diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index aa3d27d42..43e3c72b6 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,5 +1,5 @@ This code was generated with the following tools: Charon: ae55966c01a1a4b185a1a34da7861ba5db74c8ad Eurydice: bbfd102bbfbc3e4c362953f093dbfd65e2fbc10c -Karamel: 409fe4552f8f46351241cba1decfaa4d9fa6ffea -F*: +Karamel: 018dcd1d71f37472c517822aa6bd275263a6dcaa +F*: 0e2a116da266fbe1dbb81b414002d0afac6819b3 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 0fb3b23dd..c17768e9b 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __internal_libcrux_core_H @@ -23,7 +23,7 @@ extern core_fmt_Arguments core_fmt__core__fmt__Arguments__a__2__new_v1( #define CORE_NUM__U32_8__BITS (32U) -static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); +static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t x0[4U]); #define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) @@ -177,45 +177,6 @@ void libcrux_ml_kem_utils_into_padded_array___800size_t(Eurydice_slice slice, void libcrux_ml_kem_utils_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]); -typedef struct - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[24U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError; - -void core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError self, - uint8_t ret[24U]); - -typedef struct - core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[20U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError; - -void core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError self, - uint8_t ret[20U]); - -typedef struct - core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[10U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError; - -void core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError self, - uint8_t ret[10U]); - typedef struct core_option_Option__Eurydice_slice_uint8_t_s { core_option_Option__size_t_tags tag; Eurydice_slice f0; @@ -235,10 +196,10 @@ void core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_arr int16_t ret[16U]); typedef struct - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t__s { - Eurydice_slice fst[4U]; - Eurydice_slice snd[4U]; -} K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_; + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t__s { + Eurydice_slice fst[2U]; + Eurydice_slice snd[2U]; +} K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h new file mode 100644 index 000000000..8915c212b --- /dev/null +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h @@ -0,0 +1,74 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d + */ + +#ifndef __internal_libcrux_mlkem_neon_H +#define __internal_libcrux_mlkem_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "../libcrux_mlkem_neon.h" +#include "eurydice_glue.h" +#include "internal/libcrux_core.h" +#include "internal/libcrux_mlkem_portable.h" + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1152size_t_1184size_t( + uint8_t *public_key); + +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1536size_t_1568size_t( + uint8_t *public_key); + +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_800size_t( + uint8_t *public_key); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + +#if defined(__cplusplus) +} +#endif + +#define __internal_libcrux_mlkem_neon_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 5e2ab8b96..26297a0f9 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __internal_libcrux_mlkem_portable_H @@ -23,51 +23,51 @@ extern const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U]; (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / \ LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR) -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t_1568size_t( uint8_t *public_key); libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]); K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]); -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t_1184size_t( uint8_t *public_key); libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]); K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]); -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_800size_t( uint8_t *public_key); libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( uint8_t randomness[64U]); K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]); -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 9bc61dfff..0363128b2 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index fcd3a82b0..cc1359abb 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #include "internal/libcrux_core.h" @@ -338,48 +338,6 @@ void libcrux_ml_kem_utils_into_padded_array___64size_t(Eurydice_slice slice, memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } -void core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError self, - uint8_t ret[24U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[24U]; - memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -void core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError self, - uint8_t ret[20U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[20U]; - memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -void core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError self, - uint8_t ret[10U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[10U]; - memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - void core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( core_result_Result__int16_t_16size_t__core_array_TryFromSliceError self, int16_t ret[16U]) { diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index ec93700b3..8bccd9104 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index e11fc760b..035bc1287 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c new file mode 100644 index 000000000..b7cd6975a --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c @@ -0,0 +1,55 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d + */ + +#include "libcrux_mlkem1024_neon.h" + +void libcrux_ml_kem_mlkem1024_neon_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_neon_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____0); +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ +libcrux_ml_kem_mlkem1024_neon_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key) { + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ + uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___4size_t_1536size_t_1568size_t( + public_key.value)) { + uu____0 = (CLITERAL( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_Some, .f0 = public_key}); + } else { + uu____0 = (CLITERAL( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__){ + .tag = core_option_None}); + } + return uu____0; +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h new file mode 100644 index 000000000..a4ee49a6d --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h @@ -0,0 +1,40 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d + */ + +#ifndef __libcrux_mlkem1024_neon_H +#define __libcrux_mlkem1024_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" +#include "libcrux_core.h" +#include "libcrux_mlkem512_neon.h" + +void libcrux_ml_kem_mlkem1024_neon_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_neon_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]); + +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ +libcrux_ml_kem_mlkem1024_neon_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem1024_neon_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index b8bcb998e..0676f1b45 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 86d286194..1cc43ae7e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 438b35f44..7277f70d8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c new file mode 100644 index 000000000..46ec1bb1b --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c @@ -0,0 +1,163 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d + */ + +#include "libcrux_mlkem512_neon.h" + +#include "internal/libcrux_mlkem_neon.h" + +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_mlkem512_neon_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____0, uu____1); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_neon_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____0, uu____1); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____0); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____0); +} + +bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___2size_t_768size_t_800size_t( + uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_800size_t( + public_key); +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ +libcrux_ml_kem_mlkem512_neon_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key) { + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___2size_t_768size_t_800size_t( + public_key.value)) { + uu____0 = (CLITERAL( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_Some, .f0 = public_key}); + } else { + uu____0 = (CLITERAL( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__){ + .tag = core_option_None}); + } + return uu____0; +} + +bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1152size_t_1184size_t( + public_key); +} + +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___4size_t_1536size_t_1568size_t( + uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1536size_t_1568size_t( + public_key); +} + +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____0); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h new file mode 100644 index 000000000..869fc7a62 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h @@ -0,0 +1,89 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d + */ + +#ifndef __libcrux_mlkem512_neon_H +#define __libcrux_mlkem512_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" +#include "libcrux_core.h" + +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + +void libcrux_ml_kem_mlkem512_neon_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_neon_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]); + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]); + +bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___2size_t_768size_t_800size_t( + uint8_t *public_key); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ +libcrux_ml_kem_mlkem512_neon_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key); + +bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___3size_t_1152size_t_1184size_t( + uint8_t *public_key); + +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + +bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___4size_t_1536size_t_1568size_t( + uint8_t *public_key); + +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]); + +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem512_neon_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index d69cddf1a..6f4c9236d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #include "libcrux_mlkem512_portable.h" @@ -14,7 +14,7 @@ void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632si libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]) { uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( private_key, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -36,7 +36,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_8 libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( uu____0, uu____1); } @@ -56,7 +56,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768siz uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( uu____0); } @@ -70,7 +70,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_800size_t( public_key); } @@ -93,7 +93,7 @@ libcrux_ml_kem_mlkem512_portable_validate_public_key( bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t_1568size_t( public_key); } @@ -102,7 +102,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536si uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uu____0); } @@ -113,7 +113,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_ libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( uu____0, uu____1); } @@ -122,14 +122,14 @@ void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168si libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( private_key, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t_1184size_t( public_key); } @@ -138,7 +138,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152si uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uu____0); } @@ -149,7 +149,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_ libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( uu____0, uu____1); } @@ -157,7 +157,7 @@ void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400si libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( private_key, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 269a4ac23..6aa5da039 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index e2ef0eebc..7dab3285d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c new file mode 100644 index 000000000..eccf2c366 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c @@ -0,0 +1,54 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d + */ + +#include "libcrux_mlkem768_neon.h" + +void libcrux_ml_kem_mlkem768_neon_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_neon_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); +} + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_neon_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key) { + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ + uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___3size_t_1152size_t_1184size_t( + public_key.value)) { + uu____0 = (CLITERAL( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_Some, .f0 = public_key}); + } else { + uu____0 = (CLITERAL( + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__){ + .tag = core_option_None}); + } + return uu____0; +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h new file mode 100644 index 000000000..1c5ff9ad4 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h @@ -0,0 +1,40 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d + */ + +#ifndef __libcrux_mlkem768_neon_H +#define __libcrux_mlkem768_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" +#include "libcrux_core.h" +#include "libcrux_mlkem512_neon.h" + +void libcrux_ml_kem_mlkem768_neon_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_neon_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]); + +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]); + +core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ +libcrux_ml_kem_mlkem768_neon_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem768_neon_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 58dd5ea2f..e0102fe71 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 2cd183b3c..ec7de6074 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c new file mode 100644 index 000000000..3f1c6d45c --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -0,0 +1,7571 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d + */ + +#include "internal/libcrux_mlkem_neon.h" + +#include "internal/libcrux_core.h" +#include "internal/libcrux_mlkem_portable.h" + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_ZERO(void) { + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = uu____0, + .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0)}); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO( + void) { + return libcrux_ml_kem_vector_neon_vector_type_ZERO(); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array) { + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice( + array, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)8U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = uu____0, + .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice( + array, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice))}); +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___from_i16_array( + Eurydice_slice array) { + return libcrux_ml_kem_vector_neon_vector_type_from_i16_array(array); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_add( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); + return lhs; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___add( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + return libcrux_ml_kem_vector_neon_arithmetic_add(lhs, rhs); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_sub( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); + return lhs; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___sub( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + return libcrux_ml_kem_vector_neon_arithmetic_sub(lhs, rhs); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); + v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); + return v; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant(v, c); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + core_core_arch_arm_shared_neon_int16x8_t c0 = + libcrux_intrinsics_arm64__vdupq_n_s16(c); + v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); + return v; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant(v, c); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t c = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); + core_core_arch_arm_shared_neon_uint16x8_t m0 = + libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); + core_core_arch_arm_shared_neon_uint16x8_t m1 = + libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = c; + core_core_arch_arm_shared_neon_int16x8_t c0 = + libcrux_intrinsics_arm64__vandq_s16( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = c; + core_core_arch_arm_shared_neon_int16x8_t c1 = + libcrux_intrinsics_arm64__vandq_s16( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); + v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); + return v; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___cond_subtract_3329( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329(v); +} + +inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v) { + core_core_arch_arm_shared_neon_int16x8_t adder = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); + core_core_arch_arm_shared_neon_int16x8_t vec = + libcrux_intrinsics_arm64__vqdmulhq_n_s16( + v, LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER); + core_core_arch_arm_shared_neon_int16x8_t vec0 = + libcrux_intrinsics_arm64__vaddq_s16(vec, adder); + core_core_arch_arm_shared_neon_int16x8_t quotient = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)11, vec0, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t sub = + libcrux_intrinsics_arm64__vmulq_n_s16( + quotient, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_intrinsics_arm64__vsubq_s16(v, sub); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + v.low = libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.low); + v.high = + libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.high); + return v; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___barrett_reduce( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce(v); +} + +inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t low, + core_core_arch_arm_shared_neon_int16x8_t high) { + core_core_arch_arm_shared_neon_int16x8_t k = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vmulq_n_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), + (uint16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_arm_shared_neon_int16x8_t c = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, + libcrux_intrinsics_arm64__vqdmulhq_n_s16( + k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_intrinsics_arm64__vsubq_s16(high, c); +} + +inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, int16_t c) { + core_core_arch_arm_shared_neon_int16x8_t v_low = + libcrux_intrinsics_arm64__vmulq_n_s16(v, c); + core_core_arch_arm_shared_neon_int16x8_t v_high = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + v_low, v_high); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + v.low = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + v.low, c); + v.high = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + v.high, c); + return v; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + v, c); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t half = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); + core_core_arch_arm_shared_neon_int16x8_t quarter = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); + core_core_arch_arm_shared_neon_int16x8_t shifted = + libcrux_intrinsics_arm64__vsubq_s16(half, v.low); + core_core_arch_arm_shared_neon_int16x8_t mask0 = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, shifted, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive = + libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); + core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range = + libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vshrq_n_u16( + (int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16( + shifted_positive_in_range), + core_core_arch_arm_shared_neon_uint16x8_t)); + core_core_arch_arm_shared_neon_int16x8_t shifted0 = + libcrux_intrinsics_arm64__vsubq_s16(half, v.high); + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, shifted0, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive0 = + libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); + core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range0 = + libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vshrq_n_u16( + (int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16( + shifted_positive_in_range0), + core_core_arch_arm_shared_neon_uint16x8_t)); + return v; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___compress_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_compress_1(v); +} + +inline int16_t +libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + int16_t coefficient_bits) { + int16_t uu____0; + switch (coefficient_bits) { + case 4: { + uu____0 = (int16_t)15; + break; + } + case 5: { + uu____0 = (int16_t)31; + break; + } + case 10: { + uu____0 = (int16_t)1023; + break; + } + case 11: { + uu____0 = (int16_t)2047; + break; + } + default: { + int16_t x = coefficient_bits; + uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; + } + } + return uu____0; +} + +inline core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, + core_core_arch_arm_shared_neon_int16x8_t c) { + core_core_arch_arm_shared_neon_int16x8_t v_low = + libcrux_intrinsics_arm64__vmulq_s16(v, c); + core_core_arch_arm_shared_neon_int16x8_t v_high = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + v_low, v_high); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int32x4_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t dup_a = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int32x4_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t dup_b = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, + zeta); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int32x4_t uu____2 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + uu____2, libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + core_core_arch_arm_shared_neon_int32x4_t uu____3 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + uu____3, libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step(a, zeta1, zeta2, zeta3, + zeta4); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2) { + int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int64x2_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t dup_a = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int64x2_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t dup_b = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, + zeta); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int64x2_t uu____2 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + uu____2, libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + core_core_arch_arm_shared_neon_int64x2_t uu____3 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + uu____3, libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step(a, zeta1, zeta2); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { + core_core_arch_arm_shared_neon_int16x8_t zeta0 = + libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + v.high, zeta0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); + return v; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step(a, zeta); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int32x4_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int32x4_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + core_core_arch_arm_shared_neon_int16x8_t a1 = + libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(a); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta); + core_core_arch_arm_shared_neon_int32x4_t uu____2 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + uu____2, libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + core_core_arch_arm_shared_neon_int32x4_t uu____3 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + uu____3, libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step(a, zeta1, zeta2, + zeta3, zeta4); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2) { + int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int64x2_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + uu____0, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int64x2_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + uu____1, + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta); + core_core_arch_arm_shared_neon_int64x2_t uu____2 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + uu____2, libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + core_core_arch_arm_shared_neon_int64x2_t uu____3 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + uu____3, libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step(a, zeta1, zeta2); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { + core_core_arch_arm_shared_neon_int16x8_t zeta0 = + libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); + v.high = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta0); + return v; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step(a, zeta); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_multiply( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta3, -zeta1, -zeta3, + zeta2, zeta4, -zeta2, -zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); + core_core_arch_arm_shared_neon_int16x8_t a1 = + libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); + core_core_arch_arm_shared_neon_int16x8_t b1 = + libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); + core_core_arch_arm_shared_neon_int16x8_t a1b1 = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(a1, + b1); + core_core_arch_arm_shared_neon_int16x4_t uu____0 = + libcrux_intrinsics_arm64__vget_low_s16(a1b1); + core_core_arch_arm_shared_neon_int32x4_t a1b1_low = + libcrux_intrinsics_arm64__vmull_s16( + uu____0, libcrux_intrinsics_arm64__vget_low_s16(zeta)); + core_core_arch_arm_shared_neon_int32x4_t a1b1_high = + libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); + core_core_arch_arm_shared_neon_int32x4_t uu____1 = a1b1_low; + core_core_arch_arm_shared_neon_int16x4_t uu____2 = + libcrux_intrinsics_arm64__vget_low_s16(a0); + core_core_arch_arm_shared_neon_int16x8_t fst_low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_s16( + uu____1, uu____2, libcrux_intrinsics_arm64__vget_low_s16(b0))); + core_core_arch_arm_shared_neon_int16x8_t fst_high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, a0, b0)); + core_core_arch_arm_shared_neon_int16x4_t uu____3 = + libcrux_intrinsics_arm64__vget_low_s16(a0); + core_core_arch_arm_shared_neon_int32x4_t a0b1_low = + libcrux_intrinsics_arm64__vmull_s16( + uu____3, libcrux_intrinsics_arm64__vget_low_s16(b1)); + core_core_arch_arm_shared_neon_int32x4_t a0b1_high = + libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); + core_core_arch_arm_shared_neon_int32x4_t uu____4 = a0b1_low; + core_core_arch_arm_shared_neon_int16x4_t uu____5 = + libcrux_intrinsics_arm64__vget_low_s16(a1); + core_core_arch_arm_shared_neon_int16x8_t snd_low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_s16( + uu____4, uu____5, libcrux_intrinsics_arm64__vget_low_s16(b0))); + core_core_arch_arm_shared_neon_int16x8_t snd_high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, a1, b0)); + core_core_arch_arm_shared_neon_int16x8_t fst_low16 = + libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); + core_core_arch_arm_shared_neon_int16x8_t fst_high16 = + libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); + core_core_arch_arm_shared_neon_int16x8_t snd_low16 = + libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); + core_core_arch_arm_shared_neon_int16x8_t snd_high16 = + libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); + core_core_arch_arm_shared_neon_int16x8_t fst = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + fst_low16, fst_high16); + core_core_arch_arm_shared_neon_int16x8_t snd = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + snd_low16, snd_high16); + core_core_arch_arm_shared_neon_int32x4_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); + core_core_arch_arm_shared_neon_int32x4_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); + core_core_arch_arm_shared_neon_int16x8_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(low0, high0)); + core_core_arch_arm_shared_neon_int16x8_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(low0, high0)); + uint8_t indexes[16U] = {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, + 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U}; + core_core_arch_arm_shared_neon_uint8x16_t index = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, indexes, uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low2 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8( + libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), index)); + core_core_arch_arm_shared_neon_int16x8_t high2 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8( + libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), index)); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = low2, .high = high2}); +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ntt_multiply( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_ntt_multiply(lhs, rhs, zeta1, zeta2, + zeta3, zeta4); +} + +inline void libcrux_ml_kem_vector_neon_serialize_serialize_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]) { + int16_t shifter[8U] = {(int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, + (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low0 = + libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); + core_core_arch_arm_shared_neon_int16x8_t high0 = + libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); + int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); + int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); + ret[0U] = (uint8_t)low; + ret[1U] = (uint8_t)high; +} + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]) { + uint8_t ret0[2U]; + libcrux_ml_kem_vector_neon_serialize_serialize_1(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a) { + core_core_arch_arm_shared_neon_int16x8_t one = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); + core_core_arch_arm_shared_neon_int16x8_t low0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( + a, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + core_core_arch_arm_shared_neon_int16x8_t high0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( + a, (size_t)1U, uint8_t, uint8_t *, uint8_t)); + int16_t shifter[8U] = {(int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, + (int16_t)-4, (int16_t)-5, (int16_t)-6, (int16_t)-7}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vshlq_s16(low0, shift); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vshlq_s16(high0, shift); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vandq_s16(low, one); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = uu____0, .high = libcrux_intrinsics_arm64__vandq_s16(high, one)}); +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_1( + Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_1(a); +} + +inline void libcrux_ml_kem_vector_neon_serialize_serialize_4( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]) { + int16_t shifter[8U] = {(int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, + (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t lowt = + libcrux_intrinsics_arm64__vshlq_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), shift); + core_core_arch_arm_shared_neon_uint16x8_t hight = + libcrux_intrinsics_arm64__vshlq_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), shift); + uint64_t sum0 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_low_u16(lowt)); + uint64_t sum1 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_high_u16(lowt)); + uint64_t sum2 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_low_u16(hight)); + uint64_t sum3 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_high_u16(hight)); + uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; + uint8_t ret0[8U]; + core_num__u64_9__to_le_bytes(sum, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_4( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]) { + uint8_t ret0[8U]; + libcrux_ml_kem_vector_neon_serialize_serialize_4(a, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v) { + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, v, Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret); + uint64_t input = core_num__u64_9__from_le_bytes(ret); + int16_t low[8U] = {0U}; + int16_t high[8U] = {0U}; + low[0U] = (int16_t)(input & 15ULL); + low[1U] = (int16_t)(input >> 4U & 15ULL); + low[2U] = (int16_t)(input >> 8U & 15ULL); + low[3U] = (int16_t)(input >> 12U & 15ULL); + low[4U] = (int16_t)(input >> 16U & 15ULL); + low[5U] = (int16_t)(input >> 20U & 15ULL); + low[6U] = (int16_t)(input >> 24U & 15ULL); + low[7U] = (int16_t)(input >> 28U & 15ULL); + high[0U] = (int16_t)(input >> 32U & 15ULL); + high[1U] = (int16_t)(input >> 36U & 15ULL); + high[2U] = (int16_t)(input >> 40U & 15ULL); + high[3U] = (int16_t)(input >> 44U & 15ULL); + high[4U] = (int16_t)(input >> 48U & 15ULL); + high[5U] = (int16_t)(input >> 52U & 15ULL); + high[6U] = (int16_t)(input >> 56U & 15ULL); + high[7U] = (int16_t)(input >> 60U & 15ULL); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, low, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, high, int16_t, Eurydice_slice)); + return lit; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_4( + Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_4(a); +} + +inline void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]) { + int16_t out[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_s16( + Eurydice_array_to_subslice((size_t)16U, out, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice), + v.low); + libcrux_intrinsics_arm64__vst1q_s16( + Eurydice_array_to_subslice((size_t)16U, out, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)8U, .end = (size_t)16U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice), + v.high); + memcpy(ret, out, (size_t)16U * sizeof(int16_t)); +} + +inline void libcrux_ml_kem_vector_neon_serialize_serialize_5( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]) { + uint8_t res[10U] = {0U}; + int16_t out[16U]; + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out); + res[0U] = (uint8_t)(out[0U] | out[1U] << 5U); + res[1U] = (uint8_t)((out[1U] >> 3U | out[2U] << 2U) | out[3U] << 7U); + res[2U] = (uint8_t)(out[3U] >> 1U | out[4U] << 4U); + res[3U] = (uint8_t)((out[4U] >> 4U | out[5U] << 1U) | out[6U] << 6U); + res[4U] = (uint8_t)(out[6U] >> 2U | out[7U] << 3U); + res[5U] = (uint8_t)(out[(size_t)8U + (size_t)0U] | + out[(size_t)8U + (size_t)1U] << 5U); + res[6U] = (uint8_t)((out[(size_t)8U + (size_t)1U] >> 3U | + out[(size_t)8U + (size_t)2U] << 2U) | + out[(size_t)8U + (size_t)3U] << 7U); + res[7U] = (uint8_t)(out[(size_t)8U + (size_t)3U] >> 1U | + out[(size_t)8U + (size_t)4U] << 4U); + res[8U] = (uint8_t)((out[(size_t)8U + (size_t)4U] >> 4U | + out[(size_t)8U + (size_t)5U] << 1U) | + out[(size_t)8U + (size_t)6U] << 6U); + res[9U] = (uint8_t)(out[(size_t)8U + (size_t)6U] >> 2U | + out[(size_t)8U + (size_t)7U] << 3U); + memcpy(ret, res, (size_t)10U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_5( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]) { + uint8_t ret0[10U]; + libcrux_ml_kem_vector_neon_serialize_serialize_5(a, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v) { + uint8_t input0[8U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)8U, input0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)5U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice(v, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)5U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + uint8_t uu____1[8U]; + memcpy(uu____1, input0, (size_t)8U * sizeof(uint8_t)); + uint64_t low64 = core_num__u64_9__from_le_bytes(uu____1); + uint8_t input1[8U] = {0U}; + Eurydice_slice uu____2 = Eurydice_array_to_subslice( + (size_t)8U, input1, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)5U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice(v, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)5U, .end = (size_t)10U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + uint8_t uu____3[8U]; + memcpy(uu____3, input1, (size_t)8U * sizeof(uint8_t)); + uint64_t high64 = core_num__u64_9__from_le_bytes(uu____3); + int16_t low[8U] = {0U}; + int16_t high[8U] = {0U}; + low[0U] = (int16_t)(low64 & 31ULL); + low[1U] = (int16_t)(low64 >> 5U & 31ULL); + low[2U] = (int16_t)(low64 >> 10U & 31ULL); + low[3U] = (int16_t)(low64 >> 15U & 31ULL); + low[4U] = (int16_t)(low64 >> 20U & 31ULL); + low[5U] = (int16_t)(low64 >> 25U & 31ULL); + low[6U] = (int16_t)(low64 >> 30U & 31ULL); + low[7U] = (int16_t)(low64 >> 35U & 31ULL); + high[0U] = (int16_t)(high64 & 31ULL); + high[1U] = (int16_t)(high64 >> 5U & 31ULL); + high[2U] = (int16_t)(high64 >> 10U & 31ULL); + high[3U] = (int16_t)(high64 >> 15U & 31ULL); + high[4U] = (int16_t)(high64 >> 20U & 31ULL); + high[5U] = (int16_t)(high64 >> 25U & 31ULL); + high[6U] = (int16_t)(high64 >> 30U & 31ULL); + high[7U] = (int16_t)(high64 >> 35U & 31ULL); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, low, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, high, int16_t, Eurydice_slice)); + return lit; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_5( + Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_5(a); +} + +inline void libcrux_ml_kem_vector_neon_serialize_serialize_10( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]) { + core_core_arch_arm_shared_neon_int32x4_t low00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t low10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t mixt = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)10, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)20, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); + core_core_arch_arm_shared_neon_int32x4_t high00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t high10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t mixt0 = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)10, high00, high10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)20, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); + uint8_t result32[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)32U, result32, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice uu____1 = Eurydice_array_to_subslice( + (size_t)32U, result32, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[20U] = {0U}; + Eurydice_slice uu____2 = Eurydice_array_to_subslice( + (size_t)20U, result, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)5U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice((size_t)32U, result32, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)5U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice( + (size_t)20U, result, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)5U, + .end = (size_t)10U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice((size_t)32U, result32, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)8U, .end = (size_t)13U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_array_to_subslice( + (size_t)20U, result, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)10U, + .end = (size_t)15U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice((size_t)32U, result32, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U, .end = (size_t)21U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice( + (size_t)20U, result, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)15U, + .end = (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice((size_t)32U, result32, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)24U, .end = (size_t)29U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_10( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]) { + uint8_t ret0[20U]; + libcrux_ml_kem_vector_neon_serialize_serialize_10(a, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v) { + uint8_t input0[8U] = {0U}; + uint8_t input1[8U] = {0U}; + uint8_t input2[4U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)8U, input0, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice(v, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)8U, input1, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice(v, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)8U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)4U, input2, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice(v, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U, .end = (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + uint8_t uu____3[8U]; + memcpy(uu____3, input0, (size_t)8U * sizeof(uint8_t)); + uint64_t input00 = core_num__u64_9__from_le_bytes(uu____3); + uint8_t uu____4[8U]; + memcpy(uu____4, input1, (size_t)8U * sizeof(uint8_t)); + uint64_t input10 = core_num__u64_9__from_le_bytes(uu____4); + uint8_t uu____5[4U]; + memcpy(uu____5, input2, (size_t)4U * sizeof(uint8_t)); + uint32_t input20 = core_num__u32_8__from_le_bytes(uu____5); + int16_t low[8U] = {0U}; + int16_t high[8U] = {0U}; + low[0U] = (int16_t)(input00 & 1023ULL); + low[1U] = (int16_t)(input00 >> 10U & 1023ULL); + low[2U] = (int16_t)(input00 >> 20U & 1023ULL); + low[3U] = (int16_t)(input00 >> 30U & 1023ULL); + low[4U] = (int16_t)(input00 >> 40U & 1023ULL); + low[5U] = (int16_t)(input00 >> 50U & 1023ULL); + low[6U] = (int16_t)((input00 >> 60U | input10 << 4U) & 1023ULL); + low[7U] = (int16_t)(input10 >> 6U & 1023ULL); + high[0U] = (int16_t)(input10 >> 16U & 1023ULL); + high[1U] = (int16_t)(input10 >> 26U & 1023ULL); + high[2U] = (int16_t)(input10 >> 36U & 1023ULL); + high[3U] = (int16_t)(input10 >> 46U & 