_fuzz)
 
-#include <sys/stat.h>
+#include <err.h>
+#include <errno.h>
 #include <stddef.h>
-#include <stdio.h>
 #include <stdint.h>
+#include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <sys/stat.h>
 #include <unistd.h>
-#include <err.h>
-#include <errno.h>
 
 #include "libcrux_mlkem768_portable.h"
 
 #define NSEEDS 1000
 
-void write_blob(const char *path, int n, const char *suffix,
-				const void *p, size_t l)
-{
-	char name[256];
-	FILE *f;
-
-	snprintf(name, sizeof(name), "%s/%06d.%s", path, n, suffix);
-	if ((f = fopen(name, "wb+")) == NULL)
-		err(1, "fopen %s", name);
-	if (fwrite(p, l, 1, f) != 1)
-		err(1, "write %s", name);
-	fclose(f);
+void write_blob(const char *path, int n, const char *suffix, const void *p,
+                size_t l) {
+  char name[256];
+  FILE *f;
+
+  snprintf(name, sizeof(name), "%s/%06d.%s", path, n, suffix);
+  if ((f = fopen(name, "wb+")) == NULL)
+    err(1, "fopen %s", name);
+  if (fwrite(p, l, 1, f) != 1)
+    err(1, "write %s", name);
+  fclose(f);
 }
 
-int main(void)
-{
-	int i;
-	uint8_t rnd[64];
-	libcrux_ml_kem_mlkem768_MlKem768KeyPair kp;
-	tuple_3c enc;
-
-	if (mkdir("pubkey_corpus", 0777) != 0 && errno != EEXIST)
-		err(1, "mkdir pubkey_corpus");
-	if (mkdir("ciphertext_corpus", 0777) != 0 && errno != EEXIST)
-		err(1, "mkdir ciphertext_corpus");
-
-	for (i = 0; i < NSEEDS; i++)
-	{
-		if (i == 0)
-		{
-			memset(rnd, 0, sizeof(rnd));
-		}
-		else
-		{
-			(void)getentropy(rnd, sizeof(rnd));
-		}
-		kp = libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(rnd);
-		write_blob("pubkey_corpus", i, "pk",
-				   kp.pk.value, sizeof(kp.pk.value));
-
-		if (i == 0)
-		{
-			memset(rnd, 0, sizeof(rnd));
-		}
-		else
-		{
-			(void)getentropy(rnd, sizeof(rnd));
-		}
-		enc = libcrux_ml_kem_mlkem768_portable_encapsulate(&kp.pk, rnd);
-		write_blob("ciphertext_corpus", i, "ct",
-				   enc.fst.value, sizeof(enc.fst.value));
-	}
-	return 0;
+int main(void) {
+  int i;
+  uint8_t rnd[64];
+  libcrux_ml_kem_mlkem768_MlKem768KeyPair kp;
+  tuple_3c enc;
+
+  if (mkdir("pubkey_corpus", 0777) != 0 && errno != EEXIST)
+    err(1, "mkdir pubkey_corpus");
+  if (mkdir("ciphertext_corpus", 0777) != 0 && errno != EEXIST)
+    err(1, "mkdir ciphertext_corpus");
+
+  for (i = 0; i < NSEEDS; i++) {
+    if (i == 0) {
+      memset(rnd, 0, sizeof(rnd));
+    } else {
+      (void)getentropy(rnd, sizeof(rnd));
+    }
+    kp = libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(rnd);
+    write_blob("pubkey_corpus", i, "pk", kp.pk.value, sizeof(kp.pk.value));
+
+    if (i == 0) {
+      memset(rnd, 0, sizeof(rnd));
+    } else {
+      (void)getentropy(rnd, sizeof(rnd));
+    }
+    enc = libcrux_ml_kem_mlkem768_portable_encapsulate(&kp.pk, rnd);
+    write_blob("ciphertext_corpus", i, "ct", enc.fst.value,
+               sizeof(enc.fst.value));
+  }
+  return 0;
 }

From 72563a3f76edede4a0664ed5f562c83918d6ac7d Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Thu, 19 Sep 2024 09:13:02 +0000
Subject: [PATCH 5/6] try to get eurydice_glue formatting right

---
 libcrux-ml-kem/cg/eurydice_glue.h | 56 +++++++++++++++----------------
 1 file changed, 28 insertions(+), 28 deletions(-)

diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h
index c77ff6b1c..cdd27af77 100644
--- a/libcrux-ml-kem/cg/eurydice_glue.h
+++ b/libcrux-ml-kem/cg/eurydice_glue.h
@@ -53,7 +53,7 @@ typedef struct {
 // (included), and an end index in x (excluded). The argument x must be suitably
 // cast to something that can decay (see remark above about how pointer
 // arithmetic works in C), meaning either pointer or array type.
-#define EURYDICE_SLICE(x, start, end)                                          \
+#define EURYDICE_SLICE(x, start, end) \
   (CLITERAL(Eurydice_slice){.ptr = (void *)(x + start), .len = end - start})
 #define EURYDICE_SLICE_LEN(s, _) s.len
 // This macro is a pain because in case the dereferenced element type is an
@@ -62,40 +62,40 @@ typedef struct {
 // adds an extra argument to this macro at the last minute so that we have the
 // correct type of *pointers* to elements.
 #define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i])
-#define Eurydice_slice_subslice(s, r, t, _)                                    \
+#define Eurydice_slice_subslice(s, r, t, _) \
   EURYDICE_SLICE((t *)s.ptr, r.start, r.end)
 // Variant for when the start and end indices are statically known (i.e., the
 // range argument `r` is a literal).
-#define Eurydice_slice_subslice2(s, start, end, t)                             \
+#define Eurydice_slice_subslice2(s, start, end, t) \
   EURYDICE_SLICE((t *)s.ptr, start, end)
-#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _)                  \
+#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \
   EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos)
-#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _)              \
+#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \
   EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len)
-#define Eurydice_array_to_slice(end, x, t)                                     \
-  EURYDICE_SLICE(x, 0,                                                         \
+#define Eurydice_array_to_slice(end, x, t) \
+  EURYDICE_SLICE(x, 0,                     \
                  end) /* x is already at an array type, no need for cast */
-#define Eurydice_array_to_subslice(_arraylen, x, r, t, _)                      \
+#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \
   EURYDICE_SLICE((t *)x, r.start, r.end)
 // Same as above, variant for when start and end are statically known
-#define Eurydice_array_to_subslice2(x, start, end, t)                          \
+#define Eurydice_array_to_subslice2(x, start, end, t) \
   EURYDICE_SLICE((t *)x, start, end)
-#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t)                \
+#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \
   EURYDICE_SLICE((t *)x, 0, r)
-#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t)               \
+#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \
   EURYDICE_SLICE((t *)x, r, size)
 #define Eurydice_slice_len(s, t) EURYDICE_SLICE_LEN(s, t)
-#define Eurydice_slice_copy(dst, src, t)                                       \
+#define Eurydice_slice_copy(dst, src, t) \
   memcpy(dst.ptr, src.ptr, dst.len * sizeof(t))
-#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t)           \
+#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \
   ((Eurydice_slice){.ptr = ptr_, .len = len_})
 
-#define core_array___core__clone__Clone_for__Array_T__N___20__clone(           \
-    len, src, dst, elem_type, _ret_t)                                          \
+#define core_array___core__clone__Clone_for__Array_T__N___20__clone( \
+    len, src, dst, elem_type, _ret_t)                                \
   (memcpy(dst, src, len * sizeof(elem_type)))
 #define TryFromSliceError uint8_t
 
-#define Eurydice_array_eq(sz, a1, a2, t, _)                                    \
+#define Eurydice_array_eq(sz, a1, a2, t, _) \
   (memcmp(a1, a2, sz * sizeof(t)) == 0)
 #define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \
     sz, a1, a2, t, _, _ret_t)                                                           \
@@ -104,21 +104,21 @@ typedef struct {
     sz, a1, a2, t, _, _ret_t)                                                               \
   Eurydice_array_eq(sz, a1, ((a2)->ptr), t, _)
 
-#define Eurydice_slice_split_at(slice, mid, element_type, ret_t)               \
-  (CLITERAL(ret_t){                                                            \
-      .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid),                \
+#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \
+  (CLITERAL(ret_t){                                              \
+      .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid),  \
       .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)})
-#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t)           \
-  (CLITERAL(ret_t){                                                            \
-      .fst = {.ptr = slice.ptr, .len = mid},                                   \
-      .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type),           \
+#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \
+  (CLITERAL(ret_t){                                                  \
+      .fst = {.ptr = slice.ptr, .len = mid},                         \
+      .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \
               .len = slice.len - mid}})
 
 // Conversion of slice to an array, rewritten (by Eurydice) to name the
 // destination array, since arrays are not values in C.
 // N.B.: see note in karamel/lib/Inlining.ml if you change this.
-#define Eurydice_slice_to_array2(dst, src, _, t_arr)                           \
-  Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src,      \
+#define Eurydice_slice_to_array2(dst, src, _, t_arr)                      \
+  Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \
                            sizeof(t_arr))
 
 static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, char *dst_ok,
@@ -162,9 +162,9 @@ static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) {
 
 // ITERATORS
 
-#define Eurydice_range_iter_next(iter_ptr, t, ret_t)                           \
-  (((iter_ptr)->start == (iter_ptr)->end)                                      \
-       ? (CLITERAL(ret_t){.tag = None, .f0 = 0})                               \
+#define Eurydice_range_iter_next(iter_ptr, t, ret_t) \
+  (((iter_ptr)->start == (iter_ptr)->end)            \
+       ? (CLITERAL(ret_t){.tag = None, .f0 = 0})     \
        : (CLITERAL(ret_t){.tag = Some, .f0 = (iter_ptr)->start++}))
 
 #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next \

From 8f23a836af4c0ed1da044efc1af0cad732d5c17d Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Thu, 19 Sep 2024 10:08:10 +0000
Subject: [PATCH 6/6] maybe make clang-format happy

---
 libcrux-ml-kem/cg/fuzz/mkcorpus.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libcrux-ml-kem/cg/fuzz/mkcorpus.c b/libcrux-ml-kem/cg/fuzz/mkcorpus.c
index 452282086..b681e2fb3 100644
--- a/libcrux-ml-kem/cg/fuzz/mkcorpus.c
+++ b/libcrux-ml-kem/cg/fuzz/mkcorpus.c
@@ -23,10 +23,12 @@ void write_blob(const char *path, int n, const char *suffix, const void *p,
   FILE *f;
 
   snprintf(name, sizeof(name), "%s/%06d.%s", path, n, suffix);
-  if ((f = fopen(name, "wb+")) == NULL)
+  if ((f = fopen(name, "wb+")) == NULL) {
     err(1, "fopen %s", name);
-  if (fwrite(p, l, 1, f) != 1)
+  }
+  if (fwrite(p, l, 1, f) != 1) {
     err(1, "write %s", name);
+  }
   fclose(f);
 }