1023ULL); + high[4U] = (int16_t)(((uint32_t)(input10 >> 56U) | input20 << 8U) & 1023U); + high[5U] = (int16_t)(input20 >> 2U & 1023U); + high[6U] = (int16_t)(input20 >> 12U & 1023U); + high[7U] = (int16_t)(input20 >> 22U & 1023U); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, low, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, high, int16_t, Eurydice_slice)); + return lit; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_10( + Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_10(a); +} + +inline void libcrux_ml_kem_vector_neon_serialize_serialize_11( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]) { + int16_t input[16U]; + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, input); + uint8_t result[22U] = {0U}; + result[0U] = (uint8_t)input[0U]; + result[1U] = (uint8_t)(input[0U] >> 8U | input[1U] << 3U); + result[2U] = (uint8_t)(input[1U] >> 5U | input[2U] << 6U); + result[3U] = (uint8_t)(input[2U] >> 2U); + result[4U] = (uint8_t)(input[2U] >> 10U | input[3U] << 1U); + result[5U] = (uint8_t)(input[3U] >> 7U | input[4U] << 4U); + result[6U] = (uint8_t)(input[4U] >> 4U | input[5U] << 7U); + result[7U] = (uint8_t)(input[5U] >> 1U); + result[8U] = (uint8_t)(input[5U] >> 9U | input[6U] << 2U); + result[9U] = (uint8_t)(input[6U] >> 6U | input[7U] << 5U); + result[10U] = (uint8_t)(input[7U] >> 3U); + result[(size_t)11U + (size_t)0U] = (uint8_t)input[(size_t)8U + (size_t)0U]; + result[(size_t)11U + (size_t)1U] = + (uint8_t)(input[(size_t)8U + (size_t)0U] >> 8U | + input[(size_t)8U + (size_t)1U] << 3U); + result[(size_t)11U + (size_t)2U] = + (uint8_t)(input[(size_t)8U + (size_t)1U] >> 5U | + input[(size_t)8U + (size_t)2U] << 6U); + result[(size_t)11U + (size_t)3U] = + (uint8_t)(input[(size_t)8U + (size_t)2U] >> 2U); + result[(size_t)11U + (size_t)4U] = + (uint8_t)(input[(size_t)8U + (size_t)2U] >> 10U | + input[(size_t)8U + (size_t)3U] << 1U); + result[(size_t)11U + (size_t)5U] = + (uint8_t)(input[(size_t)8U + (size_t)3U] >> 7U | + input[(size_t)8U + (size_t)4U] << 4U); + result[(size_t)11U + (size_t)6U] = + (uint8_t)(input[(size_t)8U + (size_t)4U] >> 4U | + input[(size_t)8U + (size_t)5U] << 7U); + result[(size_t)11U + (size_t)7U] = + (uint8_t)(input[(size_t)8U + (size_t)5U] >> 1U); + result[(size_t)11U + (size_t)8U] = + (uint8_t)(input[(size_t)8U + (size_t)5U] >> 9U | + input[(size_t)8U + (size_t)6U] << 2U); + result[(size_t)11U + (size_t)9U] = + (uint8_t)(input[(size_t)8U + (size_t)6U] >> 6U | + input[(size_t)8U + (size_t)7U] << 5U); + result[(size_t)11U + (size_t)10U] = + (uint8_t)(input[(size_t)8U + (size_t)7U] >> 3U); + memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_11( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]) { + uint8_t ret0[22U]; + libcrux_ml_kem_vector_neon_serialize_serialize_11(a, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v) { + uint8_t input0[8U] = {0U}; + uint8_t input1[8U] = {0U}; + uint8_t input2[8U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)8U, input0, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice(v, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)8U, input1, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice(v, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)8U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_array_to_subslice( + (size_t)8U, input2, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)6U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice(v, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U, .end = (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + uint8_t uu____3[8U]; + memcpy(uu____3, input0, (size_t)8U * sizeof(uint8_t)); + uint64_t input00 = core_num__u64_9__from_le_bytes(uu____3); + uint8_t uu____4[8U]; + memcpy(uu____4, input1, (size_t)8U * sizeof(uint8_t)); + uint64_t input10 = core_num__u64_9__from_le_bytes(uu____4); + uint8_t uu____5[8U]; + memcpy(uu____5, input2, (size_t)8U * sizeof(uint8_t)); + uint64_t input20 = core_num__u64_9__from_le_bytes(uu____5); + int16_t low[8U] = {0U}; + int16_t high[8U] = {0U}; + low[0U] = (int16_t)(input00 & 2047ULL); + low[1U] = (int16_t)(input00 >> 11U & 2047ULL); + low[2U] = (int16_t)(input00 >> 22U & 2047ULL); + low[3U] = (int16_t)(input00 >> 33U & 2047ULL); + low[4U] = (int16_t)(input00 >> 44U & 2047ULL); + low[5U] = (int16_t)((input00 >> 55U | input10 << 9U) & 2047ULL); + low[6U] = (int16_t)(input10 >> 2U & 2047ULL); + low[7U] = (int16_t)(input10 >> 13U & 2047ULL); + high[0U] = (int16_t)(input10 >> 24U & 2047ULL); + high[1U] = (int16_t)(input10 >> 35U & 2047ULL); + high[2U] = (int16_t)(input10 >> 46U & 2047ULL); + high[3U] = (int16_t)((input10 >> 57U | input20 << 7U) & 2047ULL); + high[4U] = (int16_t)(input20 >> 4U & 2047ULL); + high[5U] = (int16_t)(input20 >> 15U & 2047ULL); + high[6U] = (int16_t)(input20 >> 26U & 2047ULL); + high[7U] = (int16_t)(input20 >> 37U & 2047ULL); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, low, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, high, int16_t, Eurydice_slice)); + return lit; +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_11( + Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_11(a); +} + +inline void libcrux_ml_kem_vector_neon_serialize_serialize_12( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]) { + core_core_arch_arm_shared_neon_int32x4_t low00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t low10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t mixt = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)12, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)24, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); + core_core_arch_arm_shared_neon_int32x4_t high00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t high10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t mixt0 = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)12, high00, high10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)24, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); + uint8_t result32[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)32U, result32, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice uu____1 = Eurydice_array_to_subslice( + (size_t)32U, result32, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[24U] = {0U}; + Eurydice_slice uu____2 = Eurydice_array_to_subslice( + (size_t)24U, result, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)6U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice((size_t)32U, result32, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)6U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice( + (size_t)24U, result, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)6U, + .end = (size_t)12U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice((size_t)32U, result32, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)8U, .end = (size_t)14U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_array_to_subslice( + (size_t)24U, result, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)12U, + .end = (size_t)18U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice((size_t)32U, result32, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U, .end = (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice( + (size_t)24U, result, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)18U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice((size_t)32U, result32, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)24U, .end = (size_t)30U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_12( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]) { + uint8_t ret0[24U]; + libcrux_ml_kem_vector_neon_serialize_serialize_12(a, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v) { + uint8_t indexes[16U] = {0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, + 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U}; + core_core_arch_arm_shared_neon_uint8x16_t index_vec = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, indexes, uint8_t, Eurydice_slice)); + int16_t shifts[8U] = {(int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, + (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4}; + core_core_arch_arm_shared_neon_int16x8_t shift_vec = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, shifts, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t mask12 = + libcrux_intrinsics_arm64__vdupq_n_u16(4095U); + uint8_t input0[16U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)16U, input0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)12U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice(v, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)12U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_arm_shared_neon_uint8x16_t input_vec0 = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, input0, uint8_t, Eurydice_slice)); + uint8_t input1[16U] = {0U}; + Eurydice_slice uu____1 = Eurydice_array_to_subslice( + (size_t)16U, input1, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)12U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice(v, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)12U, .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_arm_shared_neon_uint8x16_t input_vec1 = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, input1, uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t moved0 = + libcrux_intrinsics_arm64__vreinterpretq_u16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, index_vec)); + core_core_arch_arm_shared_neon_uint16x8_t shifted0 = + libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vandq_u16(shifted0, mask12)); + core_core_arch_arm_shared_neon_uint16x8_t moved1 = + libcrux_intrinsics_arm64__vreinterpretq_u16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, index_vec)); + core_core_arch_arm_shared_neon_uint16x8_t shifted1 = + libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vandq_u16(shifted1, mask12)); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = low, .high = high}); +} + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_12( + Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_12(a); +} + +inline size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, + Eurydice_slice result) { + size_t sampled = (size_t)0U; + core_slice_iter_Chunks iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + core_slice___Slice_T___chunks(a, (size_t)3U, uint8_t, + core_slice_iter_Chunks), + core_slice_iter_Chunks, core_slice_iter_Chunks); + while (true) { + core_option_Option__Eurydice_slice_uint8_t uu____0 = + core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next( + &iter, uint8_t, core_option_Option__Eurydice_slice_uint8_t); + if (uu____0.tag == core_option_None) { + break; + } else { + Eurydice_slice bytes = uu____0.f0; + int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____1; + int16_t uu____2; + bool uu____3; + size_t uu____4; + int16_t uu____5; + size_t uu____6; + int16_t uu____7; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { + if (sampled < (size_t)16U) { + int16_t uu____8 = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = + uu____8; + sampled++; + uu____2 = d2; + uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____1 = uu____2 < uu____7; + if (uu____1) { + uu____4 = sampled; + uu____3 = uu____4 < (size_t)16U; + if (uu____3) { + uu____5 = d2; + uu____6 = sampled; + Eurydice_slice_index(result, uu____6, int16_t, int16_t *, + int16_t) = uu____5; + sampled++; + continue; + } + } + continue; + } + } + uu____2 = d2; + uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____1 = uu____2 < uu____7; + if (uu____1) { + uu____4 = sampled; + uu____3 = uu____4 < (size_t)16U; + if (uu____3) { + uu____5 = d2; + uu____6 = sampled; + Eurydice_slice_index(result, uu____6, int16_t, int16_t *, int16_t) = + uu____5; + sampled++; + continue; + } + } + } + } + return sampled; +} + +size_t +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___rej_sample( + Eurydice_slice a, Eurydice_slice out) { + return libcrux_ml_kem_vector_neon_rej_sample(a, out); +} + +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type___core__clone__Clone_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___clone( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self) { + return self[0U]; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + lit; + lit.coefficients[0U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[1U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[2U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[3U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[4U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[5U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[6U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[7U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[8U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[9U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[10U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[11U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[12U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[13U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[14U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + lit.coefficients[15U] = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(); + return lit; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, .end = i0 * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_12( + bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___cond_subtract_3329( + coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_1184size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + deserialized_pk[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +shift_right___15int32_t( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + v.low = libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, v.low, core_core_arch_arm_shared_neon_int16x8_t); + v.high = libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, v.high, core_core_arch_arm_shared_neon_int16x8_t); + return v; +} + +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +shift_right___15int32_t0( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return shift_right___15int32_t(v); +} + +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +to_unsigned_representative__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = + shift_right___15int32_t0(a); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fm = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___bitwise_and_with_constant( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___add( + a, &fm); +} + +static inline void +serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re, + uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_12( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)384U, serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)24U * i0, .end = (size_t)24U * i0 + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1152size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + key[3U], + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1152U, out, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + t_as_ntt[3U], + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1184U, public_key_serialized, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)1152U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____1[3U]; + memcpy( + uu____1, t_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t ret0[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1152size_t( + uu____1, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); +} + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1152size_t_1184size_t( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + deserialized_pk[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_1184size_t_3size_t( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0[3U]; + memcpy( + uu____0, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1152size_t_1184size_t( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { + uint8_t digest[64U] = {0U}; + libcrux_sha3_neon_sha512( + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); +} + +static void +closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret0[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + memcpy( + ret, ret0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +typedef struct Simd128Hash_s { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + shake128_state[2U]; +} Simd128Hash; + +static inline Simd128Hash shake128_init_absorb___3size_t( + uint8_t input[3U][34U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + state[2U] = {uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____1 = state; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + uu____1, uu____2, + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____3 = &state[1U]; + Eurydice_slice uu____4 = + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + uu____3, uu____4, + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy( + lit.shake128_state, state, + (size_t)2U * + sizeof( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t)); + return lit; +} + +static inline void shake128_squeeze_three_blocks___3size_t( + Simd128Hash *self, uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = self->shake128_state; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + uu____0, uu____1, + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &self->shake128_state[1U]; + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + uu____2, uu____3, + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____4[504U]; + memcpy(uu____4, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____4, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____5[504U]; + memcpy(uu____5, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____5, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____6[504U]; + memcpy(uu____6, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____6, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_504size_t( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)504U, randomness[i1], + (CLITERAL(core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + (CLITERAL(core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static inline void shake128_squeeze_block___3size_t(Simd128Hash *self, + uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = self->shake128_state; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + uu____0, uu____1, + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &self->shake128_state[1U]; + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + uu____2, uu____3, + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____4[168U]; + memcpy(uu____4, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____4, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____5[168U]; + memcpy(uu____5, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____5, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____6[168U]; + memcpy(uu____6, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____6, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_168size_t( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)168U, randomness[i1], + (CLITERAL(core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + (CLITERAL(core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +from_i16_array__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___from_i16_array( + Eurydice_slice_subslice( + a, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)16U, + .end = (i0 + (size_t)1U) * (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + result.coefficients[i0] = uu____0; + } + return result; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t0( + int16_t s[272U]) { + return from_i16_array__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_array_to_subslice((size_t)272U, s, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)256U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb___3size_t(uu____0); + uint8_t randomness0[3U][504U]; + shake128_squeeze_three_blocks___3size_t(&xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_504size_t( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[3U][168U]; + shake128_squeeze_block___3size_t(&xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_168size_t( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret0[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t0( + uu____3[i]);); + memcpy( + ret, ret0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + A_transpose[3U][3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + A_transpose[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + sampled[3U]; + sample_from_xof__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + uu____1, sampled); + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy( + ret, A_transpose, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [3U])); +} + +typedef struct + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t__uint8_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + fst[3U]; + uint8_t snd; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t__uint8_t; + +static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____0, uu____1, uu____2, + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____3, uu____4, uu____5, + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____6[128U]; + memcpy(uu____6, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____6, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____7[128U]; + memcpy(uu____7, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____7, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____8[128U]; + memcpy(uu____8, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____8, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +sample_from_binomial_distribution_2__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice( + randomness, + (CLITERAL(core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)4U, + .end = chunk_number * (size_t)4U + (size_t)4U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index( + byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint32_t uu____1 = + uu____0 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, + uint8_t, uint8_t *, uint8_t) + << 8U; + uint32_t uu____2 = + uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, + uint8_t, uint8_t *, uint8_t) + << 16U; + uint32_t random_bits_as_u32 = + uu____2 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, + uint8_t, uint8_t *, uint8_t) + << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, + Eurydice_slice)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +sample_from_binomial_distribution_3__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice( + randomness, + (CLITERAL(core_ops_range_Range__size_t){ + .start = chunk_number * (size_t)3U, + .end = chunk_number * (size_t)3U + (size_t)3U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint32_t uu____0 = (uint32_t)Eurydice_slice_index( + byte_chunk, (size_t)0U, uint8_t, uint8_t *, uint8_t); + uint32_t uu____1 = + uu____0 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, + uint8_t, uint8_t *, uint8_t) + << 8U; + uint32_t random_bits_as_u24 = + uu____1 | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, + uint8_t, uint8_t *, uint8_t) + << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, + Eurydice_slice)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + Eurydice_slice randomness) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0; + uu____0 = + sample_from_binomial_distribution_2__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + randomness); + return uu____0; +} + +static inline void +ntt_at_layer_7__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re) { + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___multiply_by_constant( + re->coefficients[j + step], (int16_t)-1600); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___sub( + re->coefficients[j], &t); + re->coefficients[j + step] = uu____0; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___add( + re->coefficients[j], &t); + re->coefficients[j] = uu____1; + } +} + +typedef struct + __libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_s { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector snd; +} __libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector; + +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +montgomery_multiply_fe__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t fer) { + return libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___montgomery_multiply_by_constant( + v, fer); +} + +static inline __libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +ntt_layer_int_vec_step__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = + montgomery_multiply_fe__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + b, zeta_r); + b = libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___sub( + a, &t); + a = libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___add( + a, &t); + return (CLITERAL( + __libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .fst = a, .snd = b}); +} + +static inline void +ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + __libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + ntt_layer_int_vec_step__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R + [zeta_i[0U]]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +static inline void +ntt_at_layer_3__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ntt_layer_3_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +static inline void +ntt_at_layer_2__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ntt_layer_2_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); +} + +static inline void +ntt_at_layer_1__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ntt_layer_1_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); +} + +static inline void +poly_barrett_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *self) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___barrett_reduce( + self->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re) { + ntt_at_layer_7__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(re); + size_t zeta_i = (size_t)1U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(&zeta_i, + re); + ntt_at_layer_2__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(&zeta_i, + re); + ntt_at_layer_1__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(&zeta_i, + re); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(re); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____2[3U]; + memcpy( + uu____2, re_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + lit.snd = domain_separator; + return lit; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +ntt_multiply__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *rhs) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + out = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ntt_multiply( + &self->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + out.coefficients[i0] = uu____0; + } + return out; +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___add( + self->coefficients[i0], &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +to_standard_domain__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___montgomery_multiply_by_constant( + v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +static inline void +add_standard_error_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient_normal_form = + to_standard_domain__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + self->coefficients[j]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___barrett_reduce( + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___add( + coefficient_normal_form, &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ( + *matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + result[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [3U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *row = matrix_A[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + &result[i1], &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static libcrux_ml_kem_utils_extraction_helper_Keypair768 +generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G___3size_t(key_generation_seed, hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( + uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + error_as_ntt[3U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( + uu____3, domain_separator) + .fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + t_as_ntt[3U]; + compute_As_plus_e__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____4[3U]; + memcpy( + uu____4, t_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1152size_t_1184size_t( + uu____4, seed_for_A, public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____5[3U]; + memcpy( + uu____5, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1152size_t( + uu____5, secret_key_serialized); + uint8_t uu____6[1152U]; + memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____7[1184U]; + memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; + memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_neon_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____0, + (CLITERAL(core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____3, + (CLITERAL(core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)2400U, out, + (CLITERAL(core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[32U]; + H___3size_t(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)2400U, uu____7, + (CLITERAL(core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len( + implicit_rejection_value, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); +} + +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = + generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + Eurydice_slice uu____1 = Eurydice_array_to_slice( + (size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t( + uu____1, + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____2[2400U]; + memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( + uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; + uint8_t uu____4[1184U]; + memcpy(uu____4, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( + uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( + uu____4)); +} + +static inline void +entropy_preprocess__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + Eurydice_slice randomness, uint8_t ret[32U]) { + uint8_t ret0[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + deserialized_pk[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + error_1[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + error_1[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____2[3U]; + memcpy( + uu____2, error_1, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + lit.snd = domain_separator; + return lit; +} + +static inline void PRF___3size_t_128size_t(Eurydice_slice input, + uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + uint8_t dummy[128U] = {0U}; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____0, uu____1, uu____2, + Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +static inline void +invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___inv_ntt_layer_1_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); +} + +static inline void +invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___inv_ntt_layer_2_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); +} + +static inline void +invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___inv_ntt_layer_3_step( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +static inline __libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a_minus_b = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___sub( + b, &a); + a = libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___barrett_reduce( + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___add( + a, &b)); + b = montgomery_multiply_fe__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + a_minus_b, zeta_r); + return (CLITERAL( + __libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .fst = a, .snd = b}); +} + +static inline void +invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + size_t *zeta_i, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + __libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R + [zeta_i[0U]]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(re); +} + +static inline void +add_error_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient_normal_form = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___montgomery_multiply_by_constant( + self->coefficients[j], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___barrett_reduce( + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___add( + coefficient_normal_form, &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ( + *a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + result[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [3U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *row = a_as_ntt[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + &result[i1], &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + &result[i1]); + add_error_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_1__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___bitwise_and_with_constant( + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___sub( + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO(), + &v), + (int16_t)1665); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient_compressed = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_1( + Eurydice_array_to_subslice( + (size_t)32U, serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_1__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + coefficient_compressed); + re.coefficients[i0] = uu____0;); + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +add_message_error_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *message, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient_normal_form = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___montgomery_multiply_by_constant( + result.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___add( + self->coefficients[i0], &message->coefficients[i0]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___add( + coefficient_normal_form, &tmp); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___barrett_reduce( + tmp0); + result.coefficients[i0] = uu____0; + } + return result; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compute_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + &result); + result = + add_message_error_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + error_2, message, result); + return result; +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t___10int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)10, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + core_core_arch_arm_shared_neon_uint32x4_t compressed2 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); + return compressed2; +} + +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress___10int32_t(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)10)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + compress_int32x4_t___10int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + compress_int32x4_t___10int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + compress_int32x4_t___10int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + compress_int32x4_t___10int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress___10int32_t0(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress___10int32_t(v); +} + +static inline void +compress_then_serialize_10__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re, + uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + compress___10int32_t0( + to_unsigned_representative__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_10( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)320U, serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)20U * i0, .end = (size_t)20U * i0 + (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t___11int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)11, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + core_core_arch_arm_shared_neon_uint32x4_t compressed2 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); + return compressed2; +} + +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress___11int32_t(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)11)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + compress_int32x4_t___11int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + compress_int32x4_t___11int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + compress_int32x4_t___11int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + compress_int32x4_t___11int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress___11int32_t0(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress___11int32_t(v); +} + +static inline void +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re, + uint8_t ret[320U]) { + uint8_t uu____0[320U]; + compress_then_serialize_10__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_320size_t( + re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + input[3U], + Eurydice_slice out) { + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * ((size_t)960U / (size_t)3U), + .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_10size_t_320size_t( + &re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t___4int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)4, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + core_core_arch_arm_shared_neon_uint32x4_t compressed2 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); + return compressed2; +} + +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress___4int32_t(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)4)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + compress_int32x4_t___4int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + compress_int32x4_t___4int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + compress_int32x4_t___4int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + compress_int32x4_t___4int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress___4int32_t0(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress___4int32_t(v); +} + +static inline void +compress_then_serialize_4__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + compress___4int32_t0( + to_unsigned_representative__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_4( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_slice_subslice( + serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)8U * i0, .end = (size_t)8U * i0 + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t___5int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)5, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + core_core_arch_arm_shared_neon_uint32x4_t compressed2 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); + return compressed2; +} + +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress___5int32_t(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)5)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + compress_int32x4_t___5int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + compress_int32x4_t___5int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + compress_int32x4_t___5int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + compress_int32x4_t___5int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress___5int32_t0(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress___5int32_t(v); +} + +static inline void +compress_then_serialize_5__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients = + compress___5int32_t0( + to_unsigned_representative__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_5( + coefficients, bytes); + Eurydice_slice uu____0 = Eurydice_slice_subslice( + serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)10U * i0, .end = (size_t)10U * i0 + (size_t)10U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re, + Eurydice_slice out) { + compress_then_serialize_4__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + re, out); +} + +static void +encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + t_as_ntt[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_1152size_t_3size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + A_transpose[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + ret0, false, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( + uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF___3size_t_128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + u[3U]; + compute_vector_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + A_transpose, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + v = compute_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + compress_then_serialize_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_960size_t_10size_t_320size_t( + uu____5, Eurydice_array_to_subslice( + (size_t)1088U, ciphertext, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)960U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_128size_t( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +static inline void +kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t( + Eurydice_slice shared_secret, uint8_t ret[32U]) { + uint8_t ret0[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H___3size_t( + Eurydice_array_to_slice( + (size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + public_key), + uint8_t, Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( + uu____4); + uint8_t shared_secret_array[32U]; + kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t( + shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t___10int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)10 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + core_core_arch_arm_shared_neon_uint32x4_t decompressed1 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)10, decompressed0, + core_core_arch_arm_shared_neon_uint32x4_t); + return decompressed1; +} + +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient___10int32_t( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + decompress_uint32x4_t___10int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + decompress_uint32x4_t___10int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + decompress_uint32x4_t___10int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + decompress_uint32x4_t___10int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient___10int32_t0( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient___10int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +deserialize_then_decompress_10__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)20U, .end = i0 * (size_t)20U + (size_t)20U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_10( + bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_ciphertext_coefficient___10int32_t0(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t___11int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)11 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + core_core_arch_arm_shared_neon_uint32x4_t decompressed1 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)11, decompressed0, + core_core_arch_arm_shared_neon_uint32x4_t); + return decompressed1; +} + +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient___11int32_t( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + decompress_uint32x4_t___11int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + decompress_uint32x4_t___11int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + decompress_uint32x4_t___11int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + decompress_uint32x4_t___11int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient___11int32_t0( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient___11int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +deserialize_then_decompress_11__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)22U, .end = i0 * (size_t)22U + (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_11( + bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_ciphertext_coefficient___11int32_t0(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_10size_t( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0; + uu____0 = + deserialize_then_decompress_10__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + serialized); + return uu____0; +} + +static inline void +ntt_vector_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(&zeta_i, + re); + ntt_at_layer_2__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(&zeta_i, + re); + ntt_at_layer_1__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(&zeta_i, + re); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(re); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1088size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + u_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + u_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice( + (size_t)1088U, ciphertext, + (CLITERAL(core_ops_range_Range__size_t){ + .start = + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_10size_t( + u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_10size_t( + &u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t___4int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)4 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + core_core_arch_arm_shared_neon_uint32x4_t decompressed1 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); + return decompressed1; +} + +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient___4int32_t( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + decompress_uint32x4_t___4int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + decompress_uint32x4_t___4int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + decompress_uint32x4_t___4int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + decompress_uint32x4_t___4int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient___4int32_t0( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient___4int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +deserialize_then_decompress_4__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)8U, .end = i0 * (size_t)8U + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_4( + bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_ciphertext_coefficient___4int32_t0(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t___5int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)5 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + core_core_arch_arm_shared_neon_uint32x4_t decompressed1 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)5, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); + return decompressed1; +} + +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient___5int32_t( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + decompress_uint32x4_t___5int32_t(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + decompress_uint32x4_t___5int32_t(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + decompress_uint32x4_t___5int32_t(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + decompress_uint32x4_t___5int32_t(high10); + core_core_arch_arm_shared_neon_int16x8_t uu____0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t uu____1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient___5int32_t0( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient___5int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +deserialize_then_decompress_5__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)10U, .end = i0 * (size_t)10U + (size_t)10U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_5( + bytes); + re.coefficients[i0] = uu____0; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = + decompress_ciphertext_coefficient___5int32_t0(re.coefficients[i0]); + re.coefficients[i0] = uu____1; + } + return re; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0; + uu____0 = + deserialize_then_decompress_4__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + serialized); + return uu____0; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, .end = i0 * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_12( + bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + secret_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +subtract_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + b) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient_normal_form = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___montgomery_multiply_by_constant( + b.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___barrett_reduce( + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___sub( + self->coefficients[i0], &coefficient_normal_form)); + b.coefficients[i0] = uu____0; + } + return b; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compute_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + &result); + result = + subtract_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + v, result); + return result; +} + +static inline void +compress_then_serialize_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re, + uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + re.coefficients[i0]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient_compressed = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___compress_1( + coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_1( + coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)32U, serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, .end = (size_t)2U * i0 + (size_t)2U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *);); + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); +} + +static void +decrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + u_as_ntt[3U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1088size_t_10size_t( + ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + secret_as_ntt[3U]; + deserialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + message = + compute_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + &v, secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void PRF___3size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + uint8_t dummy[32U] = {0U}; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____0, uu____1, uu____2, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array___1120size_t(implicit_rejection_value, + to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF___3size_t_32size_t( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____5, uu____6, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + uu____7, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, + uint8_t, Eurydice_slice)); + uint8_t implicit_rejection_shared_secret[32U]; + kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t( + shared_secret0, shared_secret); + Eurydice_slice uu____9 = Eurydice_array_to_slice((size_t)32U, shared_secret, + uint8_t, Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____9, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_1568size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + deserialized_pk[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1536size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + key[4U], + uint8_t ret[1536U]) { + uint8_t out[1536U] = {0U}; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1536U, out, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1536size_t_1568size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + t_as_ntt[4U], + Eurydice_slice seed_for_a, uint8_t ret[1568U]) { + uint8_t public_key_serialized[1568U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)1568U, public_key_serialized, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)1536U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____1[4U]; + memcpy( + uu____1, t_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t ret0[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1536size_t( + uu____1, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, + (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); +} + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1536size_t_1568size_t( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + deserialized_pk[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_1568size_t_4size_t( + Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0[4U]; + memcpy( + uu____0, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1536size_t_1568size_t( + uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { + uint8_t digest[64U] = {0U}; + libcrux_sha3_neon_sha512( + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); +} + +static void +closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret0[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + memcpy( + ret, ret0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline Simd128Hash shake128_init_absorb___4size_t( + uint8_t input[4U][34U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + state[2U] = {uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____1 = state; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + uu____1, uu____2, + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____3 = &state[1U]; + Eurydice_slice uu____4 = + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + uu____3, uu____4, + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy( + lit.shake128_state, state, + (size_t)2U * + sizeof( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t)); + return lit; +} + +static inline void shake128_squeeze_three_blocks___4size_t( + Simd128Hash *self, uint8_t ret[4U][504U]) { + uint8_t out[4U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = self->shake128_state; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + uu____0, uu____1, + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &self->shake128_state[1U]; + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + uu____2, uu____3, + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____4[504U]; + memcpy(uu____4, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____4, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____5[504U]; + memcpy(uu____5, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____5, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____6[504U]; + memcpy(uu____6, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____6, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____7[504U]; + memcpy(uu____7, out3, (size_t)504U * sizeof(uint8_t)); + memcpy(out[3U], uu____7, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_504size_t( + uint8_t randomness[4U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)504U, randomness[i1], + (CLITERAL(core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + (CLITERAL(core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static inline void shake128_squeeze_block___4size_t(Simd128Hash *self, + uint8_t ret[4U][168U]) { + uint8_t out[4U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = self->shake128_state; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + uu____0, uu____1, + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &self->shake128_state[1U]; + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + uu____2, uu____3, + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____4[168U]; + memcpy(uu____4, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____4, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____5[168U]; + memcpy(uu____5, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____5, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____6[168U]; + memcpy(uu____6, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____6, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____7[168U]; + memcpy(uu____7, out3, (size_t)168U * sizeof(uint8_t)); + memcpy(out[3U], uu____7, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_168size_t( + uint8_t randomness[4U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)168U, randomness[i1], + (CLITERAL(core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + (CLITERAL(core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t0( + int16_t s[272U]) { + return from_i16_array__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_array_to_subslice((size_t)272U, s, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)256U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[4U]) { + size_t sampled_coefficients[4U] = {0U}; + int16_t out[4U][272U] = {{0U}}; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb___4size_t(uu____0); + uint8_t randomness0[4U][504U]; + shake128_squeeze_three_blocks___4size_t(&xof_state, randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + bool done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_504size_t( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[4U][168U]; + shake128_squeeze_block___4size_t(&xof_state, randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_168size_t( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret0[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t0( + uu____3[i]);); + memcpy( + ret, ret0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[4U][4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + A_transpose[4U][4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + A_transpose[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + sampled[4U]; + sample_from_xof__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + uu____1, sampled); + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy( + ret, A_transpose, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [4U])); +} + +typedef struct + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t__uint8_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + fst[4U]; + uint8_t snd; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t__uint8_t; + +static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + uint8_t out[4U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____0, uu____1, uu____2, + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____3, uu____4, uu____5, + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____6[128U]; + memcpy(uu____6, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____6, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____7[128U]; + memcpy(uu____7, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____7, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____8[128U]; + memcpy(uu____8, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____8, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____9[128U]; + memcpy(uu____9, out3, (size_t)128U * sizeof(uint8_t)); + memcpy(out[3U], uu____9, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + re_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____2[4U]; + memcpy( + uu____2, re_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + lit.snd = domain_separator; + return lit; +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___add( + self->coefficients[i0], &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ( + *matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + result[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [4U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *row = matrix_A[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + &result[i1], &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 +generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G___4size_t(key_generation_seed, hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( + uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + secret_as_ntt[4U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + error_as_ntt[4U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( + uu____3, domain_separator) + .fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + t_as_ntt[4U]; + compute_As_plus_e__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____4[4U]; + memcpy( + uu____4, t_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1536size_t_1568size_t( + uu____4, seed_for_A, public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____5[4U]; + memcpy( + uu____5, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1536size_t( + uu____5, secret_key_serialized); + uint8_t uu____6[1536U]; + memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____7[1568U]; + memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; + memcpy(lit.fst, uu____6, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)1568U * sizeof(uint8_t)); + return lit; +} + +static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_neon_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { + uint8_t out[3168U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)3168U, uu____0, + (CLITERAL(core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)3168U, uu____3, + (CLITERAL(core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)3168U, out, + (CLITERAL(core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[32U]; + H___4size_t(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)3168U, uu____7, + (CLITERAL(core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len( + implicit_rejection_value, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); +} + +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = + generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); + Eurydice_slice uu____1 = Eurydice_array_to_slice( + (size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[3168U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t( + uu____1, + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____2[3168U]; + memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( + uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; + uint8_t uu____4[1568U]; + memcpy(uu____4, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( + uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( + uu____4)); +} + +static inline void +entropy_preprocess__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + Eurydice_slice randomness, uint8_t ret[32U]) { + uint8_t ret0[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_1536size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + deserialized_pk[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + error_1[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + error_1[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____2[4U]; + memcpy( + uu____2, error_1, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + lit.snd = domain_separator; + return lit; +} + +static inline void PRF___4size_t_128size_t(Eurydice_slice input, + uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + uint8_t dummy[128U] = {0U}; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____0, uu____1, uu____2, + Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(re); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ( + *a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + result[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [4U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *row = a_as_ntt[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + &result[i1], &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + &result[i1]); + add_error_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compute_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + &result); + result = + add_message_error_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + error_2, message, result); + return result; +} + +static inline void +compress_then_serialize_11__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re, + uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + compress___11int32_t0( + to_unsigned_representative__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_11( + coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)352U, serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)22U * i0, .end = (size_t)22U * i0 + (size_t)22U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); +} + +static inline void +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re, + uint8_t ret[352U]) { + uint8_t uu____0[352U]; + compress_then_serialize_11__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_352size_t( + re, uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + input[4U], + Eurydice_slice out) { + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * ((size_t)1408U / (size_t)4U), + .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[352U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_11size_t_352size_t( + &re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_5size_t_160size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re, + Eurydice_slice out) { + compress_then_serialize_5__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + re, out); +} + +static void +encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1568U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + t_as_ntt[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_1536size_t_4size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + A_transpose[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + ret0, false, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( + uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + r_as_ntt[4U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + error_1[4U]; + memcpy( + error_1, uu____3.fst, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF___4size_t_128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + u[4U]; + compute_vector_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + A_transpose, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + v = compute_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1568U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____5[4U]; + memcpy( + uu____5, u, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + compress_then_serialize_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1408size_t_11size_t_352size_t( + uu____5, Eurydice_array_to_subslice( + (size_t)1568U, ciphertext, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)1408U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_5size_t_160size_t( + uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); +} + +static inline void +kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t( + Eurydice_slice shared_secret, uint8_t ret[32U]) { + uint8_t ret0[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H___4size_t( + Eurydice_array_to_slice( + (size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___4size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + public_key), + uint8_t, Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( + uu____4); + uint8_t shared_secret_array[32U]; + kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t( + shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_11size_t( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0; + uu____0 = + deserialize_then_decompress_11__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + serialized); + return uu____0; +} + +static inline void +ntt_vector_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_11size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)4U); + ntt_at_layer_3__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(&zeta_i, + re); + ntt_at_layer_2__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(&zeta_i, + re); + ntt_at_layer_1__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(&zeta_i, + re); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(re); +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1568size_t_11size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + u_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + u_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice( + (size_t)1568U, ciphertext, + (CLITERAL(core_ops_range_Range__size_t){ + .start = + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U), + .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_11size_t( + u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_11size_t( + &u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_5size_t( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0; + uu____0 = + deserialize_then_decompress_5__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + serialized); + return uu____0; +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + secret_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compute_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + &result); + result = + subtract_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + v, result); + return result; +} + +static void +decrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + u_as_ntt[4U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1568size_t_11size_t( + ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_5size_t( + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + secret_as_ntt[4U]; + deserialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + message = + compute_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + &v, secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void PRF___4size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + uint8_t dummy[32U] = {0U}; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____0, uu____1, uu____2, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1536U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)1568U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G___4size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array___1600size_t(implicit_rejection_value, + to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF___4size_t_32size_t( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____5, uu____6, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( + uu____7, Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, + uint8_t, Eurydice_slice)); + uint8_t implicit_rejection_shared_secret[32U]; + kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t( + shared_secret0, shared_secret); + Eurydice_slice uu____9 = Eurydice_array_to_slice((size_t)32U, shared_secret, + uint8_t, Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____9, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_800size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + deserialized_pk[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline void +serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + key[2U], + uint8_t ret[768U]) { + uint8_t out[768U] = {0U}; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)768U, out, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = (i0 + (size_t)1U) * + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); +} + +static inline void +serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_800size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + t_as_ntt[2U], + Eurydice_slice seed_for_a, uint8_t ret[800U]) { + uint8_t public_key_serialized[800U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)800U, public_key_serialized, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)768U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____1[2U]; + memcpy( + uu____1, t_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t ret0[768U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t( + uu____1, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, + (size_t)768U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); +} + +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_800size_t( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + deserialized_pk[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_800size_t_2size_t( + Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0[2U]; + memcpy( + uu____0, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_800size_t( + uu____0, + Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { + uint8_t digest[64U] = {0U}; + libcrux_sha3_neon_sha512( + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); +} + +static void +closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret0[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + memcpy( + ret, ret0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline Simd128Hash shake128_init_absorb___2size_t( + uint8_t input[2U][34U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + uu____0 = libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + state[2U] = {uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____1 = state; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + uu____1, uu____2, + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy( + lit.shake128_state, state, + (size_t)2U * + sizeof( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t)); + return lit; +} + +static inline void shake128_squeeze_three_blocks___2size_t( + Simd128Hash *self, uint8_t ret[2U][504U]) { + uint8_t out[2U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[504U], void *); + uint8_t out3[504U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[504U], void *); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = self->shake128_state; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + uu____0, uu____1, + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____2[504U]; + memcpy(uu____2, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____2, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____3[504U]; + memcpy(uu____3, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____3, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_504size_t( + uint8_t randomness[2U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)504U, randomness[i1], + (CLITERAL(core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + (CLITERAL(core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static inline void shake128_squeeze_block___2size_t(Simd128Hash *self, + uint8_t ret[2U][168U]) { + uint8_t out[2U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[168U], void *); + uint8_t out3[168U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[168U], void *); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = self->shake128_state; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + uu____0, uu____1, + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____2[168U]; + memcpy(uu____2, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____2, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____3[168U]; + memcpy(uu____3, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____3, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); +} + +static inline bool +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_168size_t( + uint8_t randomness[2U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)168U, randomness[i1], + (CLITERAL(core_ops_range_Range__size_t){ + .start = r * (size_t)24U, + .end = r * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + size_t sampled = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___rej_sample( + uu____0, + Eurydice_array_to_subslice( + (size_t)272U, out[i1], + (CLITERAL(core_ops_range_Range__size_t){ + .start = sampled_coefficients[i1], + .end = sampled_coefficients[i1] + (size_t)16U}), + int16_t, core_ops_range_Range__size_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t0( + int16_t s[272U]) { + return from_i16_array__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_array_to_subslice((size_t)272U, s, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)256U}), + int16_t, core_ops_range_Range__size_t, + Eurydice_slice)); +} + +static inline void +sample_from_xof__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[2U]) { + size_t sampled_coefficients[2U] = {0U}; + int16_t out[2U][272U] = {{0U}}; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb___2size_t(uu____0); + uint8_t randomness0[2U][504U]; + shake128_squeeze_three_blocks___2size_t(&xof_state, randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + bool done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_504size_t( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[2U][168U]; + shake128_squeeze_block___2size_t(&xof_state, randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + done = + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_168size_t( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret0[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = + closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t0( + uu____3[i]);); + memcpy( + ret, ret0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline void +sample_matrix_A__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[2U][2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + A_transpose[2U][2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + A_transpose[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + sampled[2U]; + sample_from_xof__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + uu____1, sampled); + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy( + ret, A_transpose, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [2U])); +} + +typedef struct + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t__uint8_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + fst[2U]; + uint8_t snd; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t__uint8_t; + +static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + uint8_t out[2U][192U] = {{0U}}; + uint8_t out0[192U] = {0U}; + uint8_t out1[192U] = {0U}; + uint8_t out2[192U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[192U], void *); + uint8_t out3[192U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[192U], void *); + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____0, uu____1, uu____2, + Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____3[192U]; + memcpy(uu____3, out0, (size_t)192U * sizeof(uint8_t)); + memcpy(out[0U], uu____3, (size_t)192U * sizeof(uint8_t)); + uint8_t uu____4[192U]; + memcpy(uu____4, out1, (size_t)192U * sizeof(uint8_t)); + memcpy(out[1U], uu____4, (size_t)192U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + Eurydice_slice randomness) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0; + uu____0 = + sample_from_binomial_distribution_3__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + randomness); + return uu____0; +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + re_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][192U]; + PRFxN___2size_t_192size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____2[2U]; + memcpy( + uu____2, re_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + lit.snd = domain_separator; + return lit; +} + +static inline void +add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___add( + self->coefficients[i0], &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +static inline void +compute_As_plus_e__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ( + *matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + result[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [2U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *row = matrix_A[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *matrix_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + &result[i1], &product); + } + add_standard_error_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static libcrux_ml_kem_utils_extraction_helper_Keypair512 +generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G___2size_t(key_generation_seed, hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); + sample_matrix_A__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t__uint8_t + uu____2 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( + uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + secret_as_ntt[2U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + error_as_ntt[2U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( + uu____3, domain_separator) + .fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + t_as_ntt[2U]; + compute_As_plus_e__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____4[2U]; + memcpy( + uu____4, t_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_800size_t( + uu____4, seed_for_A, public_key_serialized); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____5[2U]; + memcpy( + uu____5, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t secret_key_serialized[768U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t( + uu____5, secret_key_serialized); + uint8_t uu____6[768U]; + memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____7[800U]; + memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; + memcpy(lit.fst, uu____6, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____7, (size_t)800U * sizeof(uint8_t)); + return lit; +} + +static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_neon_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { + uint8_t out[1632U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1632U, uu____0, + (CLITERAL(core_ops_range_Range__size_t){ + .start = uu____1, + .end = uu____2 + + core_slice___Slice_T___len(private_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1632U, uu____3, + (CLITERAL(core_ops_range_Range__size_t){ + .start = uu____4, + .end = uu____5 + + core_slice___Slice_T___len(public_key, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)1632U, out, + (CLITERAL(core_ops_range_Range__size_t){ + .start = pointer, + .end = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret0[32U]; + H___2size_t(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)1632U, uu____7, + (CLITERAL(core_ops_range_Range__size_t){ + .start = uu____8, + .end = uu____9 + core_slice___Slice_T___len( + implicit_rejection_value, uint8_t, size_t)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); +} + +libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = + generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); + Eurydice_slice uu____1 = Eurydice_array_to_slice( + (size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); + uint8_t secret_key_serialized[1632U]; + serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t( + uu____1, + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____2[1632U]; + memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t private_key = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( + uu____2); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; + uint8_t uu____4[800U]; + memcpy(uu____4, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( + uu____3, + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( + uu____4)); +} + +static inline void +entropy_preprocess__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + Eurydice_slice randomness, uint8_t ret[32U]) { + uint8_t ret0[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_768size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + deserialized_pk[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + uint8_t out[2U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[128U], void *); + uint8_t out3[128U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[128U], void *); + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____0, uu____1, uu____2, + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____3[128U]; + memcpy(uu____3, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____3, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____4[128U]; + memcpy(uu____4, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____4, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_128size_t_2size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + error_1[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + error_1[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][128U]; + PRFxN___2size_t_128size_t(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____1 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____2[2U]; + memcpy( + uu____2, error_1, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t__uint8_t + lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + lit.snd = domain_separator; + return lit; +} + +static inline void PRF___2size_t_128size_t(Eurydice_slice input, + uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + uint8_t dummy[128U] = {0U}; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____0, uu____1, uu____2, + Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +static inline void +invert_ntt_montgomery__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &zeta_i, re, (size_t)7U); + poly_barrett_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(re); +} + +static inline void +compute_vector_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ( + *a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + result[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for ( + size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [2U], + size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *row = a_as_ntt[i1]; + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + &result[i1], &product); + } + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + &result[i1]); + add_error_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compute_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + &result); + result = + add_message_error_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + error_2, message, result); + return result; +} + +static void +compress_then_serialize_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + input[2U], + Eurydice_slice out) { + for ( + size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice( + out, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * ((size_t)640U / (size_t)2U), + .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_10size_t_320size_t( + &re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +static void +encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[768U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + t_as_ntt[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_768size_t_2size_t( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + A_transpose[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + ret0, false, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t__uint8_t + uu____1 = + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( + uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + r_as_ntt[2U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t__uint8_t + uu____3 = + sample_ring_element_cbd__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_128size_t_2size_t( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + error_1[2U]; + memcpy( + error_1, uu____3.fst, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF___2size_t_128size_t( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + error_2 = + sample_from_binomial_distribution__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + u[2U]; + compute_vector_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + A_transpose, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + message_as_ring_element = + deserialize_then_decompress_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + v = compute_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[768U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____5[2U]; + memcpy( + uu____5, u, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + compress_then_serialize_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_640size_t_10size_t_320size_t( + uu____5, Eurydice_array_to_subslice( + (size_t)768U, ciphertext, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)640U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____6 = v; + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_128size_t( + uu____6, + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); +} + +static inline void +kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t( + Eurydice_slice shared_secret, uint8_t ret[32U]) { + uint8_t ret0[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H___2size_t( + Eurydice_array_to_slice( + (size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___2size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)800U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___800size_t( + public_key), + uint8_t, Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t ciphertext0 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( + uu____4); + uint8_t shared_secret_array[32U]; + kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t( + shared_secret, shared_secret_array); + libcrux_ml_kem_types_MlKemCiphertext____768size_t uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static inline void +deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_10size_t( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + u_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + u_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice( + (size_t)768U, ciphertext, + (CLITERAL(core_ops_range_Range__size_t){ + .start = + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + .end = i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_10size_t( + u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_10size_t( + &u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + secret_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compute_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + result = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + product = + ntt_multiply__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + &result); + result = + subtract_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + v, result); + return result; +} + +static void +decrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + u_as_ntt[2U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_10size_t( + ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + secret_as_ntt[2U]; + deserialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + message = + compute_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + &v, secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void PRF___2size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + uint8_t dummy[32U] = {0U}; + Eurydice_slice uu____0 = input; + Eurydice_slice uu____1 = input; + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice); + libcrux_sha3_neon_x2_shake256( + uu____0, uu____1, uu____2, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)768U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)800U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G___2size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array___800size_t(implicit_rejection_value, + to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF___2size_t_32size_t( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____5, uu____6, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____7 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( + uu____7, Eurydice_array_to_slice((size_t)768U, expected_ciphertext, + uint8_t, Eurydice_slice)); + uint8_t implicit_rejection_shared_secret[32U]; + kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t( + shared_secret0, shared_secret); + Eurydice_slice uu____9 = Eurydice_array_to_slice((size_t)32U, shared_secret, + uint8_t, Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____9, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h new file mode 100644 index 000000000..0d427dbd8 --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -0,0 +1,301 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d + */ + +#ifndef __libcrux_mlkem_neon_H +#define __libcrux_mlkem_neon_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" +#include "libcrux_core.h" +#include "libcrux_mlkem_portable.h" +#include "libcrux_sha3_neon.h" + +typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_s { + core_core_arch_arm_shared_neon_int16x8_t low; + core_core_arch_arm_shared_neon_int16x8_t high; +} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector; + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_ZERO(void); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ZERO( + void); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___from_i16_array( + Eurydice_slice array); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_add( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___add( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_sub( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___sub( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___cond_subtract_3329( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +#define LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int16_t)20159) + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___barrett_reduce( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t low, + core_core_arch_arm_shared_neon_int16x8_t high); + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___compress_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +int16_t libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + int16_t coefficient_bits); + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, + core_core_arch_arm_shared_neon_int16x8_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_multiply( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___ntt_multiply( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +void libcrux_ml_kem_vector_neon_serialize_serialize_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]); + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_1( + Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_4( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]); + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_4( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_4( + Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]); + +void libcrux_ml_kem_vector_neon_serialize_serialize_5( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]); + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_5( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_5( + Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_10( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]); + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_10( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_10( + Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_11( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]); + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_11( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_11( + Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_12( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]); + +void libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___serialize_12( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_12( + Eurydice_slice a); + +size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, + Eurydice_slice result); + +size_t +libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___rej_sample( + Eurydice_slice a, Eurydice_slice out); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type___core__clone__Clone_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___clone( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self); + +typedef struct + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_s { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector; + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem_neon_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 4e0f1677d..1c2f4d186 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #include "internal/libcrux_mlkem_portable.h" @@ -44,524 +44,9 @@ const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = { (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; -const uint8_t - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE - [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, - 255U, 255U, 255U}, - {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 255U, 255U}, - {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, - 15U, 255U, 255U}, - {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 14U, 15U}}; - -inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_zero( - void) { - libcrux_ml_kem_vector_portable_PortableVector lit; +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; lit.elements[0U] = (int16_t)0; lit.elements[1U] = (int16_t)0; lit.elements[2U] = (int16_t)0; @@ -581,15 +66,16 @@ inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_zero( return lit; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO( void) { - return libcrux_ml_kem_vector_zero(); + return libcrux_ml_kem_vector_portable_vector_type_zero(); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_from_i16_array(Eurydice_slice array) { - libcrux_ml_kem_vector_portable_PortableVector lit; +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_from_i16_array( + Eurydice_slice array) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; int16_t ret[16U]; core_result_Result__int16_t_16size_t__core_array_TryFromSliceError dst; Eurydice_slice_to_array2( @@ -606,15 +92,16 @@ libcrux_ml_kem_vector_from_i16_array(Eurydice_slice array) { return lit; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___from_i16_array( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___from_i16_array( Eurydice_slice array) { - return libcrux_ml_kem_vector_from_i16_array(array); + return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); } -inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_add( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -624,16 +111,17 @@ inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_add( return lhs; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs) { - return libcrux_ml_kem_vector_add(lhs, rhs); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + return libcrux_ml_kem_vector_portable_arithmetic_add(lhs, rhs); } -inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_sub( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_sub( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -643,16 +131,16 @@ inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_sub( return lhs; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs) { - return libcrux_ml_kem_vector_sub(lhs, rhs); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___sub( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + return libcrux_ml_kem_vector_portable_arithmetic_sub(lhs, rhs); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -662,15 +150,15 @@ libcrux_ml_kem_vector_multiply_by_constant( return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c) { - return libcrux_ml_kem_vector_multiply_by_constant(v, c); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(v, c); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -680,15 +168,16 @@ libcrux_ml_kem_vector_bitwise_and_with_constant( return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c) { - return libcrux_ml_kem_vector_bitwise_and_with_constant(v, c); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___bitwise_and_with_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + return libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(v, + c); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_cond_subtract_3329( - libcrux_ml_kem_vector_portable_PortableVector v) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( (CLITERAL(core_ops_range_Range__size_t){ @@ -711,78 +200,92 @@ libcrux_ml_kem_vector_cond_subtract_3329( } } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___cond_subtract_3329( - libcrux_ml_kem_vector_portable_PortableVector v) { - return libcrux_ml_kem_vector_cond_subtract_3329(v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___cond_subtract_3329( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); } -int16_t libcrux_ml_kem_vector_barrett_reduce_element(int16_t value) { - int32_t t = (int32_t)value * LIBCRUX_ML_KEM_VECTOR_BARRETT_MULTIPLIER + - (LIBCRUX_ML_KEM_VECTOR_BARRETT_R >> 1U); +int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + int16_t value) { + int32_t t = (int32_t)value * + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER + + (LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R >> 1U); int16_t quotient = - (int16_t)(t >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT); + (int16_t)(t >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT); return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_barrett_reduce( - libcrux_ml_kem_vector_portable_PortableVector v) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int16_t uu____0 = - libcrux_ml_kem_vector_barrett_reduce_element(v.elements[i0]); + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[i0]); v.elements[i0] = uu____0; } return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( - libcrux_ml_kem_vector_portable_PortableVector v) { - return libcrux_ml_kem_vector_barrett_reduce(v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); } -int16_t libcrux_ml_kem_vector_montgomery_reduce_element(int32_t value) { +int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + int32_t value) { int32_t k = (int32_t)(int16_t)value * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; int32_t k_times_modulus = (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - int16_t c = (int16_t)(k_times_modulus >> - (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT); + int16_t c = + (int16_t)(k_times_modulus >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); int16_t value_high = - (int16_t)(value >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT); + (int16_t)(value >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); return value_high - c; } -inline int16_t libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( +inline int16_t +libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer) { - return libcrux_ml_kem_vector_montgomery_reduce_element((int32_t)fe * - (int32_t)fer); + return libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)fe * (int32_t)fer); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int16_t uu____0 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[i0], c); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[i0], c); v.elements[i0] = uu____0; } return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t r) { - return libcrux_ml_kem_vector_montgomery_multiply_by_constant(v, r); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___montgomery_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r) { + return libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( + v, r); } -uint8_t libcrux_ml_kem_vector_compress_message_coefficient(uint16_t fe) { +uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( + uint16_t fe) { int16_t shifted = (int16_t)1664 - (int16_t)fe; int16_t mask = shifted >> 15U; int16_t shifted_to_positive = mask ^ shifted; @@ -790,80 +293,91 @@ uint8_t libcrux_ml_kem_vector_compress_message_coefficient(uint16_t fe) { return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_compress_1( - libcrux_ml_kem_vector_portable_PortableVector v) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_compress_compress_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - uint8_t uu____0 = libcrux_ml_kem_vector_compress_message_coefficient( - (uint16_t)v.elements[i0]); + uint8_t uu____0 = + libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( + (uint16_t)v.elements[i0]); v.elements[i0] = (int16_t)uu____0; } return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___compress_1( - libcrux_ml_kem_vector_portable_PortableVector v) { - return libcrux_ml_kem_vector_compress_1(v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___compress_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_compress_compress_1(v); } -inline uint32_t libcrux_ml_kem_vector_get_n_least_significant_bits( +inline uint32_t +libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( uint8_t n, uint32_t value) { return value & ((1U << (uint32_t)n) - 1U); } -int16_t libcrux_ml_kem_vector_compress_ciphertext_coefficient( +int16_t libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( uint8_t coefficient_bits, uint16_t fe) { uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; compressed = compressed + 1664ULL; compressed = compressed * 10321340ULL; compressed = compressed >> 35U; - return (int16_t)libcrux_ml_kem_vector_get_n_least_significant_bits( - coefficient_bits, (uint32_t)compressed); + return (int16_t) + libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( + coefficient_bits, (uint32_t)compressed); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - int16_t t = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[2U], zeta0); + int16_t t = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[2U], zeta0); v.elements[2U] = v.elements[0U] - t; v.elements[0U] = v.elements[0U] + t; - int16_t t0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[3U], zeta0); + int16_t t0 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[3U], zeta0); v.elements[3U] = v.elements[1U] - t0; v.elements[1U] = v.elements[1U] + t0; - int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[6U], zeta1); + int16_t t1 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[6U], zeta1); v.elements[6U] = v.elements[4U] - t1; v.elements[4U] = v.elements[4U] + t1; - int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[7U], zeta1); + int16_t t2 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[7U], zeta1); v.elements[7U] = v.elements[5U] - t2; v.elements[5U] = v.elements[5U] + t2; - int16_t t3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[(size_t)8U + (size_t)2U], zeta2); + int16_t t3 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)2U], zeta2); v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)0U] - t3; v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + t3; - int16_t t4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[(size_t)8U + (size_t)3U], zeta2); + int16_t t4 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)3U], zeta2); v.elements[(size_t)8U + (size_t)3U] = v.elements[(size_t)8U + (size_t)1U] - t4; v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + t4; - int16_t t5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[(size_t)8U + (size_t)6U], zeta3); + int16_t t5 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)6U], zeta3); v.elements[(size_t)8U + (size_t)6U] = v.elements[(size_t)8U + (size_t)4U] - t5; v.elements[(size_t)8U + (size_t)4U] = v.elements[(size_t)8U + (size_t)4U] + t5; - int16_t t6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[(size_t)8U + (size_t)7U], zeta3); + int16_t t6 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)7U], zeta3); v.elements[(size_t)8U + (size_t)7U] = v.elements[(size_t)8U + (size_t)5U] - t6; v.elements[(size_t)8U + (size_t)5U] = @@ -871,53 +385,62 @@ libcrux_ml_kem_vector_ntt_layer_1_step( return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3); + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(a, zeta0, zeta1, + zeta2, zeta3); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, int16_t zeta1) { - int16_t t = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[4U], zeta0); + int16_t t = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[4U], zeta0); v.elements[4U] = v.elements[0U] - t; v.elements[0U] = v.elements[0U] + t; - int16_t t0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[5U], zeta0); + int16_t t0 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[5U], zeta0); v.elements[5U] = v.elements[1U] - t0; v.elements[1U] = v.elements[1U] + t0; - int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[6U], zeta0); + int16_t t1 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[6U], zeta0); v.elements[6U] = v.elements[2U] - t1; v.elements[2U] = v.elements[2U] + t1; - int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[7U], zeta0); + int16_t t2 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[7U], zeta0); v.elements[7U] = v.elements[3U] - t2; v.elements[3U] = v.elements[3U] + t2; - int16_t t3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[(size_t)8U + (size_t)4U], zeta1); + int16_t t3 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)4U], zeta1); v.elements[(size_t)8U + (size_t)4U] = v.elements[(size_t)8U + (size_t)0U] - t3; v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + t3; - int16_t t4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[(size_t)8U + (size_t)5U], zeta1); + int16_t t4 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)5U], zeta1); v.elements[(size_t)8U + (size_t)5U] = v.elements[(size_t)8U + (size_t)1U] - t4; v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + t4; - int16_t t5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[(size_t)8U + (size_t)6U], zeta1); + int16_t t5 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)6U], zeta1); v.elements[(size_t)8U + (size_t)6U] = v.elements[(size_t)8U + (size_t)2U] - t5; v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)2U] + t5; - int16_t t6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[(size_t)8U + (size_t)7U], zeta1); + int16_t t6 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)7U], zeta1); v.elements[(size_t)8U + (size_t)7U] = v.elements[(size_t)8U + (size_t)3U] - t6; v.elements[(size_t)8U + (size_t)3U] = @@ -925,274 +448,320 @@ libcrux_ml_kem_vector_ntt_layer_2_step( return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1) { - return libcrux_ml_kem_vector_ntt_layer_2_step(a, zeta0, zeta1); + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(a, zeta0, zeta1); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { int16_t t = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[8U], zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[8U], zeta); v.elements[8U] = v.elements[0U] - t; v.elements[0U] = v.elements[0U] + t; int16_t t0 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[9U], zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[9U], zeta); v.elements[9U] = v.elements[1U] - t0; v.elements[1U] = v.elements[1U] + t0; - int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[10U], zeta); + int16_t t1 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[10U], zeta); v.elements[10U] = v.elements[2U] - t1; v.elements[2U] = v.elements[2U] + t1; - int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[11U], zeta); + int16_t t2 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[11U], zeta); v.elements[11U] = v.elements[3U] - t2; v.elements[3U] = v.elements[3U] + t2; - int16_t t3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[12U], zeta); + int16_t t3 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[12U], zeta); v.elements[12U] = v.elements[4U] - t3; v.elements[4U] = v.elements[4U] + t3; - int16_t t4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[13U], zeta); + int16_t t4 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[13U], zeta); v.elements[13U] = v.elements[5U] - t4; v.elements[5U] = v.elements[5U] + t4; - int16_t t5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[14U], zeta); + int16_t t5 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[14U], zeta); v.elements[14U] = v.elements[6U] - t5; v.elements[6U] = v.elements[6U] + t5; - int16_t t6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[15U], zeta); + int16_t t6 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[15U], zeta); v.elements[15U] = v.elements[7U] - t6; v.elements[7U] = v.elements[7U] + t6; return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta) { - return libcrux_ml_kem_vector_ntt_layer_3_step(a, zeta); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(a, zeta); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { int16_t a_minus_b = v.elements[2U] - v.elements[0U]; - int16_t uu____0 = libcrux_ml_kem_vector_barrett_reduce_element( - v.elements[0U] + v.elements[2U]); + int16_t uu____0 = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[0U] + v.elements[2U]); v.elements[0U] = uu____0; int16_t uu____1 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta0); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b, zeta0); v.elements[2U] = uu____1; int16_t a_minus_b0 = v.elements[3U] - v.elements[1U]; - int16_t uu____2 = libcrux_ml_kem_vector_barrett_reduce_element( - v.elements[1U] + v.elements[3U]); + int16_t uu____2 = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[1U] + v.elements[3U]); v.elements[1U] = uu____2; int16_t uu____3 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b0, zeta0); v.elements[3U] = uu____3; int16_t a_minus_b1 = v.elements[6U] - v.elements[4U]; - int16_t uu____4 = libcrux_ml_kem_vector_barrett_reduce_element( - v.elements[4U] + v.elements[6U]); + int16_t uu____4 = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[4U] + v.elements[6U]); v.elements[4U] = uu____4; int16_t uu____5 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta1); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b1, zeta1); v.elements[6U] = uu____5; int16_t a_minus_b2 = v.elements[7U] - v.elements[5U]; - int16_t uu____6 = libcrux_ml_kem_vector_barrett_reduce_element( - v.elements[5U] + v.elements[7U]); + int16_t uu____6 = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[5U] + v.elements[7U]); v.elements[5U] = uu____6; int16_t uu____7 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta1); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b2, zeta1); v.elements[7U] = uu____7; int16_t a_minus_b3 = v.elements[(size_t)8U + (size_t)2U] - v.elements[(size_t)8U + (size_t)0U]; - int16_t uu____8 = libcrux_ml_kem_vector_barrett_reduce_element( - v.elements[(size_t)8U + (size_t)0U] + - v.elements[(size_t)8U + (size_t)2U]); + int16_t uu____8 = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[(size_t)8U + (size_t)0U] + + v.elements[(size_t)8U + (size_t)2U]); v.elements[(size_t)8U + (size_t)0U] = uu____8; int16_t uu____9 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta2); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b3, zeta2); v.elements[(size_t)8U + (size_t)2U] = uu____9; int16_t a_minus_b4 = v.elements[(size_t)8U + (size_t)3U] - v.elements[(size_t)8U + (size_t)1U]; - int16_t uu____10 = libcrux_ml_kem_vector_barrett_reduce_element( - v.elements[(size_t)8U + (size_t)1U] + - v.elements[(size_t)8U + (size_t)3U]); + int16_t uu____10 = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[(size_t)8U + (size_t)1U] + + v.elements[(size_t)8U + (size_t)3U]); v.elements[(size_t)8U + (size_t)1U] = uu____10; int16_t uu____11 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta2); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b4, zeta2); v.elements[(size_t)8U + (size_t)3U] = uu____11; int16_t a_minus_b5 = v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)4U]; - int16_t uu____12 = libcrux_ml_kem_vector_barrett_reduce_element( - v.elements[(size_t)8U + (size_t)4U] + - v.elements[(size_t)8U + (size_t)6U]); + int16_t uu____12 = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[(size_t)8U + (size_t)4U] + + v.elements[(size_t)8U + (size_t)6U]); v.elements[(size_t)8U + (size_t)4U] = uu____12; int16_t uu____13 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta3); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b5, zeta3); v.elements[(size_t)8U + (size_t)6U] = uu____13; int16_t a_minus_b6 = v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)5U]; - int16_t uu____14 = libcrux_ml_kem_vector_barrett_reduce_element( - v.elements[(size_t)8U + (size_t)5U] + - v.elements[(size_t)8U + (size_t)7U]); + int16_t uu____14 = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[(size_t)8U + (size_t)5U] + + v.elements[(size_t)8U + (size_t)7U]); v.elements[(size_t)8U + (size_t)5U] = uu____14; int16_t uu____15 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta3); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b6, zeta3); v.elements[(size_t)8U + (size_t)7U] = uu____15; return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_inv_ntt_layer_1_step(a, zeta0, zeta1, zeta2, - zeta3); + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( + a, zeta0, zeta1, zeta2, zeta3); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, int16_t zeta1) { int16_t a_minus_b = v.elements[4U] - v.elements[0U]; v.elements[0U] = v.elements[0U] + v.elements[4U]; int16_t uu____0 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta0); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b, zeta0); v.elements[4U] = uu____0; int16_t a_minus_b0 = v.elements[5U] - v.elements[1U]; v.elements[1U] = v.elements[1U] + v.elements[5U]; int16_t uu____1 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b0, zeta0); v.elements[5U] = uu____1; int16_t a_minus_b1 = v.elements[6U] - v.elements[2U]; v.elements[2U] = v.elements[2U] + v.elements[6U]; int16_t uu____2 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta0); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b1, zeta0); v.elements[6U] = uu____2; int16_t a_minus_b2 = v.elements[7U] - v.elements[3U]; v.elements[3U] = v.elements[3U] + v.elements[7U]; int16_t uu____3 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta0); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b2, zeta0); v.elements[7U] = uu____3; int16_t a_minus_b3 = v.elements[(size_t)8U + (size_t)4U] - v.elements[(size_t)8U + (size_t)0U]; v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + v.elements[(size_t)8U + (size_t)4U]; int16_t uu____4 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta1); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b3, zeta1); v.elements[(size_t)8U + (size_t)4U] = uu____4; int16_t a_minus_b4 = v.elements[(size_t)8U + (size_t)5U] - v.elements[(size_t)8U + (size_t)1U]; v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + v.elements[(size_t)8U + (size_t)5U]; int16_t uu____5 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta1); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b4, zeta1); v.elements[(size_t)8U + (size_t)5U] = uu____5; int16_t a_minus_b5 = v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)2U]; v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)2U] + v.elements[(size_t)8U + (size_t)6U]; int16_t uu____6 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta1); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b5, zeta1); v.elements[(size_t)8U + (size_t)6U] = uu____6; int16_t a_minus_b6 = v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)3U]; v.elements[(size_t)8U + (size_t)3U] = v.elements[(size_t)8U + (size_t)3U] + v.elements[(size_t)8U + (size_t)7U]; int16_t uu____7 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta1); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b6, zeta1); v.elements[(size_t)8U + (size_t)7U] = uu____7; return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1) { - return libcrux_ml_kem_vector_inv_ntt_layer_2_step(a, zeta0, zeta1); + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(a, zeta0, + zeta1); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { int16_t a_minus_b = v.elements[8U] - v.elements[0U]; v.elements[0U] = v.elements[0U] + v.elements[8U]; int16_t uu____0 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b, zeta); v.elements[8U] = uu____0; int16_t a_minus_b0 = v.elements[9U] - v.elements[1U]; v.elements[1U] = v.elements[1U] + v.elements[9U]; int16_t uu____1 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b0, zeta); v.elements[9U] = uu____1; int16_t a_minus_b1 = v.elements[10U] - v.elements[2U]; v.elements[2U] = v.elements[2U] + v.elements[10U]; int16_t uu____2 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b1, zeta); v.elements[10U] = uu____2; int16_t a_minus_b2 = v.elements[11U] - v.elements[3U]; v.elements[3U] = v.elements[3U] + v.elements[11U]; int16_t uu____3 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b2, zeta); v.elements[11U] = uu____3; int16_t a_minus_b3 = v.elements[12U] - v.elements[4U]; v.elements[4U] = v.elements[4U] + v.elements[12U]; int16_t uu____4 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b3, zeta); v.elements[12U] = uu____4; int16_t a_minus_b4 = v.elements[13U] - v.elements[5U]; v.elements[5U] = v.elements[5U] + v.elements[13U]; int16_t uu____5 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b4, zeta); v.elements[13U] = uu____5; int16_t a_minus_b5 = v.elements[14U] - v.elements[6U]; v.elements[6U] = v.elements[6U] + v.elements[14U]; int16_t uu____6 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b5, zeta); v.elements[14U] = uu____6; int16_t a_minus_b6 = v.elements[15U] - v.elements[7U]; v.elements[7U] = v.elements[7U] + v.elements[15U]; int16_t uu____7 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b6, zeta); v.elements[15U] = uu____7; return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta) { - return libcrux_ml_kem_vector_inv_ntt_layer_3_step(a, zeta); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } -inline K___int16_t_int16_t libcrux_ml_kem_vector_ntt_multiply_binomials( +inline K___int16_t_int16_t +libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( K___int16_t_int16_t _, K___int16_t_int16_t _0, int16_t zeta) { int16_t a0 = _.fst; int16_t a1 = _.snd; int16_t b0 = _0.fst; int16_t b1 = _0.snd; int32_t uu____0 = (int32_t)a0 * (int32_t)b0; - int16_t uu____1 = libcrux_ml_kem_vector_montgomery_reduce_element( - uu____0 + (int32_t)libcrux_ml_kem_vector_montgomery_reduce_element( - (int32_t)a1 * (int32_t)b1) * - (int32_t)zeta); + int16_t uu____1 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + uu____0 + + (int32_t) + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a1 * (int32_t)b1) * + (int32_t)zeta); return (CLITERAL(K___int16_t_int16_t){ .fst = uu____1, - .snd = libcrux_ml_kem_vector_montgomery_reduce_element( - (int32_t)a0 * (int32_t)b1 + (int32_t)a1 * (int32_t)b0)}); -} - -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_ntt_multiply( - libcrux_ml_kem_vector_portable_PortableVector *lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_PortableVector out = - libcrux_ml_kem_vector_zero(); + .snd = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a0 * (int32_t)b1 + (int32_t)a1 * (int32_t)b0)}); +} + +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_multiply( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector out = + libcrux_ml_kem_vector_portable_vector_type_zero(); K___int16_t_int16_t lit0; lit0.fst = lhs->elements[0U]; lit0.snd = lhs->elements[1U]; @@ -1200,7 +769,8 @@ libcrux_ml_kem_vector_ntt_multiply( lit1.fst = rhs->elements[0U]; lit1.snd = rhs->elements[1U]; K___int16_t_int16_t product = - libcrux_ml_kem_vector_ntt_multiply_binomials(lit0, lit1, zeta0); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lit0, lit1, + zeta0); out.elements[0U] = product.fst; out.elements[1U] = product.snd; K___int16_t_int16_t lit2; @@ -1210,7 +780,8 @@ libcrux_ml_kem_vector_ntt_multiply( lit3.fst = rhs->elements[2U]; lit3.snd = rhs->elements[3U]; K___int16_t_int16_t product0 = - libcrux_ml_kem_vector_ntt_multiply_binomials(lit2, lit3, -zeta0); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lit2, lit3, + -zeta0); out.elements[2U] = product0.fst; out.elements[3U] = product0.snd; K___int16_t_int16_t lit4; @@ -1220,7 +791,8 @@ libcrux_ml_kem_vector_ntt_multiply( lit5.fst = rhs->elements[4U]; lit5.snd = rhs->elements[5U]; K___int16_t_int16_t product1 = - libcrux_ml_kem_vector_ntt_multiply_binomials(lit4, lit5, zeta1); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lit4, lit5, + zeta1); out.elements[4U] = product1.fst; out.elements[5U] = product1.snd; K___int16_t_int16_t lit6; @@ -1230,7 +802,8 @@ libcrux_ml_kem_vector_ntt_multiply( lit7.fst = rhs->elements[6U]; lit7.snd = rhs->elements[7U]; K___int16_t_int16_t product2 = - libcrux_ml_kem_vector_ntt_multiply_binomials(lit6, lit7, -zeta1); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lit6, lit7, + -zeta1); out.elements[6U] = product2.fst; out.elements[7U] = product2.snd; K___int16_t_int16_t lit8; @@ -1240,7 +813,8 @@ libcrux_ml_kem_vector_ntt_multiply( lit9.fst = rhs->elements[(size_t)8U + (size_t)0U]; lit9.snd = rhs->elements[(size_t)8U + (size_t)1U]; K___int16_t_int16_t product3 = - libcrux_ml_kem_vector_ntt_multiply_binomials(lit8, lit9, zeta2); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lit8, lit9, + zeta2); out.elements[(size_t)8U + (size_t)0U] = product3.fst; out.elements[(size_t)8U + (size_t)1U] = product3.snd; K___int16_t_int16_t lit10; @@ -1250,7 +824,8 @@ libcrux_ml_kem_vector_ntt_multiply( lit11.fst = rhs->elements[(size_t)8U + (size_t)2U]; lit11.snd = rhs->elements[(size_t)8U + (size_t)3U]; K___int16_t_int16_t product4 = - libcrux_ml_kem_vector_ntt_multiply_binomials(lit10, lit11, -zeta2); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lit10, lit11, + -zeta2); out.elements[(size_t)8U + (size_t)2U] = product4.fst; out.elements[(size_t)8U + (size_t)3U] = product4.snd; K___int16_t_int16_t lit12; @@ -1260,7 +835,8 @@ libcrux_ml_kem_vector_ntt_multiply( lit13.fst = rhs->elements[(size_t)8U + (size_t)4U]; lit13.snd = rhs->elements[(size_t)8U + (size_t)5U]; K___int16_t_int16_t product5 = - libcrux_ml_kem_vector_ntt_multiply_binomials(lit12, lit13, zeta3); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lit12, lit13, + zeta3); out.elements[(size_t)8U + (size_t)4U] = product5.fst; out.elements[(size_t)8U + (size_t)5U] = product5.snd; K___int16_t_int16_t lit14; @@ -1270,23 +846,25 @@ libcrux_ml_kem_vector_ntt_multiply( lit.fst = rhs->elements[(size_t)8U + (size_t)6U]; lit.snd = rhs->elements[(size_t)8U + (size_t)7U]; K___int16_t_int16_t product6 = - libcrux_ml_kem_vector_ntt_multiply_binomials(lit14, lit, -zeta3); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lit14, lit, + -zeta3); out.elements[(size_t)8U + (size_t)6U] = product6.fst; out.elements[(size_t)8U + (size_t)7U] = product6.snd; return out; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_multiply( - libcrux_ml_kem_vector_portable_PortableVector *lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2, - zeta3); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_multiply( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_portable_ntt_ntt_multiply(lhs, rhs, zeta0, zeta1, + zeta2, zeta3); } -inline void libcrux_ml_kem_vector_serialize_1( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[2U]) { +inline void libcrux_ml_kem_vector_portable_serialize_serialize_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[2U]) { uint8_t result[2U] = {0U}; KRML_MAYBE_FOR8( i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; @@ -1301,17 +879,18 @@ inline void libcrux_ml_kem_vector_serialize_1( memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); } -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_1( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[2U]) { +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[2U]) { uint8_t ret0[2U]; - libcrux_ml_kem_vector_serialize_1(a, ret0); + libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret0); memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t)); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_1(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_PortableVector result = - libcrux_ml_kem_vector_zero(); +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector result = + libcrux_ml_kem_vector_portable_vector_type_zero(); KRML_MAYBE_FOR8(i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; uint8_t *uu____0 = &Eurydice_slice_index( v, (size_t)0U, uint8_t, uint8_t *, uint8_t); @@ -1328,14 +907,15 @@ libcrux_ml_kem_vector_deserialize_1(Eurydice_slice v) { return result; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_1( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_1( Eurydice_slice a) { - return libcrux_ml_kem_vector_deserialize_1(a); + return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); } -inline void libcrux_ml_kem_vector_serialize_4( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[8U]) { +inline void libcrux_ml_kem_vector_portable_serialize_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[8U]) { uint8_t result[8U] = {0U}; result[0U] = (uint32_t)(uint8_t)v.elements[1U] << 4U | (uint32_t)(uint8_t)v.elements[0U]; @@ -1356,17 +936,18 @@ inline void libcrux_ml_kem_vector_serialize_4( memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); } -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_4( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[8U]) { +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]) { uint8_t ret0[8U]; - libcrux_ml_kem_vector_serialize_4(a, ret0); + libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_4(Eurydice_slice bytes) { - libcrux_ml_kem_vector_portable_PortableVector v = - libcrux_ml_kem_vector_zero(); +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 15U); @@ -1418,14 +999,15 @@ libcrux_ml_kem_vector_deserialize_4(Eurydice_slice bytes) { return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_4( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_4( Eurydice_slice a) { - return libcrux_ml_kem_vector_deserialize_4(a); + return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); } -inline void libcrux_ml_kem_vector_serialize_5( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[10U]) { +inline void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]) { uint8_t result[10U] = {0U}; result[0U] = (uint8_t)((v.elements[1U] & (int16_t)7) << 5U | v.elements[0U]); result[1U] = @@ -1456,17 +1038,18 @@ inline void libcrux_ml_kem_vector_serialize_5( memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); } -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_5( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[10U]) { +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]) { uint8_t ret0[10U]; - libcrux_ml_kem_vector_serialize_5(a, ret0); + libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_5(Eurydice_slice bytes) { - libcrux_ml_kem_vector_portable_PortableVector v = - libcrux_ml_kem_vector_zero(); +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 31U); @@ -1557,14 +1140,15 @@ libcrux_ml_kem_vector_deserialize_5(Eurydice_slice bytes) { return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_5( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_5( Eurydice_slice a) { - return libcrux_ml_kem_vector_deserialize_5(a); + return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); } -inline void libcrux_ml_kem_vector_serialize_10( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[20U]) { +inline void libcrux_ml_kem_vector_portable_serialize_serialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[20U]) { uint8_t result[20U] = {0U}; result[0U] = (uint8_t)(v.elements[0U] & (int16_t)255); result[1U] = (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)63) << 2U | @@ -1621,17 +1205,18 @@ inline void libcrux_ml_kem_vector_serialize_10( memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); } -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_10( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[20U]) { +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[20U]) { uint8_t ret0[20U]; - libcrux_ml_kem_vector_serialize_10(a, ret0); + libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_10(Eurydice_slice bytes) { - libcrux_ml_kem_vector_portable_PortableVector result = - libcrux_ml_kem_vector_zero(); +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector result = + libcrux_ml_kem_vector_portable_vector_type_zero(); int16_t uu____0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & (int16_t)3) @@ -1751,14 +1336,15 @@ libcrux_ml_kem_vector_deserialize_10(Eurydice_slice bytes) { return result; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_10( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_10( Eurydice_slice a) { - return libcrux_ml_kem_vector_deserialize_10(a); + return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); } -inline void libcrux_ml_kem_vector_serialize_11( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[22U]) { +inline void libcrux_ml_kem_vector_portable_serialize_serialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[22U]) { uint8_t result[22U] = {0U}; result[0U] = (uint8_t)v.elements[0U]; result[1U] = (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) << 3U | @@ -1815,17 +1401,18 @@ inline void libcrux_ml_kem_vector_serialize_11( memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); } -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_11( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[22U]) { +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[22U]) { uint8_t ret0[22U]; - libcrux_ml_kem_vector_serialize_11(a, ret0); + libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret0); memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_11(Eurydice_slice bytes) { - libcrux_ml_kem_vector_portable_PortableVector result = - libcrux_ml_kem_vector_zero(); +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector result = + libcrux_ml_kem_vector_portable_vector_type_zero(); int16_t uu____0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & (int16_t)7) @@ -1963,14 +1550,15 @@ libcrux_ml_kem_vector_deserialize_11(Eurydice_slice bytes) { return result; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_11( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_11( Eurydice_slice a) { - return libcrux_ml_kem_vector_deserialize_11(a); + return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); } -inline void libcrux_ml_kem_vector_serialize_12( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[24U]) { +inline void libcrux_ml_kem_vector_portable_serialize_serialize_12( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[24U]) { uint8_t result[24U] = {0U}; result[0U] = (uint8_t)(v.elements[0U] & (int16_t)255); result[1U] = @@ -2015,17 +1603,18 @@ inline void libcrux_ml_kem_vector_serialize_12( memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); } -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_12( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[24U]) { +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_12( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[24U]) { uint8_t ret0[24U]; - libcrux_ml_kem_vector_serialize_12(a, ret0); + libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_12(Eurydice_slice bytes) { - libcrux_ml_kem_vector_portable_PortableVector re = - libcrux_ml_kem_vector_zero(); +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector re = + libcrux_ml_kem_vector_portable_vector_type_zero(); int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, @@ -2093,14 +1682,14 @@ libcrux_ml_kem_vector_deserialize_12(Eurydice_slice bytes) { return re; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_12( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_12( Eurydice_slice a) { - return libcrux_ml_kem_vector_deserialize_12(a); + return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a); } -inline size_t libcrux_ml_kem_vector_rej_sample(Eurydice_slice a, - Eurydice_slice result) { +inline size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( + Eurydice_slice a, Eurydice_slice result) { size_t sampled = (size_t)0U; core_slice_iter_Chunks iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( @@ -2175,61 +1764,61 @@ inline size_t libcrux_ml_kem_vector_rej_sample(Eurydice_slice a, } size_t -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___rej_sample( Eurydice_slice a, Eurydice_slice out) { - return libcrux_ml_kem_vector_rej_sample(a, out); + return libcrux_ml_kem_vector_portable_sampling_rej_sample(a, out); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_portable___core__clone__Clone_for_libcrux_ml_kem__vector__portable__PortableVector___clone( - libcrux_ml_kem_vector_portable_PortableVector *self) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type___core__clone__Clone_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___clone( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *self) { return self[0U]; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -ZERO__libcrux_ml_kem_vector_portable_PortableVector(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; lit.coefficients[0U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[1U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[2U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[3U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[4U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[5U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[6U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[7U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[8U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[9U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[10U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[11U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[12U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[13U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[14U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[15U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); return lit; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -2240,11 +1829,11 @@ deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVect (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * (size_t)24U, .end = i0 * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_portable_PortableVector coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_12( + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_12( bytes); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___cond_subtract_3329( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___cond_subtract_3329( coefficient); re.coefficients[i0] = uu____0; } @@ -2252,15 +1841,16 @@ deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVect } static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1568size_t_4size_t( +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1568size_t_4size_t( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2273,9 +1863,9 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( ring_element); deserialized_pk[i0] = uu____0; } @@ -2283,11 +1873,12 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector ret, deserialized_pk, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static inline libcrux_ml_kem_vector_portable_PortableVector -shift_right___15int32_t(libcrux_ml_kem_vector_portable_PortableVector v) { +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +shift_right___15int32_t( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2296,36 +1887,38 @@ shift_right___15int32_t(libcrux_ml_kem_vector_portable_PortableVector v) { return v; } -static libcrux_ml_kem_vector_portable_PortableVector shift_right___15int32_t0( - libcrux_ml_kem_vector_portable_PortableVector v) { +static libcrux_ml_kem_vector_portable_vector_type_PortableVector +shift_right___15int32_t0( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return shift_right___15int32_t(v); } -static libcrux_ml_kem_vector_portable_PortableVector -to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_vector_portable_PortableVector a) { - libcrux_ml_kem_vector_portable_PortableVector t = shift_right___15int32_t0(a); - libcrux_ml_kem_vector_portable_PortableVector fm = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___bitwise_and_with_constant( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector +to_unsigned_representative__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector t = + shift_right___15int32_t0(a); + libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___bitwise_and_with_constant( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + return libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( a, &fm); } static inline void -serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient = - to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_portable_vector_type_PortableVector( re->coefficients[i0]); uint8_t bytes[24U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_12( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_12( coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)384U, serialized, @@ -2341,8 +1934,8 @@ serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVect } static inline void -serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector key[4U], uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2352,13 +1945,13 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536 core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)1536U, out, @@ -2368,7 +1961,7 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536 LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, @@ -2379,8 +1972,8 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536 } static inline void -serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t_1568size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector t_as_ntt[4U], Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; @@ -2389,15 +1982,15 @@ serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536 (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)1536U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1[4U]; memcpy( uu____1, t_as_ntt, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t ret0[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t( + serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t( uu____1, ret0); core_slice___Slice_T___copy_from_slice( uu____0, @@ -2411,23 +2004,23 @@ serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536 memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t_1568size_t( uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector deserialized_pk[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1568size_t_4size_t( + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1568size_t_4size_t( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0[4U]; memcpy( uu____0, deserialized_pk, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( + serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t_1568size_t( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), @@ -2445,19 +2038,20 @@ static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { } static void -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret0[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + ret0[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); memcpy( ret, ret0, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } typedef struct PortableHash____4size_t_s { @@ -2504,7 +2098,7 @@ static inline void shake128_squeeze_three_blocks___4size_t( } static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_4size_t_504size_t( +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_504size_t( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2520,7 +2114,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); size_t sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___rej_sample( uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], @@ -2558,7 +2152,7 @@ static inline void shake128_squeeze_block___4size_t( } static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_4size_t_168size_t( +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_168size_t( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2574,7 +2168,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); size_t sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___rej_sample( uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], @@ -2598,16 +2192,17 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe return done; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +from_i16_array__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + result = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___from_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___from_i16_array( Eurydice_slice_subslice( a, (CLITERAL(core_ops_range_Range__size_t){ @@ -2619,10 +2214,10 @@ from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( return result; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0( +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0( int16_t s[272U]) { - return from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( + return from_i16_array__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_array_to_subslice((size_t)272U, s, (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U}), @@ -2631,9 +2226,9 @@ closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct } static inline void -sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( +sample_from_xof__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; @@ -2645,7 +2240,7 @@ sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha uint8_t uu____1[4U][504U]; memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); bool done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_4size_t_504size_t( + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_504size_t( uu____1, sampled_coefficients, out); while (true) { if (done) { @@ -2656,36 +2251,36 @@ sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha uint8_t uu____2[4U][168U]; memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_4size_t_168size_t( + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_168size_t( uu____2, sampled_coefficients, out); } } int16_t uu____3[4U][272U]; memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret0[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, ret0[i] = - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0( + closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0( uu____3[i]);); memcpy( ret, ret0, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static inline void -sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( +sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[4U][4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[4U][4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; @@ -2698,9 +2293,9 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); uint8_t uu____1[4U][34U]; memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector sampled[4U]; - sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + sample_from_xof__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( uu____1, sampled); for ( size_t i = (size_t)0U; @@ -2708,13 +2303,13 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector sample = sampled[j]; if (transpose) { A_transpose[j][i1] = sample; @@ -2726,16 +2321,16 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha ret, A_transpose, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [4U])); } typedef struct - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector fst[4U]; uint8_t snd; -} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t; static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { @@ -2750,8 +2345,8 @@ static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -sample_from_binomial_distribution_2__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +sample_from_binomial_distribution_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -2793,13 +2388,13 @@ sample_from_binomial_distribution_2__libcrux_ml_kem_vector_portable_PortableVect sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( + return from_i16_array__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -sample_from_binomial_distribution_3__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +sample_from_binomial_distribution_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -2839,76 +2434,77 @@ sample_from_binomial_distribution_3__libcrux_ml_kem_vector_portable_PortableVect sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( + return from_i16_array__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_slice randomness) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0; uu____0 = - sample_from_binomial_distribution_2__libcrux_ml_kem_vector_portable_PortableVector( + sample_from_binomial_distribution_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( randomness); return uu____0; } static inline void -ntt_at_layer_7__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +ntt_at_layer_7__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { size_t j = i; - libcrux_ml_kem_vector_portable_PortableVector t = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector t = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___multiply_by_constant( re->coefficients[j + step], (int16_t)-1600); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___sub( re->coefficients[j], &t); re->coefficients[j + step] = uu____0; - libcrux_ml_kem_vector_portable_PortableVector uu____1 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( re->coefficients[j], &t); re->coefficients[j] = uu____1; } } typedef struct - __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector_s { - libcrux_ml_kem_vector_portable_PortableVector fst; - libcrux_ml_kem_vector_portable_PortableVector snd; -} __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector; - -static libcrux_ml_kem_vector_portable_PortableVector -montgomery_multiply_fe__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t fer) { - return libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( + __libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { + libcrux_ml_kem_vector_portable_vector_type_PortableVector fst; + libcrux_ml_kem_vector_portable_vector_type_PortableVector snd; +} __libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_vector_portable_vector_type_PortableVector; + +static libcrux_ml_kem_vector_portable_vector_type_PortableVector +montgomery_multiply_fe__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { + return libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___montgomery_multiply_by_constant( v, fer); } -static inline __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector -ntt_layer_int_vec_step__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_vector_portable_PortableVector a, - libcrux_ml_kem_vector_portable_PortableVector b, int16_t zeta_r) { - libcrux_ml_kem_vector_portable_PortableVector t = - montgomery_multiply_fe__libcrux_ml_kem_vector_portable_PortableVector( +static inline __libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_vector_portable_vector_type_PortableVector +ntt_layer_int_vec_step__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + libcrux_ml_kem_vector_portable_vector_type_PortableVector b, + int16_t zeta_r) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector t = + montgomery_multiply_fe__libcrux_ml_kem_vector_portable_vector_type_PortableVector( b, zeta_r); - b = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( + b = libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___sub( a, &t); - a = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + a = libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( a, &t); return (CLITERAL( - __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector){ + __libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_vector_portable_vector_type_PortableVector){ .fst = a, .snd = b}); } static inline void -ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( +ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2920,14 +2516,14 @@ ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( size_t step_vec = step / (size_t)16U; for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; - __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector + __libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - ntt_layer_int_vec_step__libcrux_ml_kem_vector_portable_PortableVector( + ntt_layer_int_vec_step__libcrux_ml_kem_vector_portable_vector_type_PortableVector( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R [zeta_i[0U]]); - libcrux_ml_kem_vector_portable_PortableVector x = uu____0.fst; - libcrux_ml_kem_vector_portable_PortableVector y = uu____0.snd; + libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; + libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd; re->coefficients[j] = x; re->coefficients[j + step_vec] = y; } @@ -2935,30 +2531,30 @@ ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( } static inline void -ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector( +ntt_at_layer_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_layer_3_step( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); re->coefficients[round] = uu____0;); } static inline void -ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector( +ntt_at_layer_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_layer_2_step( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + @@ -2967,15 +2563,15 @@ ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector( } static inline void -ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector( +ntt_at_layer_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_layer_1_step( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + @@ -2988,45 +2584,50 @@ ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector( } static inline void -poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +poly_barrett_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___barrett_reduce( self->coefficients[i0]); self->coefficients[i0] = uu____0; } } static inline void -ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { - ntt_at_layer_7__libcrux_ml_kem_vector_portable_PortableVector(re); + ntt_at_layer_7__libcrux_ml_kem_vector_portable_vector_type_PortableVector(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector(re); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + ntt_at_layer_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + re); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re_as_ntt[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + re_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -3040,45 +2641,45 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcru PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____2[4U]; memcpy( uu____2, re_as_ntt, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t lit; memcpy( lit.fst, uu____2, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); lit.snd = domain_separator; return lit; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - out = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + out = ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_multiply( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_multiply( &self->coefficients[i0], &rhs->coefficients[i0], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], @@ -3097,84 +2698,87 @@ ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( } static inline void -add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_PortableVector, Eurydice_slice), - libcrux_ml_kem_vector_portable_PortableVector, size_t); + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + size_t); i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( self->coefficients[i0], &rhs->coefficients[i0]); self->coefficients[i0] = uu____0; } } -static libcrux_ml_kem_vector_portable_PortableVector -to_standard_domain__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_vector_portable_PortableVector v) { - return libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector +to_standard_domain__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___montgomery_multiply_by_constant( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } static inline void -add_standard_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +add_standard_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient_normal_form = - to_standard_domain__libcrux_ml_kem_vector_portable_PortableVector( - self->coefficients[j]); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector + coefficient_normal_form = + to_standard_domain__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + self->coefficients[j]); + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( coefficient_normal_form, &error->coefficients[j])); self->coefficients[j] = uu____0; } } static inline void -compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ( +compute_As_plus_e__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ( *matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector result[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + result[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for ( size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [4U], Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [4U], size_t); i0++) { size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *row = matrix_A[i1]; for ( size_t i = (size_t)0U; @@ -3182,32 +2786,33 @@ compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_4size_t( core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( &result[i1], &product); } - add_standard_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + add_standard_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &result[i1], &error_as_ntt[i1]); } memcpy( ret, result, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static libcrux_ml_kem_utils_extraction_helper_Keypair1024 -generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( +generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___4size_t(key_generation_seed, hashed); @@ -3218,64 +2823,64 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[4U][4U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t domain_separator = uu____2.snd; uint8_t uu____3[33U]; memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( uu____3, domain_separator) .fst, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector t_as_ntt[4U]; - compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + compute_As_plus_e__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____4[4U]; memcpy( uu____4, t_as_ntt, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( + serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t_1568size_t( uu____4, seed_for_A, public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____5[4U]; memcpy( uu____5, secret_as_ntt, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t secret_key_serialized[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t( + serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t( uu____5, secret_key_serialized); uint8_t uu____6[1536U]; memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); @@ -3356,7 +2961,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___ } libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( (size_t)64U, randomness, @@ -3369,7 +2974,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_Portable LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); @@ -3410,15 +3015,16 @@ entropy_preprocess__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_ } static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1536size_t_4size_t( +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1536size_t_4size_t( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -3431,9 +3037,9 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( ring_element); deserialized_pk[i0] = uu____0; } @@ -3441,17 +3047,18 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector ret, deserialized_pk, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_1[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + error_1[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -3465,26 +3072,26 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_m PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____2[4U]; memcpy( uu____2, error_1, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t lit; memcpy( lit.fst, uu____2, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); lit.snd = domain_separator; return lit; } @@ -3499,15 +3106,15 @@ static inline void PRF___4size_t_128size_t(Eurydice_slice input, } static inline void -invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector( +invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___inv_ntt_layer_1_step( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - @@ -3520,15 +3127,15 @@ invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector( } static inline void -invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector( +invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___inv_ntt_layer_2_step( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - @@ -3537,41 +3144,42 @@ invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector( } static inline void -invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector( +invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___inv_ntt_layer_3_step( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); re->coefficients[round] = uu____0;); } -static inline __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector -inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_vector_portable_PortableVector a, - libcrux_ml_kem_vector_portable_PortableVector b, int16_t zeta_r) { - libcrux_ml_kem_vector_portable_PortableVector a_minus_b = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( +static inline __libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_vector_portable_vector_type_PortableVector +inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + libcrux_ml_kem_vector_portable_vector_type_PortableVector b, + int16_t zeta_r) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector a_minus_b = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___sub( b, &a); - a = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + a = libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( a, &b)); - b = montgomery_multiply_fe__libcrux_ml_kem_vector_portable_PortableVector( + b = montgomery_multiply_fe__libcrux_ml_kem_vector_portable_vector_type_PortableVector( a_minus_b, zeta_r); return (CLITERAL( - __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector){ + __libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_vector_portable_vector_type_PortableVector){ .fst = a, .snd = b}); } static inline void -invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( +invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3585,14 +3193,14 @@ invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; - __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector + __libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_portable_PortableVector( + inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R [zeta_i[0U]]); - libcrux_ml_kem_vector_portable_PortableVector x = uu____0.fst; - libcrux_ml_kem_vector_portable_PortableVector y = uu____0.snd; + libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; + libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd; re->coefficients[j] = x; re->coefficients[j + step_vec] = y; } @@ -3600,78 +3208,81 @@ invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( } static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector(re); + poly_barrett_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + re); } static inline void -add_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +add_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( - self->coefficients[j], (int16_t)1441); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector + coefficient_normal_form = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___montgomery_multiply_by_constant( + self->coefficients[j], (int16_t)1441); + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( coefficient_normal_form, &error->coefficients[j])); self->coefficients[j] = uu____0; } } static inline void -compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ( +compute_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ( *a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector result[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + result[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for ( size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [4U], Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [4U], size_t); i0++) { size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *row = a_as_ntt[i1]; for ( size_t i = (size_t)0U; @@ -3679,168 +3290,179 @@ compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t( core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( &result[i1], &product); } - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( &result[i1]); - add_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + add_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &result[i1], &error_1[i1]); } memcpy( ret, result, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static libcrux_ml_kem_vector_portable_PortableVector -decompress_1__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_vector_portable_PortableVector v) { - return libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___bitwise_and_with_constant( - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(), +static libcrux_ml_kem_vector_portable_vector_type_PortableVector +decompress_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___bitwise_and_with_constant( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___sub( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(), &v), (int16_t)1665); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector( uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient_compressed = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_1( - Eurydice_array_to_subslice( - (size_t)32U, serialized, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - decompress_1__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_vector_portable_vector_type_PortableVector + coefficient_compressed = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_1( + Eurydice_array_to_subslice( + (size_t)32U, serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + decompress_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -add_message_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +add_message_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *message, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector result) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( - result.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_portable_PortableVector tmp = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector + coefficient_normal_form = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___montgomery_multiply_by_constant( + result.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( self->coefficients[i0], &message->coefficients[i0]); - libcrux_ml_kem_vector_portable_PortableVector tmp0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( coefficient_normal_form, &tmp); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___barrett_reduce( tmp0); result.coefficients[i0] = uu____0; } return result; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +compute_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + result = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - &t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( &result); result = - add_message_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + add_message_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( error_2, message, result); return result; } -static inline libcrux_ml_kem_vector_portable_PortableVector -compress___10int32_t(libcrux_ml_kem_vector_portable_PortableVector v) { +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +compress___10int32_t( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t uu____0 = libcrux_ml_kem_vector_compress_ciphertext_coefficient( - (uint8_t)(int32_t)10, (uint16_t)v.elements[i0]); + int16_t uu____0 = + libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( + (uint8_t)(int32_t)10, (uint16_t)v.elements[i0]); v.elements[i0] = uu____0; } return v; } -static libcrux_ml_kem_vector_portable_PortableVector compress___10int32_t0( - libcrux_ml_kem_vector_portable_PortableVector v) { +static libcrux_ml_kem_vector_portable_vector_type_PortableVector +compress___10int32_t0( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return compress___10int32_t(v); } -static inline libcrux_ml_kem_vector_portable_PortableVector -compress___11int32_t(libcrux_ml_kem_vector_portable_PortableVector v) { +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +compress___11int32_t( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t uu____0 = libcrux_ml_kem_vector_compress_ciphertext_coefficient( - (uint8_t)(int32_t)11, (uint16_t)v.elements[i0]); + int16_t uu____0 = + libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( + (uint8_t)(int32_t)11, (uint16_t)v.elements[i0]); v.elements[i0] = uu____0; } return v; } -static libcrux_ml_kem_vector_portable_PortableVector compress___11int32_t0( - libcrux_ml_kem_vector_portable_PortableVector v) { +static libcrux_ml_kem_vector_portable_vector_type_PortableVector +compress___11int32_t0( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return compress___11int32_t(v); } static inline void -compress_then_serialize_11__libcrux_ml_kem_vector_portable_PortableVector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_11__libcrux_ml_kem_vector_portable_vector_type_PortableVector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient = + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = compress___11int32_t0( - to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( + to_unsigned_representative__libcrux_ml_kem_vector_portable_vector_type_PortableVector( re->coefficients[i0])); uint8_t bytes[22U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_11( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_11( coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)352U, serialized, @@ -3856,19 +3478,19 @@ compress_then_serialize_11__libcrux_ml_kem_vector_portable_PortableVector_352siz } static inline void -compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11__libcrux_ml_kem_vector_portable_PortableVector_352size_t( + compress_then_serialize_11__libcrux_ml_kem_vector_portable_vector_type_PortableVector_352size_t( re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } static void -compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1408size_t_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector input[4U], Eurydice_slice out) { for ( @@ -3877,13 +3499,13 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice( out, @@ -3892,7 +3514,7 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[352U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t_352size_t( + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_11size_t_352size_t( &re, ret); core_slice___Slice_T___copy_from_slice( uu____0, @@ -3901,37 +3523,40 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t } } -static inline libcrux_ml_kem_vector_portable_PortableVector compress___4int32_t( - libcrux_ml_kem_vector_portable_PortableVector v) { +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +compress___4int32_t( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t uu____0 = libcrux_ml_kem_vector_compress_ciphertext_coefficient( - (uint8_t)(int32_t)4, (uint16_t)v.elements[i0]); + int16_t uu____0 = + libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( + (uint8_t)(int32_t)4, (uint16_t)v.elements[i0]); v.elements[i0] = uu____0; } return v; } -static libcrux_ml_kem_vector_portable_PortableVector compress___4int32_t0( - libcrux_ml_kem_vector_portable_PortableVector v) { +static libcrux_ml_kem_vector_portable_vector_type_PortableVector +compress___4int32_t0( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return compress___4int32_t(v); } static inline void -compress_then_serialize_4__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_4__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient = + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = compress___4int32_t0( - to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( + to_unsigned_representative__libcrux_ml_kem_vector_portable_vector_type_PortableVector( re.coefficients[i0])); uint8_t bytes[8U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_4( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_4( coefficient, bytes); Eurydice_slice uu____0 = Eurydice_slice_subslice( serialized, @@ -3945,37 +3570,40 @@ compress_then_serialize_4__libcrux_ml_kem_vector_portable_PortableVector( } } -static inline libcrux_ml_kem_vector_portable_PortableVector compress___5int32_t( - libcrux_ml_kem_vector_portable_PortableVector v) { +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +compress___5int32_t( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t uu____0 = libcrux_ml_kem_vector_compress_ciphertext_coefficient( - (uint8_t)(int32_t)5, (uint16_t)v.elements[i0]); + int16_t uu____0 = + libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( + (uint8_t)(int32_t)5, (uint16_t)v.elements[i0]); v.elements[i0] = uu____0; } return v; } -static libcrux_ml_kem_vector_portable_PortableVector compress___5int32_t0( - libcrux_ml_kem_vector_portable_PortableVector v) { +static libcrux_ml_kem_vector_portable_vector_type_PortableVector +compress___5int32_t0( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return compress___5int32_t(v); } static inline void -compress_then_serialize_5__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_5__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficients = + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = compress___5int32_t0( - to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( + to_unsigned_representative__libcrux_ml_kem_vector_portable_vector_type_PortableVector( re.coefficients[i0])); uint8_t bytes[10U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_5( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_5( coefficients, bytes); Eurydice_slice uu____0 = Eurydice_slice_subslice( serialized, @@ -3990,102 +3618,102 @@ compress_then_serialize_5__libcrux_ml_kem_vector_portable_PortableVector( } static inline void -compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_5size_t_160size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_5size_t_160size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re, Eurydice_slice out) { - compress_then_serialize_5__libcrux_ml_kem_vector_portable_PortableVector(re, - out); + compress_then_serialize_5__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + re, out); } static void -encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( +encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector t_as_ntt[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1536size_t_4size_t( + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1536size_t_4size_t( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from( public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( ret0, false, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( + sample_ring_element_cbd__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_1[4U]; memcpy( error_1, uu____3.fst, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; PRF___4size_t_128size_t( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u[4U]; - compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + compute_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector( uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - v = compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + v = compute_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + compress_then_serialize_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1408size_t_11size_t_352size_t( uu____5, Eurydice_array_to_subslice( (size_t)1568U, ciphertext, (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_5size_t_160size_t( + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_5size_t_160size_t( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); @@ -4105,7 +3733,7 @@ kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_156 } K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -4151,7 +3779,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -4170,9 +3798,9 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto return lit; } -static inline libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_ciphertext_coefficient___10int32_t( - libcrux_ml_kem_vector_portable_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4185,17 +3813,17 @@ decompress_ciphertext_coefficient___10int32_t( return v; } -static libcrux_ml_kem_vector_portable_PortableVector +static libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_ciphertext_coefficient___10int32_t0( - libcrux_ml_kem_vector_portable_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return decompress_ciphertext_coefficient___10int32_t(v); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_then_decompress_10__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_then_decompress_10__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; @@ -4206,19 +3834,19 @@ deserialize_then_decompress_10__libcrux_ml_kem_vector_portable_PortableVector( (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * (size_t)20U, .end = i0 * (size_t)20U + (size_t)20U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_portable_PortableVector coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_10( bytes); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = decompress_ciphertext_coefficient___10int32_t0(coefficient); re.coefficients[i0] = uu____0; } return re; } -static inline libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_ciphertext_coefficient___11int32_t( - libcrux_ml_kem_vector_portable_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4231,17 +3859,17 @@ decompress_ciphertext_coefficient___11int32_t( return v; } -static libcrux_ml_kem_vector_portable_PortableVector +static libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_ciphertext_coefficient___11int32_t0( - libcrux_ml_kem_vector_portable_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return decompress_ciphertext_coefficient___11int32_t(v); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_then_decompress_11__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_then_decompress_11__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; @@ -4252,56 +3880,61 @@ deserialize_then_decompress_11__libcrux_ml_kem_vector_portable_PortableVector( (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * (size_t)22U, .end = i0 * (size_t)22U + (size_t)22U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_portable_PortableVector coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_11( bytes); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = decompress_ciphertext_coefficient___11int32_t0(coefficient); re.coefficients[i0] = uu____0; } return re; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_11size_t( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0; uu____0 = - deserialize_then_decompress_11__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_then_decompress_11__libcrux_ml_kem_vector_portable_vector_type_PortableVector( serialized); return uu____0; } static inline void -ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +ntt_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_11size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector(re); + ntt_at_layer_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + re); } static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_11size_t( +deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1568size_t_11size_t( uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u_as_ntt[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + u_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, @@ -4322,24 +3955,24 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_4si LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t( + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_11size_t( u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t( + ntt_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_11size_t( &u_as_ntt[i0]); } memcpy( ret, u_as_ntt, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static inline libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_ciphertext_coefficient___4int32_t( - libcrux_ml_kem_vector_portable_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4352,17 +3985,17 @@ decompress_ciphertext_coefficient___4int32_t( return v; } -static libcrux_ml_kem_vector_portable_PortableVector +static libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_ciphertext_coefficient___4int32_t0( - libcrux_ml_kem_vector_portable_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return decompress_ciphertext_coefficient___4int32_t(v); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_then_decompress_4__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_then_decompress_4__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; i++) { @@ -4372,19 +4005,19 @@ deserialize_then_decompress_4__libcrux_ml_kem_vector_portable_PortableVector( (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * (size_t)8U, .end = i0 * (size_t)8U + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_portable_PortableVector coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_4( bytes); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = decompress_ciphertext_coefficient___4int32_t0(coefficient); re.coefficients[i0] = uu____0; } return re; } -static inline libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_ciphertext_coefficient___5int32_t( - libcrux_ml_kem_vector_portable_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4397,17 +4030,17 @@ decompress_ciphertext_coefficient___5int32_t( return v; } -static libcrux_ml_kem_vector_portable_PortableVector +static libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_ciphertext_coefficient___5int32_t0( - libcrux_ml_kem_vector_portable_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return decompress_ciphertext_coefficient___5int32_t(v); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_then_decompress_5__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_then_decompress_5__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; @@ -4418,33 +4051,33 @@ deserialize_then_decompress_5__libcrux_ml_kem_vector_portable_PortableVector( (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * (size_t)10U, .end = i0 * (size_t)10U + (size_t)10U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_5( bytes); re.coefficients[i0] = uu____0; - libcrux_ml_kem_vector_portable_PortableVector uu____1 = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = decompress_ciphertext_coefficient___5int32_t0(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_5size_t( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_5size_t( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0; uu____0 = - deserialize_then_decompress_5__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_then_decompress_5__libcrux_ml_kem_vector_portable_vector_type_PortableVector( serialized); return uu____0; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -4455,8 +4088,8 @@ deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_Portabl (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * (size_t)24U, .end = i0 * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_12( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_12( bytes); re.coefficients[i0] = uu____0; } @@ -4464,15 +4097,16 @@ deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_Portabl } static inline void -deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t( +deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4485,9 +4119,9 @@ deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t( .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -4495,70 +4129,75 @@ deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t( ret, secret_as_ntt, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -subtract_reduce__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +subtract_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( - b.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( + libcrux_ml_kem_vector_portable_vector_type_PortableVector + coefficient_normal_form = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___montgomery_multiply_by_constant( + b.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___sub( self->coefficients[i0], &coefficient_normal_form)); b.coefficients[i0] = uu____0; } return b; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -compute_message__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +compute_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + result = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - &secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( &result); result = - subtract_reduce__libcrux_ml_kem_vector_portable_PortableVector(v, result); + subtract_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + v, result); return result; } static inline void -compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient = - to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_portable_vector_type_PortableVector( re.coefficients[i0]); - libcrux_ml_kem_vector_portable_PortableVector coefficient_compressed = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___compress_1( - coefficient); + libcrux_ml_kem_vector_portable_vector_type_PortableVector + coefficient_compressed = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___compress_1( + coefficient); uint8_t bytes[2U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_1( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_1( coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)32U, serialized, @@ -4573,27 +4212,27 @@ compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector( } static void -decrypt__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( +decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u_as_ntt[4U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_11size_t( + deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1568size_t_11size_t( ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_5size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_5size_t( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector secret_as_ntt[4U]; - deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector message = - compute_message__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + compute_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( &v, secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector( + compress_then_serialize_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector( message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4607,7 +4246,7 @@ static inline void PRF___4size_t_32size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -4632,7 +4271,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array___64size_t( @@ -4673,7 +4312,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( uu____5, uu____6, pseudorandomness, expected_ciphertext); Eurydice_slice uu____7 = libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( @@ -4702,15 +4341,16 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable } static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1184size_t_3size_t( +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1184size_t_3size_t( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4723,9 +4363,9 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( ring_element); deserialized_pk[i0] = uu____0; } @@ -4733,12 +4373,12 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector ret, deserialized_pk, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static inline void -serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector key[3U], uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -4748,13 +4388,13 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152 core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)1152U, out, @@ -4764,7 +4404,7 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152 LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, @@ -4775,8 +4415,8 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152 } static inline void -serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector t_as_ntt[3U], Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; @@ -4785,15 +4425,15 @@ serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152 (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)1152U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1[3U]; memcpy( uu____1, t_as_ntt, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t ret0[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t( + serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t( uu____1, ret0); core_slice___Slice_T___copy_from_slice( uu____0, @@ -4807,23 +4447,23 @@ serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152 memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t_1184size_t( uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector deserialized_pk[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1184size_t_3size_t( + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1184size_t_3size_t( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0[3U]; memcpy( uu____0, deserialized_pk, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( + serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t_1184size_t( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), @@ -4841,19 +4481,20 @@ static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { } static void -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret0[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + ret0[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); memcpy( ret, ret0, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } typedef struct PortableHash____3size_t_s { @@ -4900,7 +4541,7 @@ static inline void shake128_squeeze_three_blocks___3size_t( } static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_3size_t_504size_t( +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_504size_t( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -4916,7 +4557,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); size_t sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___rej_sample( uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], @@ -4954,7 +4595,7 @@ static inline void shake128_squeeze_block___3size_t( } static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_3size_t_168size_t( +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_168size_t( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -4970,7 +4611,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); size_t sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___rej_sample( uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], @@ -4994,10 +4635,10 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe return done; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( int16_t s[272U]) { - return from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( + return from_i16_array__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_array_to_subslice((size_t)272U, s, (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U}), @@ -5006,9 +4647,9 @@ closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct } static inline void -sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( +sample_from_xof__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; @@ -5020,7 +4661,7 @@ sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha uint8_t uu____1[3U][504U]; memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_3size_t_504size_t( + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_504size_t( uu____1, sampled_coefficients, out); while (true) { if (done) { @@ -5031,36 +4672,36 @@ sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha uint8_t uu____2[3U][168U]; memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_3size_t_168size_t( + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_168size_t( uu____2, sampled_coefficients, out); } } int16_t uu____3[3U][272U]; memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret0[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, ret0[i] = - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( + closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( uu____3[i]);); memcpy( ret, ret0, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static inline void -sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( +sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[3U][3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; @@ -5073,9 +4714,9 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); uint8_t uu____1[3U][34U]; memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector sampled[3U]; - sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + sample_from_xof__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( uu____1, sampled); for ( size_t i = (size_t)0U; @@ -5083,13 +4724,13 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector sample = sampled[j]; if (transpose) { A_transpose[j][i1] = sample; @@ -5101,16 +4742,16 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha ret, A_transpose, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [3U])); } typedef struct - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector fst[3U]; uint8_t snd; -} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t; static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { @@ -5125,14 +4766,15 @@ static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); } -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re_as_ntt[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + re_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -5146,84 +4788,86 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcru PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____2[3U]; memcpy( uu____2, re_as_ntt, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t lit; memcpy( lit.fst, uu____2, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); lit.snd = domain_separator; return lit; } static inline void -add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_PortableVector, Eurydice_slice), - libcrux_ml_kem_vector_portable_PortableVector, size_t); + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + size_t); i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( self->coefficients[i0], &rhs->coefficients[i0]); self->coefficients[i0] = uu____0; } } static inline void -compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ( +compute_As_plus_e__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ( *matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector result[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + result[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for ( size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [3U], Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [3U], size_t); i0++) { size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *row = matrix_A[i1]; for ( size_t i = (size_t)0U; @@ -5231,32 +4875,33 @@ compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_3size_t( core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( &result[i1], &product); } - add_standard_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + add_standard_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &result[i1], &error_as_ntt[i1]); } memcpy( ret, result, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static libcrux_ml_kem_utils_extraction_helper_Keypair768 -generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( +generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___3size_t(key_generation_seed, hashed); @@ -5267,64 +4912,64 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t domain_separator = uu____2.snd; uint8_t uu____3[33U]; memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( uu____3, domain_separator) .fst, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector t_as_ntt[3U]; - compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + compute_As_plus_e__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____4[3U]; memcpy( uu____4, t_as_ntt, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( + serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t_1184size_t( uu____4, seed_for_A, public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____5[3U]; memcpy( uu____5, secret_as_ntt, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t secret_key_serialized[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t( + serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t( uu____5, secret_key_serialized); uint8_t uu____6[1152U]; memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); @@ -5405,7 +5050,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___ } libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( (size_t)64U, randomness, @@ -5418,7 +5063,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_Portable LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); @@ -5459,15 +5104,16 @@ entropy_preprocess__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_ } static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1152size_t_3size_t( +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1152size_t_3size_t( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5480,9 +5126,9 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( ring_element); deserialized_pk[i0] = uu____0; } @@ -5490,17 +5136,18 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector ret, deserialized_pk, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_1[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + error_1[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -5514,26 +5161,26 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_m PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____2[3U]; memcpy( uu____2, error_1, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t lit; memcpy( lit.fst, uu____2, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); lit.snd = domain_separator; return lit; } @@ -5548,58 +5195,60 @@ static inline void PRF___3size_t_128size_t(Eurydice_slice input, } static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector(re); + poly_barrett_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + re); } static inline void -compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ( +compute_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ( *a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector result[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + result[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for ( size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [3U], Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [3U], size_t); i0++) { size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *row = a_as_ntt[i1]; for ( size_t i = (size_t)0U; @@ -5607,74 +5256,77 @@ compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t( core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( &result[i1], &product); } - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( &result[i1]); - add_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + add_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &result[i1], &error_1[i1]); } memcpy( ret, result, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +compute_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + result = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - &t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( &result); result = - add_message_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + add_message_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( error_2, message, result); return result; } static inline void -compress_then_serialize_10__libcrux_ml_kem_vector_portable_PortableVector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_10__libcrux_ml_kem_vector_portable_vector_type_PortableVector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient = + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = compress___10int32_t0( - to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( + to_unsigned_representative__libcrux_ml_kem_vector_portable_vector_type_PortableVector( re->coefficients[i0])); uint8_t bytes[20U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_10( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_10( coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)320U, serialized, @@ -5690,19 +5342,19 @@ compress_then_serialize_10__libcrux_ml_kem_vector_portable_PortableVector_320siz } static inline void -compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10__libcrux_ml_kem_vector_portable_PortableVector_320size_t( + compress_then_serialize_10__libcrux_ml_kem_vector_portable_vector_type_PortableVector_320size_t( re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } static void -compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t_960size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector input[3U], Eurydice_slice out) { for ( @@ -5711,13 +5363,13 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice( out, @@ -5726,7 +5378,7 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t_320size_t( + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_10size_t_320size_t( &re, ret); core_slice___Slice_T___copy_from_slice( uu____0, @@ -5736,102 +5388,102 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t } static inline void -compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re, Eurydice_slice out) { - compress_then_serialize_4__libcrux_ml_kem_vector_portable_PortableVector(re, - out); + compress_then_serialize_4__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + re, out); } static void -encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( +encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector t_as_ntt[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1152size_t_3size_t( + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1152size_t_3size_t( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from( public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( ret0, false, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + sample_ring_element_cbd__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_1[3U]; memcpy( error_1, uu____3.fst, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; PRF___3size_t_128size_t( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u[3U]; - compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + compute_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector( uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - v = compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + v = compute_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + compress_then_serialize_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_960size_t_10size_t_320size_t( uu____5, Eurydice_array_to_subslice( (size_t)1088U, ciphertext, (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t_128size_t( + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_128size_t( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -5851,7 +5503,7 @@ kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_108 } K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -5897,7 +5549,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5916,46 +5568,51 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto return lit; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_10size_t( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0; uu____0 = - deserialize_then_decompress_10__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_then_decompress_10__libcrux_ml_kem_vector_portable_vector_type_PortableVector( serialized); return uu____0; } static inline void -ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +ntt_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector(re); + ntt_at_layer_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + re); } static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_10size_t( +deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1088size_t_10size_t( uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u_as_ntt[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + u_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, @@ -5976,42 +5633,43 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_3si LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t( + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_10size_t( u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t( + ntt_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_10size_t( &u_as_ntt[i0]); } memcpy( ret, u_as_ntt, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0; uu____0 = - deserialize_then_decompress_4__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_then_decompress_4__libcrux_ml_kem_vector_portable_vector_type_PortableVector( serialized); return uu____0; } static inline void -deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t( +deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector secret_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6024,9 +5682,9 @@ deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t( .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -6034,55 +5692,58 @@ deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t( ret, secret_as_ntt, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -compute_message__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +compute_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + result = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - &secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( &result); result = - subtract_reduce__libcrux_ml_kem_vector_portable_PortableVector(v, result); + subtract_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + v, result); return result; } static void -decrypt__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( +decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u_as_ntt[3U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_10size_t( + deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1088size_t_10size_t( ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector secret_as_ntt[3U]; - deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector message = - compute_message__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + compute_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( &v, secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector( + compress_then_serialize_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector( message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6096,7 +5757,7 @@ static inline void PRF___3size_t_32size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = @@ -6120,7 +5781,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( + decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array___64size_t( @@ -6161,7 +5822,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( uu____5, uu____6, pseudorandomness, expected_ciphertext); Eurydice_slice uu____7 = libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( @@ -6190,15 +5851,16 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable } static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_800size_t_2size_t( +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_800size_t_2size_t( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6211,9 +5873,9 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( ring_element); deserialized_pk[i0] = uu____0; } @@ -6221,12 +5883,12 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector ret, deserialized_pk, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static inline void -serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector key[2U], uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -6236,13 +5898,13 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768s core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)768U, out, @@ -6252,7 +5914,7 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768s LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, @@ -6263,8 +5925,8 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768s } static inline void -serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_800size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector t_as_ntt[2U], Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; @@ -6273,15 +5935,15 @@ serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768s (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)768U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1[2U]; memcpy( uu____1, t_as_ntt, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t ret0[768U]; - serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t( + serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t( uu____1, ret0); core_slice___Slice_T___copy_from_slice( uu____0, @@ -6295,23 +5957,23 @@ serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768s memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_800size_t( uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector deserialized_pk[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_800size_t_2size_t( + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_800size_t_2size_t( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0[2U]; memcpy( uu____0, deserialized_pk, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( + serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_800size_t( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), @@ -6329,19 +5991,20 @@ static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { } static void -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret0[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + ret0[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); memcpy( ret, ret0, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } typedef struct PortableHash____2size_t_s { @@ -6388,7 +6051,7 @@ static inline void shake128_squeeze_three_blocks___2size_t( } static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_2size_t_504size_t( +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_504size_t( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6404,7 +6067,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); size_t sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___rej_sample( uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], @@ -6442,7 +6105,7 @@ static inline void shake128_squeeze_block___2size_t( } static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_2size_t_168size_t( +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_168size_t( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6458,7 +6121,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); size_t sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___rej_sample( uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], @@ -6482,10 +6145,10 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe return done; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0( +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0( int16_t s[272U]) { - return from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( + return from_i16_array__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_array_to_subslice((size_t)272U, s, (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U}), @@ -6494,9 +6157,9 @@ closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct } static inline void -sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( +sample_from_xof__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; @@ -6508,7 +6171,7 @@ sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha uint8_t uu____1[2U][504U]; memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); bool done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_2size_t_504size_t( + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_504size_t( uu____1, sampled_coefficients, out); while (true) { if (done) { @@ -6519,36 +6182,36 @@ sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha uint8_t uu____2[2U][168U]; memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_2size_t_168size_t( + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_168size_t( uu____2, sampled_coefficients, out); } } int16_t uu____3[2U][272U]; memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret0[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, ret0[i] = - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0( + closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0( uu____3[i]);); memcpy( ret, ret0, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static inline void -sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( +sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[2U][2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[2U][2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; @@ -6561,9 +6224,9 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); uint8_t uu____1[2U][34U]; memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector sampled[2U]; - sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + sample_from_xof__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( uu____1, sampled); for ( size_t i = (size_t)0U; @@ -6571,13 +6234,13 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector sample = sampled[j]; if (transpose) { A_transpose[j][i1] = sample; @@ -6589,16 +6252,16 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha ret, A_transpose, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [2U])); } typedef struct - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t__uint8_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector fst[2U]; uint8_t snd; -} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t__uint8_t; static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { @@ -6613,25 +6276,26 @@ static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_3size_t( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( Eurydice_slice randomness) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0; uu____0 = - sample_from_binomial_distribution_3__libcrux_ml_kem_vector_portable_PortableVector( + sample_from_binomial_distribution_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( randomness); return uu____0; } -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re_as_ntt[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + re_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -6645,84 +6309,86 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcru PRFxN___2size_t_192size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____2[2U]; memcpy( uu____2, re_as_ntt, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t__uint8_t lit; memcpy( lit.fst, uu____2, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); lit.snd = domain_separator; return lit; } static inline void -add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_PortableVector, Eurydice_slice), - libcrux_ml_kem_vector_portable_PortableVector, size_t); + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + size_t); i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( self->coefficients[i0], &rhs->coefficients[i0]); self->coefficients[i0] = uu____0; } } static inline void -compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ( +compute_As_plus_e__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ( *matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector result[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + result[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for ( size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [2U], Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [2U], size_t); i0++) { size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *row = matrix_A[i1]; for ( size_t i = (size_t)0U; @@ -6730,32 +6396,33 @@ compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_2size_t( core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( &result[i1], &product); } - add_standard_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + add_standard_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &result[i1], &error_as_ntt[i1]); } memcpy( ret, result, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static libcrux_ml_kem_utils_extraction_helper_Keypair512 -generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( +generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___2size_t(key_generation_seed, hashed); @@ -6766,64 +6433,64 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[2U][2U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); - sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t__uint8_t uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t domain_separator = uu____2.snd; uint8_t uu____3[33U]; memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( uu____3, domain_separator) .fst, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector t_as_ntt[2U]; - compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + compute_As_plus_e__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____4[2U]; memcpy( uu____4, t_as_ntt, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( + serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_800size_t( uu____4, seed_for_A, public_key_serialized); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____5[2U]; memcpy( uu____5, secret_as_ntt, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t secret_key_serialized[768U]; - serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t( + serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t( uu____5, secret_key_serialized); uint8_t uu____6[768U]; memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); @@ -6904,7 +6571,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___ } libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( (size_t)64U, randomness, @@ -6917,7 +6584,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_Portable LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); @@ -6958,15 +6625,16 @@ entropy_preprocess__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_ } static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_768size_t_2size_t( +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_768size_t_2size_t( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6979,9 +6647,9 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( ring_element); deserialized_pk[i0] = uu____0; } @@ -6989,7 +6657,7 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector ret, deserialized_pk, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], @@ -7005,14 +6673,15 @@ static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); } -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_1[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + error_1[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -7026,26 +6695,26 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_m PRFxN___2size_t_128size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____2[2U]; memcpy( uu____2, error_1, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t__uint8_t lit; memcpy( lit.fst, uu____2, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); lit.snd = domain_separator; return lit; } @@ -7060,58 +6729,60 @@ static inline void PRF___2size_t_128size_t(Eurydice_slice input, } static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector(re); + poly_barrett_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + re); } static inline void -compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ( +compute_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ( *a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector result[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + result[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for ( size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [2U], Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [2U], size_t); i0++) { size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *row = a_as_ntt[i1]; for ( size_t i = (size_t)0U; @@ -7119,62 +6790,65 @@ compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t( core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( &result[i1], &product); } - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( &result[i1]); - add_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + add_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &result[i1], &error_1[i1]); } memcpy( ret, result, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +compute_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + result = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - &t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( &result); result = - add_message_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + add_message_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( error_2, message, result); return result; } static void -compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t_640size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector input[2U], Eurydice_slice out) { for ( @@ -7183,13 +6857,13 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice( out, @@ -7198,7 +6872,7 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t_320size_t( + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_10size_t_320size_t( &re, ret); core_slice___Slice_T___copy_from_slice( uu____0, @@ -7208,93 +6882,93 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t } static void -encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( +encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector t_as_ntt[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_768size_t_2size_t( + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_768size_t_2size_t( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from( public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( ret0, false, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t__uint8_t uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t__uint8_t uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( + sample_ring_element_cbd__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_1[2U]; memcpy( error_1, uu____3.fst, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; PRF___2size_t_128size_t( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u[2U]; - compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + compute_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector( uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - v = compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + v = compute_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + compress_then_serialize_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_640size_t_10size_t_320size_t( uu____5, Eurydice_array_to_subslice( (size_t)768U, ciphertext, (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t_128size_t( + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_128size_t( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); @@ -7314,7 +6988,7 @@ kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768 } K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -7360,7 +7034,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -7380,15 +7054,16 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto } static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_10size_t( +deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_10size_t( uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u_as_ntt[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + u_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, @@ -7409,31 +7084,32 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_2si LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t( + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_10size_t( u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t( + ntt_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_10size_t( &u_as_ntt[i0]); } memcpy( ret, u_as_ntt, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static inline void -deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t( +deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7446,9 +7122,9 @@ deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t( .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -7456,55 +7132,58 @@ deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t( ret, secret_as_ntt, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -compute_message__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +compute_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + result = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - &secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( &result); result = - subtract_reduce__libcrux_ml_kem_vector_portable_PortableVector(v, result); + subtract_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + v, result); return result; } static void -decrypt__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( +decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u_as_ntt[2U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_10size_t( + deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_10size_t( ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector secret_as_ntt[2U]; - deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector message = - compute_message__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + compute_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( &v, secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector( + compress_then_serialize_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector( message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7518,7 +7197,7 @@ static inline void PRF___2size_t_32size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]) { @@ -7543,7 +7222,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( + decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array___64size_t( @@ -7584,7 +7263,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( uu____5, uu____6, pseudorandomness, expected_ciphertext); Eurydice_slice uu____7 = libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 7d4843f6c..7161ffacf 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_mlkem_portable_H @@ -27,288 +27,306 @@ extern "C" { #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ (62209U) -extern const uint8_t - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U] - [16U]; - -typedef struct libcrux_ml_kem_vector_portable_PortableVector_s { +typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { int16_t elements[16U]; -} libcrux_ml_kem_vector_portable_PortableVector; +} libcrux_ml_kem_vector_portable_vector_type_PortableVector; -libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_zero(void); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO( void); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_from_i16_array(Eurydice_slice array); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_from_i16_array(Eurydice_slice array); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___from_i16_array( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___from_i16_array( Eurydice_slice array); -libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_add( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs); -libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_sub( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_sub( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___sub( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___bitwise_and_with_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_cond_subtract_3329( - libcrux_ml_kem_vector_portable_PortableVector v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___cond_subtract_3329( - libcrux_ml_kem_vector_portable_PortableVector v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___cond_subtract_3329( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v); -#define LIBCRUX_ML_KEM_VECTOR_BARRETT_MULTIPLIER ((int32_t)20159) +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int32_t)20159) -#define LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT ((int32_t)26) +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT ((int32_t)26) -#define LIBCRUX_ML_KEM_VECTOR_BARRETT_R \ - ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT) +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R \ + ((int32_t)1 << (uint32_t) \ + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) -int16_t libcrux_ml_kem_vector_barrett_reduce_element(int16_t value); +int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + int16_t value); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_barrett_reduce( - libcrux_ml_kem_vector_portable_PortableVector v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( - libcrux_ml_kem_vector_portable_PortableVector v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v); -#define LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT (16U) +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT (16U) -#define LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_R \ - ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT) +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_R \ + ((int32_t)1 << (uint32_t) \ + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) -int16_t libcrux_ml_kem_vector_montgomery_reduce_element(int32_t value); +int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + int32_t value); -int16_t libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(int16_t fe, - int16_t fer); +int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + int16_t fe, int16_t fer); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t r); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___montgomery_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r); -uint8_t libcrux_ml_kem_vector_compress_message_coefficient(uint16_t fe); +uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( + uint16_t fe); -libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_compress_1( - libcrux_ml_kem_vector_portable_PortableVector v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_compress_compress_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___compress_1( - libcrux_ml_kem_vector_portable_PortableVector v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___compress_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v); -uint32_t libcrux_ml_kem_vector_get_n_least_significant_bits(uint8_t n, - uint32_t value); +uint32_t libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( + uint8_t n, uint32_t value); -int16_t libcrux_ml_kem_vector_compress_ciphertext_coefficient( +int16_t libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( uint8_t coefficient_bits, uint16_t fe); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, int16_t zeta1); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, int16_t zeta1); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta); typedef struct K___int16_t_int16_t_s { int16_t fst; int16_t snd; } K___int16_t_int16_t; -K___int16_t_int16_t libcrux_ml_kem_vector_ntt_multiply_binomials( +K___int16_t_int16_t libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( K___int16_t_int16_t _, K___int16_t_int16_t _0, int16_t zeta); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_ntt_multiply( - libcrux_ml_kem_vector_portable_PortableVector *lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_multiply( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_multiply( - libcrux_ml_kem_vector_portable_PortableVector *lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_multiply( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -void libcrux_ml_kem_vector_serialize_1( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[2U]); +void libcrux_ml_kem_vector_portable_serialize_serialize_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[2U]); -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_1( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[2U]); +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[2U]); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_1(Eurydice_slice v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_1( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_1( Eurydice_slice a); -void libcrux_ml_kem_vector_serialize_4( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[8U]); +void libcrux_ml_kem_vector_portable_serialize_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[8U]); -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_4( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[8U]); +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_4(Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_4( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_4( Eurydice_slice a); -void libcrux_ml_kem_vector_serialize_5( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[10U]); +void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]); -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_5( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[10U]); +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_5(Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_5( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_5( Eurydice_slice a); -void libcrux_ml_kem_vector_serialize_10( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[20U]); +void libcrux_ml_kem_vector_portable_serialize_serialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[20U]); -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_10( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[20U]); +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[20U]); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_10(Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_10( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_10( Eurydice_slice a); -void libcrux_ml_kem_vector_serialize_11( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[22U]); +void libcrux_ml_kem_vector_portable_serialize_serialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[22U]); -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_11( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[22U]); +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[22U]); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_11(Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_11( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_11( Eurydice_slice a); -void libcrux_ml_kem_vector_serialize_12( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[24U]); +void libcrux_ml_kem_vector_portable_serialize_serialize_12( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[24U]); -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_12( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[24U]); +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_12( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[24U]); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_12(Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_12( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_12( Eurydice_slice a); -size_t libcrux_ml_kem_vector_rej_sample(Eurydice_slice a, - Eurydice_slice result); +size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( + Eurydice_slice a, Eurydice_slice result); size_t -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___rej_sample( Eurydice_slice a, Eurydice_slice out); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_portable___core__clone__Clone_for_libcrux_ml_kem__vector__portable__PortableVector___clone( - libcrux_ml_kem_vector_portable_PortableVector *self); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type___core__clone__Clone_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___clone( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *self); typedef struct - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_s { - libcrux_ml_kem_vector_portable_PortableVector coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 21f3d5702..3f2613c81 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 9f8d2d177..3c4230c09 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -1,2036 +1,111 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ -#include "internal/libcrux_sha3_avx2.h" +#include "libcrux_sha3_avx2.h" #include "internal/libcrux_core.h" -static inline core_core_arch_x86___m256i zero(void) { - return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); -} - -static inline core_core_arch_x86___m256i _veor5q_u64( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); - core_core_arch_x86___m256i abcd = - libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); - return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); -} - -static inline core_core_arch_x86___m256i xor5(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, - core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - return _veor5q_u64(a, b, c, d, e); -} - -static inline core_core_arch_x86___m256i rotate_left___1int32_t_63int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)1, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)63, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vrax1q_u64( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i uu____0 = a; - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, rotate_left___1int32_t_63int32_t(b)); -} - -static inline core_core_arch_x86___m256i rotate_left1_and_xor( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vrax1q_u64(a, b); -} - -static inline core_core_arch_x86___m256i _vbcaxq_u64( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { - core_core_arch_x86___m256i uu____0 = a; - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); -} - -static inline core_core_arch_x86___m256i and_not_xor( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { - return _vbcaxq_u64(a, b, c); -} - -static inline core_core_arch_x86___m256i _veorq_n_u64( - core_core_arch_x86___m256i a, uint64_t c) { - core_core_arch_x86___m256i c0 = - libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); - return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); -} - -static inline core_core_arch_x86___m256i xor_constant( - core_core_arch_x86___m256i a, uint64_t c) { - return _veorq_n_u64(a, c); -} - -static inline core_core_arch_x86___m256i xor0(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); -} - -static inline void slice_4(Eurydice_slice a[4U], size_t start, size_t len, - Eurydice_slice ret[4U]) { - Eurydice_slice uu____0 = Eurydice_slice_subslice( - a[0U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - a[1U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - a[2U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - ret[0U] = uu____0; - ret[1U] = uu____1; - ret[2U] = uu____2; - ret[3U] = Eurydice_slice_subslice(a[3U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + len}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice); -} - -static inline void slice_n(Eurydice_slice a[4U], size_t start, size_t len, - Eurydice_slice ret[4U]) { - Eurydice_slice uu____0[4U]; - memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[4U]; - slice_4(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); -} - -static inline K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ -split_at_mut_4(Eurydice_slice out[4U], size_t mid) { - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - Eurydice_slice out2 = out[2U]; - Eurydice_slice out3 = out[3U]; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at_mut( - out0, mid, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at_mut( - out1, mid, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = - core_slice___Slice_T___split_at_mut( - out2, mid, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out20 = uu____2.fst; - Eurydice_slice out21 = uu____2.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = - core_slice___Slice_T___split_at_mut( - out3, mid, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out30 = uu____3.fst; - Eurydice_slice out31 = uu____3.snd; - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.fst[2U] = out20; - lit.fst[3U] = out30; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - lit.snd[2U] = out21; - lit.snd[3U] = out31; - return lit; -} - -static inline K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ -split_at_mut_n(Eurydice_slice a[4U], size_t mid) { - return split_at_mut_4(a, mid); -} - -static inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -new__core_core_arch_x86___m256i_4size_t(void) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - lit; - lit.st[0U][0U] = zero(); - lit.st[0U][1U] = zero(); - lit.st[0U][2U] = zero(); - lit.st[0U][3U] = zero(); - lit.st[0U][4U] = zero(); - lit.st[1U][0U] = zero(); - lit.st[1U][1U] = zero(); - lit.st[1U][2U] = zero(); - lit.st[1U][3U] = zero(); - lit.st[1U][4U] = zero(); - lit.st[2U][0U] = zero(); - lit.st[2U][1U] = zero(); - lit.st[2U][2U] = zero(); - lit.st[2U][3U] = zero(); - lit.st[2U][4U] = zero(); - lit.st[3U][0U] = zero(); - lit.st[3U][1U] = zero(); - lit.st[3U][2U] = zero(); - lit.st[3U][3U] = zero(); - lit.st[3U][4U] = zero(); - lit.st[4U][0U] = zero(); - lit.st[4U][1U] = zero(); - lit.st[4U][2U] = zero(); - lit.st[4U][3U] = zero(); - lit.st[4U][4U] = zero(); - return lit; -} - -static inline void load_block___136size_t(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice blocks[4U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[2U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[3U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____0 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; - core_core_arch_x86___m256i uu____1 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = uu____1; - core_core_arch_x86___m256i uu____2 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = uu____2; - core_core_arch_x86___m256i uu____3 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = uu____3; - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice(blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice(blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice(blocks[2U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice(blocks[3U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - core_core_arch_x86___m256i uu____8 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - s[i0][j0] = uu____8; - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____9 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____9, - Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start + (size_t)8U, .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____10 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____10, - Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start + (size_t)8U, .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____11 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____11, - Eurydice_slice_subslice( - blocks[2U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start + (size_t)8U, .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____12 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____12, - Eurydice_slice_subslice( - blocks[3U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start + (size_t)8U, .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); - size_t i = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - core_core_arch_x86___m256i uu____13 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - s[i][j] = uu____13; - } -} - -static inline void load_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], - Eurydice_slice b[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); - load_block___136size_t(uu____0, uu____1); -} - -static inline core_core_arch_x86___m256i rotate_left___36int32_t_28int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)36, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)28, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___36int32_t_28int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___36int32_t_28int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___36int32_t_28int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___36int32_t_28int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___3int32_t_61int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)3, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)61, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___3int32_t_61int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___3int32_t_61int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___3int32_t_61int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___3int32_t_61int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___41int32_t_23int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)41, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)23, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___41int32_t_23int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___41int32_t_23int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___41int32_t_23int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___41int32_t_23int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___18int32_t_46int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)18, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)46, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___18int32_t_46int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___18int32_t_46int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___18int32_t_46int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___18int32_t_46int32_t(a, b); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___1int32_t_63int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___1int32_t_63int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___1int32_t_63int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___1int32_t_63int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___44int32_t_20int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)44, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)20, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___44int32_t_20int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___44int32_t_20int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___44int32_t_20int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___44int32_t_20int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___10int32_t_54int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)10, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)54, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___10int32_t_54int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___10int32_t_54int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___10int32_t_54int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___10int32_t_54int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___45int32_t_19int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)45, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)19, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___45int32_t_19int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___45int32_t_19int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___45int32_t_19int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___45int32_t_19int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___2int32_t_62int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)2, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)62, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___2int32_t_62int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___2int32_t_62int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___2int32_t_62int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___2int32_t_62int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___62int32_t_2int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)62, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)2, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___62int32_t_2int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___62int32_t_2int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___62int32_t_2int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___62int32_t_2int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___6int32_t_58int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)6, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)58, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___6int32_t_58int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___6int32_t_58int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___6int32_t_58int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___6int32_t_58int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___43int32_t_21int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)43, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)21, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___43int32_t_21int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___43int32_t_21int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___43int32_t_21int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___43int32_t_21int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___15int32_t_49int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)15, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)49, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___15int32_t_49int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___15int32_t_49int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___15int32_t_49int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___15int32_t_49int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___61int32_t_3int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)61, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)3, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___61int32_t_3int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___61int32_t_3int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___61int32_t_3int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___61int32_t_3int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___28int32_t_36int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)28, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)36, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___28int32_t_36int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___28int32_t_36int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___28int32_t_36int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___28int32_t_36int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___55int32_t_9int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)55, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)9, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___55int32_t_9int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___55int32_t_9int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___55int32_t_9int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___55int32_t_9int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___25int32_t_39int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)25, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)39, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___25int32_t_39int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___25int32_t_39int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___25int32_t_39int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___25int32_t_39int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___21int32_t_43int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)21, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)43, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___21int32_t_43int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___21int32_t_43int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___21int32_t_43int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___21int32_t_43int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___56int32_t_8int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)56, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)8, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___56int32_t_8int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___56int32_t_8int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___56int32_t_8int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___56int32_t_8int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___27int32_t_37int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)27, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)37, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___27int32_t_37int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___27int32_t_37int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___27int32_t_37int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___27int32_t_37int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___20int32_t_44int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)20, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)44, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___20int32_t_44int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___20int32_t_44int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___20int32_t_44int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___20int32_t_44int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___39int32_t_25int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)39, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)25, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___39int32_t_25int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___39int32_t_25int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___39int32_t_25int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___39int32_t_25int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___8int32_t_56int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)8, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)56, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___8int32_t_56int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___8int32_t_56int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___8int32_t_56int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___8int32_t_56int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___14int32_t_50int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)14, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)50, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___14int32_t_50int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___14int32_t_50int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___14int32_t_50int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___14int32_t_50int32_t(a, b); -} - -static inline void theta_rho__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s) { - core_core_arch_x86___m256i uu____0 = - xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]); - core_core_arch_x86___m256i uu____1 = - xor5(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]); - core_core_arch_x86___m256i uu____2 = - xor5(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]); - core_core_arch_x86___m256i uu____3 = - xor5(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]); - core_core_arch_x86___m256i c[5U] = { - uu____0, uu____1, uu____2, uu____3, - xor5(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_x86___m256i uu____4 = - rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____5 = - rotate_left1_and_xor(c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____6 = - rotate_left1_and_xor(c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____7 = - rotate_left1_and_xor(c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i t[5U] = { - uu____4, uu____5, uu____6, uu____7, - rotate_left1_and_xor(c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - core_core_arch_x86___m256i uu____8 = xor0(s->st[0U][0U], t[0U]); - s->st[0U][0U] = uu____8; - core_core_arch_x86___m256i uu____9 = - xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____9; - core_core_arch_x86___m256i uu____10 = - xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____10; - core_core_arch_x86___m256i uu____11 = - xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____11; - core_core_arch_x86___m256i uu____12 = - xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____12; - core_core_arch_x86___m256i uu____13 = - xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____13; - core_core_arch_x86___m256i uu____14 = - xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____14; - core_core_arch_x86___m256i uu____15 = - xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____15; - core_core_arch_x86___m256i uu____16 = - xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____16; - core_core_arch_x86___m256i uu____17 = - xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____17; - core_core_arch_x86___m256i uu____18 = - xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____18; - core_core_arch_x86___m256i uu____19 = - xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____19; - core_core_arch_x86___m256i uu____20 = - xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____20; - core_core_arch_x86___m256i uu____21 = - xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____21; - core_core_arch_x86___m256i uu____22 = - xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____22; - core_core_arch_x86___m256i uu____23 = - xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____23; - core_core_arch_x86___m256i uu____24 = - xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____24; - core_core_arch_x86___m256i uu____25 = - xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____25; - core_core_arch_x86___m256i uu____26 = - xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____26; - core_core_arch_x86___m256i uu____27 = - xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____27; - core_core_arch_x86___m256i uu____28 = - xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____28; - core_core_arch_x86___m256i uu____29 = - xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____29; - core_core_arch_x86___m256i uu____30 = - xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____30; - core_core_arch_x86___m256i uu____31 = - xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____31; - core_core_arch_x86___m256i uu____32 = - xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____32; -} - -static inline void pi__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s) { - core_core_arch_x86___m256i old[5U][5U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)5U, s->st, old, core_core_arch_x86___m256i[5U], void *); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -static inline void chi__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); - KRML_MAYBE_FOR5( - i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; - KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; - core_core_arch_x86___m256i uu____0 = and_not_xor( - s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - s->st[i1][j] = uu____0;);); -} - -static inline void iota__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - size_t i) { - core_core_arch_x86___m256i uu____0 = xor_constant( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); - s->st[0U][0U] = uu____0; -} - -static inline void keccakf1600__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - theta_rho__core_core_arch_x86___m256i_4size_t(s); - pi__core_core_arch_x86___m256i_4size_t(s); - chi__core_core_arch_x86___m256i_4size_t(s); - iota__core_core_arch_x86___m256i_4size_t(s, i0); - } -} - -static inline void absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice blocks[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - load_block___136size_t0(uu____0, uu____1); - keccakf1600__core_core_arch_x86___m256i_4size_t(s); -} - -static inline void load_block_full___136size_t( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice); - Eurydice_slice buf[4U] = {uu____1, uu____2, uu____3, - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; - load_block___136size_t(uu____0, buf); -} - -static inline void load_block_full___136size_t0( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full___136size_t(uu____0, uu____1); -} - -static inline void -absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = {{0U}}; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], - uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)136U - (size_t)1U] = - (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); - core_core_arch_x86___m256i(*uu____1)[5U] = s->st; - uint8_t uu____2[4U][200U]; - memcpy(uu____2, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full___136size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_x86___m256i_4size_t(s); -} - -static inline void store_block___136size_t(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice out[4U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[2U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[3U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; +inline void libcrux_sha3_avx2_x4_shake256( + Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, + Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, + Eurydice_slice out2, Eurydice_slice out3) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - out[0U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice((size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - out[1U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice((size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)8U, .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice( - out[2U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice((size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U, .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_slice_subslice( - out[3U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice((size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)24U, .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - size_t i = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - Eurydice_slice uu____5 = - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); - Eurydice_slice uu____6 = Eurydice_slice_subslice( - out[0U], - (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_subslice((size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_slice_subslice( - out[1U], - (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____8 = Eurydice_slice_subslice( - out[2U], - (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____8, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____9 = Eurydice_slice_subslice( - out[3U], - (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____9, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void store_block_full___136size_t( - core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - uint8_t out2[200U] = {0U}; - uint8_t out3[200U] = {0U}; - core_core_arch_x86___m256i(*uu____0)[5U] = s; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice); - Eurydice_slice buf[4U] = { - uu____1, uu____2, uu____3, - Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; - store_block___136size_t(uu____0, buf); - uint8_t uu____4[200U]; - memcpy(uu____4, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____5[200U]; - memcpy(uu____5, out1, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____6[200U]; - memcpy(uu____6, out2, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____7[200U]; - memcpy(uu____7, out3, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____4, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____5, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[2U], uu____6, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[3U], uu____7, (size_t)200U * sizeof(uint8_t)); -} - -static inline void store_block_full___136size_t0( - core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { - uint8_t ret0[4U][200U]; - store_block_full___136size_t(a, ret0); - memcpy(ret, ret0, (size_t)4U * sizeof(uint8_t[200U])); -} - -static inline void -squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - uint8_t b[4U][200U]; - store_block_full___136size_t0(s->st, b); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void store_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], - Eurydice_slice b[4U]) { - store_block___136size_t(a, b); -} - -static inline void -squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - store_block___136size_t0(s->st, out); -} - -static inline void -squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - keccakf1600__core_core_arch_x86___m256i_4size_t(s); - store_block___136size_t0(s->st, out); -} - -static inline void squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - s, - Eurydice_slice out[4U]) { - keccakf1600__core_core_arch_x86___m256i_4size_t(&s); - uint8_t b[4U][200U]; - store_block_full___136size_t0(s.st, b); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void -keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( - Eurydice_slice data[4U], Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - s = new__core_core_arch_x86___m256i_4size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____0 = &s; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret[4U]; - slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block__core_core_arch_x86___m256i_4size_t_136size_t(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____2 = &s; - Eurydice_slice uu____3[4U]; - memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret[4U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); - absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(uu____2, - ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t(&s, - out); - } else { - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ - uu____4 = split_at_mut_n(out, (size_t)136U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o1[4U]; - memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ - uu____5 = split_at_mut_n(o1, (size_t)136U); - Eurydice_slice o[4U]; - memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice orest[4U]; - memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, o); - memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t(s, o1); - } - } -} - -void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, - Eurydice_slice input2, Eurydice_slice input3, - Eurydice_slice out0, Eurydice_slice out1, - Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(buf0, buf); -} - -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline libcrux_sha3_avx2_x4_incremental_KeccakState4 libcrux_sha3_avx2_x4_incremental_shake128_init(void) { - return new__core_core_arch_x86___m256i_4size_t(); -} - -static inline void load_block___168size_t(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice blocks[4U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[2U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[3U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____0 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; - core_core_arch_x86___m256i uu____1 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = uu____1; - core_core_arch_x86___m256i uu____2 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = uu____2; - core_core_arch_x86___m256i uu____3 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = uu____3; - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice(blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice(blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice(blocks[2U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice(blocks[3U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - core_core_arch_x86___m256i uu____8 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - s[i0][j0] = uu____8; - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____9 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____9, - Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start + (size_t)8U, .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____10 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____10, - Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start + (size_t)8U, .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____11 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____11, - Eurydice_slice_subslice( - blocks[2U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start + (size_t)8U, .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____12 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____12, - Eurydice_slice_subslice( - blocks[3U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start + (size_t)8U, .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); - size_t i = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - core_core_arch_x86___m256i uu____13 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - s[i][j] = uu____13; - } -} - -static inline void load_block_full___168size_t( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice); - Eurydice_slice buf[4U] = {uu____1, uu____2, uu____3, - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; - load_block___168size_t(uu____0, buf); -} - -static inline void load_block_full___168size_t0( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full___168size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = {{0U}}; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], - uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)168U - (size_t)1U] = - (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U;); - core_core_arch_x86___m256i(*uu____1)[5U] = s->st; - uint8_t uu____2[4U][200U]; - memcpy(uu____2, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full___168size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_x86___m256i_4size_t(s); -} - -void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, - Eurydice_slice data3) { - Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( - s, buf); -} - -static inline void store_block___168size_t(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice out[4U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[2U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[3U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - out[0U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice((size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - out[1U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice((size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)8U, .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice( - out[2U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice((size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U, .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_slice_subslice( - out[3U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice((size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)24U, .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - size_t i = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - Eurydice_slice uu____5 = - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); - Eurydice_slice uu____6 = Eurydice_slice_subslice( - out[0U], - (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_subslice((size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_slice_subslice( - out[1U], - (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____8 = Eurydice_slice_subslice( - out[2U], - (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____8, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____9 = Eurydice_slice_subslice( - out[3U], - (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____9, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void store_block___168size_t0(core_core_arch_x86___m256i (*a)[5U], - Eurydice_slice b[4U]) { - store_block___168size_t(a, b); -} - -static inline void -squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - keccakf1600__core_core_arch_x86___m256i_4size_t(s); - store_block___168size_t0(s->st, out); -} - -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, - Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, buf); -} - -static inline void -squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - store_block___168size_t0(s->st, out); + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice data0, + Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, + Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } inline void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ uu____0 = - split_at_mut_n(out, (size_t)168U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o10[4U]; - memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o0); - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ uu____1 = - split_at_mut_n(o10, (size_t)168U); - Eurydice_slice o1[4U]; - memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o2[4U]; - memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o1); - squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o2); -} - -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, - Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( - s, buf); +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, + Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 3f123391e..9ef69a0a4 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_sha3_avx2_H @@ -15,38 +15,32 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" #include "libcrux_core.h" -#include "libcrux_sha3_internal.h" - -typedef struct - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t_s { - core_core_arch_x86___m256i st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t; +#include "libcrux_sha3_neon.h" void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState4_s { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + state[2U]; +} libcrux_sha3_avx2_x4_incremental_KeccakState4; + +libcrux_sha3_avx2_x4_incremental_KeccakState4 libcrux_sha3_avx2_x4_incremental_shake128_init(void); void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, - Eurydice_slice data3); + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice data0, + Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, - Eurydice_slice out3); + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, + Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, - Eurydice_slice out3); + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, + Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 8c78b4214..df62eb1e3 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h b/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h index 4627e4a1d..818e0acac 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h +++ b/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_sha3_libcrux_ml_kem_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index d2967a194..667d7904c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -1,187 +1,2887 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #include "libcrux_sha3_neon.h" #include "internal/libcrux_core.h" -inline void libcrux_sha3_neon_sha512(Eurydice_slice digest, - Eurydice_slice data) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_sha256(Eurydice_slice digest, - Eurydice_slice data) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline libcrux_sha3_neon_x2_incremental_KeccakState2 +static inline core_core_arch_arm_shared_neon_uint64x2_t zero(void) { + return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t _veor5q_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c, + core_core_arch_arm_shared_neon_uint64x2_t d, + core_core_arch_arm_shared_neon_uint64x2_t e) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + core_core_arch_arm_shared_neon_uint64x2_t cd = + libcrux_intrinsics_arm64__veorq_u64(c, d); + core_core_arch_arm_shared_neon_uint64x2_t abcd = + libcrux_intrinsics_arm64__veorq_u64(ab, cd); + return libcrux_intrinsics_arm64__veorq_u64(abcd, e); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t xor5( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c, + core_core_arch_arm_shared_neon_uint64x2_t d, + core_core_arch_arm_shared_neon_uint64x2_t e) { + return _veor5q_u64(a, b, c, d, e); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___1int32_t_63int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)1, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)63, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t _vrax1q_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, rotate_left___1int32_t_63int32_t(b)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t rotate_left1_and_xor( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vrax1q_u64(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t _vbcaxq_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vbicq_u64(b, c)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t and_not_xor( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c) { + return _vbcaxq_u64(a, b, c); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t _veorq_n_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { + core_core_arch_arm_shared_neon_uint64x2_t c0 = + libcrux_intrinsics_arm64__vdupq_n_u64(c); + return libcrux_intrinsics_arm64__veorq_u64(a, c0); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t xor_constant( + core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { + return _veorq_n_u64(a, c); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t xor0( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_intrinsics_arm64__veorq_u64(a, b); +} + +static inline void slice_2(Eurydice_slice a[2U], size_t start, size_t len, + Eurydice_slice ret[2U]) { + Eurydice_slice uu____0 = Eurydice_slice_subslice( + a[0U], + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + ret[0U] = uu____0; + ret[1U] = Eurydice_slice_subslice(a[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start, .end = start + len}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice); +} + +static inline void slice_n(Eurydice_slice a[2U], size_t start, size_t len, + Eurydice_slice ret[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, a, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[2U]; + slice_2(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); +} + +static inline K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ +split_at_mut_2(Eurydice_slice out[2U], size_t mid) { + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at_mut( + out0, mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at_mut( + out1, mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + return lit; +} + +static inline K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ +split_at_mut_n(Eurydice_slice a[2U], size_t mid) { + return split_at_mut_2(a, mid); +} + +static inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t +new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(void) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + lit; + lit.st[0U][0U] = zero(); + lit.st[0U][1U] = zero(); + lit.st[0U][2U] = zero(); + lit.st[0U][3U] = zero(); + lit.st[0U][4U] = zero(); + lit.st[1U][0U] = zero(); + lit.st[1U][1U] = zero(); + lit.st[1U][2U] = zero(); + lit.st[1U][3U] = zero(); + lit.st[1U][4U] = zero(); + lit.st[2U][0U] = zero(); + lit.st[2U][1U] = zero(); + lit.st[2U][2U] = zero(); + lit.st[2U][3U] = zero(); + lit.st[2U][4U] = zero(); + lit.st[3U][0U] = zero(); + lit.st[3U][1U] = zero(); + lit.st[3U][2U] = zero(); + lit.st[3U][3U] = zero(); + lit.st[3U][4U] = zero(); + lit.st[4U][0U] = zero(); + lit.st[4U][1U] = zero(); + lit.st[4U][2U] = zero(); + lit.st[4U][3U] = zero(); + lit.st[4U][4U] = zero(); + return lit; +} + +static inline void load_block___72size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + libcrux_intrinsics_arm64__veorq_u64( + uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; + } + if ((size_t)72U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)72U - (size_t)8U, .end = (size_t)72U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst0, ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)72U - (size_t)8U, .end = (size_t)72U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void load_block___72size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block___72size_t(uu____0, uu____1); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___36int32_t_28int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___36int32_t_28int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___36int32_t_28int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___36int32_t_28int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___36int32_t_28int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___3int32_t_61int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___3int32_t_61int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___3int32_t_61int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___3int32_t_61int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___3int32_t_61int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___41int32_t_23int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)41, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)23, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___41int32_t_23int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___41int32_t_23int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___41int32_t_23int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___41int32_t_23int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___18int32_t_46int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)18, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)46, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___18int32_t_46int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___18int32_t_46int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___18int32_t_46int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___18int32_t_46int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___1int32_t_63int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___1int32_t_63int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___1int32_t_63int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___1int32_t_63int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___44int32_t_20int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___44int32_t_20int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___44int32_t_20int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___44int32_t_20int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___44int32_t_20int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___10int32_t_54int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)10, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)54, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___10int32_t_54int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___10int32_t_54int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___10int32_t_54int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___10int32_t_54int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___45int32_t_19int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)45, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)19, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___45int32_t_19int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___45int32_t_19int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___45int32_t_19int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___45int32_t_19int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___2int32_t_62int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___2int32_t_62int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___2int32_t_62int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___2int32_t_62int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___2int32_t_62int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___62int32_t_2int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___62int32_t_2int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___62int32_t_2int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___62int32_t_2int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___62int32_t_2int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___6int32_t_58int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)6, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)58, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___6int32_t_58int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___6int32_t_58int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___6int32_t_58int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___6int32_t_58int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___43int32_t_21int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___43int32_t_21int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___43int32_t_21int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___43int32_t_21int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___43int32_t_21int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___15int32_t_49int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)15, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)49, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___15int32_t_49int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___15int32_t_49int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___15int32_t_49int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___15int32_t_49int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___61int32_t_3int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___61int32_t_3int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___61int32_t_3int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___61int32_t_3int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___61int32_t_3int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___28int32_t_36int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___28int32_t_36int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___28int32_t_36int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___28int32_t_36int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___28int32_t_36int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___55int32_t_9int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)55, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)9, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___55int32_t_9int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___55int32_t_9int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___55int32_t_9int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___55int32_t_9int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___25int32_t_39int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___25int32_t_39int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___25int32_t_39int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___25int32_t_39int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___25int32_t_39int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___21int32_t_43int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___21int32_t_43int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___21int32_t_43int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___21int32_t_43int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___21int32_t_43int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___56int32_t_8int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___56int32_t_8int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___56int32_t_8int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___56int32_t_8int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___56int32_t_8int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___27int32_t_37int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)27, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)37, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___27int32_t_37int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___27int32_t_37int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___27int32_t_37int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___27int32_t_37int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___20int32_t_44int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___20int32_t_44int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___20int32_t_44int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___20int32_t_44int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___20int32_t_44int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___39int32_t_25int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___39int32_t_25int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___39int32_t_25int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___39int32_t_25int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___39int32_t_25int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___8int32_t_56int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___8int32_t_56int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___8int32_t_56int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___8int32_t_56int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___8int32_t_56int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___14int32_t_50int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)14, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)50, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___14int32_t_50int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___14int32_t_50int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___14int32_t_50int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___14int32_t_50int32_t(a, b); +} + +static inline void theta_rho__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + xor5(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + xor5(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + xor5(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]); + core_core_arch_arm_shared_neon_uint64x2_t c[5U] = { + uu____0, uu____1, uu____2, uu____3, + xor5(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + core_core_arch_arm_shared_neon_uint64x2_t uu____4 = + rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____5 = + rotate_left1_and_xor(c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + rotate_left1_and_xor(c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____7 = + rotate_left1_and_xor(c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t t[5U] = { + uu____4, uu____5, uu____6, uu____7, + rotate_left1_and_xor(c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + core_core_arch_arm_shared_neon_uint64x2_t uu____8 = + xor0(s->st[0U][0U], t[0U]); + s->st[0U][0U] = uu____8; + core_core_arch_arm_shared_neon_uint64x2_t uu____9 = + xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____9; + core_core_arch_arm_shared_neon_uint64x2_t uu____10 = + xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____10; + core_core_arch_arm_shared_neon_uint64x2_t uu____11 = + xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____11; + core_core_arch_arm_shared_neon_uint64x2_t uu____12 = + xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____12; + core_core_arch_arm_shared_neon_uint64x2_t uu____13 = + xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____13; + core_core_arch_arm_shared_neon_uint64x2_t uu____14 = + xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____14; + core_core_arch_arm_shared_neon_uint64x2_t uu____15 = + xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____15; + core_core_arch_arm_shared_neon_uint64x2_t uu____16 = + xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____16; + core_core_arch_arm_shared_neon_uint64x2_t uu____17 = + xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____17; + core_core_arch_arm_shared_neon_uint64x2_t uu____18 = + xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____18; + core_core_arch_arm_shared_neon_uint64x2_t uu____19 = + xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____19; + core_core_arch_arm_shared_neon_uint64x2_t uu____20 = + xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____20; + core_core_arch_arm_shared_neon_uint64x2_t uu____21 = + xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____21; + core_core_arch_arm_shared_neon_uint64x2_t uu____22 = + xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____22; + core_core_arch_arm_shared_neon_uint64x2_t uu____23 = + xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____23; + core_core_arch_arm_shared_neon_uint64x2_t uu____24 = + xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____24; + core_core_arch_arm_shared_neon_uint64x2_t uu____25 = + xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____25; + core_core_arch_arm_shared_neon_uint64x2_t uu____26 = + xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____26; + core_core_arch_arm_shared_neon_uint64x2_t uu____27 = + xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____27; + core_core_arch_arm_shared_neon_uint64x2_t uu____28 = + xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____28; + core_core_arch_arm_shared_neon_uint64x2_t uu____29 = + xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____29; + core_core_arch_arm_shared_neon_uint64x2_t uu____30 = + xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____30; + core_core_arch_arm_shared_neon_uint64x2_t uu____31 = + xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____31; + core_core_arch_arm_shared_neon_uint64x2_t uu____32 = + xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____32; +} + +static inline void pi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s) { + core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)5U, s->st, old, core_core_arch_arm_shared_neon_uint64x2_t[5U], + void *); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +static inline void chi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s) { + core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; + memcpy(old, s->st, + (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); + KRML_MAYBE_FOR5( + i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR5( + i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + and_not_xor(s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + s->st[i1][j] = uu____0;);); +} + +static inline void iota__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + size_t i) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = xor_constant( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); + s->st[0U][0U] = uu____0; +} + +static inline void +keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + theta_rho__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + pi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + chi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + iota__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s, i0); + } +} + +static inline void +absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block___72size_t0(uu____0, uu____1); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void load_block_full___72size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, + Eurydice_slice)}; + load_block___72size_t(uu____0, buf); +} + +static inline void load_block_full___72size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___72size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)72U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)72U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___72size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void store_block___72size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)72U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)72U - (size_t)8U, .end = (size_t)72U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)72U - (size_t)8U, .end = (size_t)72U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice( + (size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void store_block_full___72size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block___72size_t(uu____0, buf); + uint8_t uu____2[200U]; + memcpy(uu____2, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____3, (size_t)200U * sizeof(uint8_t)); +} + +static inline void store_block_full___72size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + uint8_t ret0[2U][200U]; + store_block_full___72size_t(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t[200U])); +} + +static inline void +squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full___72size_t0(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void store_block___72size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block___72size_t(a, b); +} + +static inline void +squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + store_block___72size_t0(s->st, out); +} + +static inline void +squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___72size_t0(s->st, out); +} + +static inline void +squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); + uint8_t b[2U][200U]; + store_block_full___72size_t0(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void +keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)72U, (size_t)72U, ret); + absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( + uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)72U; + size_t last = outlen - outlen % (size_t)72U; + if (blocks == (size_t)0U) { + squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)72U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)72U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + &s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + s, o1); + } + } +} + +static inline void keccakx2___72size_t_6uint8_t(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( + uu____0, out); +} + +void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { + uint8_t dummy[64U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice uu____1 = digest; + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice)}; + keccakx2___72size_t_6uint8_t(uu____0, buf); +} + +static inline void load_block___136size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + libcrux_intrinsics_arm64__veorq_u64( + uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; + } + if ((size_t)136U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)136U - (size_t)8U, .end = (size_t)136U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst0, ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)136U - (size_t)8U, .end = (size_t)136U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void load_block___136size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block___136size_t(uu____0, uu____1); +} + +static inline void +absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block___136size_t0(uu____0, uu____1); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void load_block_full___136size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, + Eurydice_slice)}; + load_block___136size_t(uu____0, buf); +} + +static inline void load_block_full___136size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___136size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)136U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___136size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void store_block___136size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)136U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)136U - (size_t)8U, .end = (size_t)136U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)136U - (size_t)8U, .end = (size_t)136U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice( + (size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void store_block_full___136size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block___136size_t(uu____0, buf); + uint8_t uu____2[200U]; + memcpy(uu____2, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____3, (size_t)200U * sizeof(uint8_t)); +} + +static inline void store_block_full___136size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + uint8_t ret0[2U][200U]; + store_block_full___136size_t(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t[200U])); +} + +static inline void +squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full___136size_t0(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void store_block___136size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block___136size_t(a, b); +} + +static inline void +squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + store_block___136size_t0(s->st, out); +} + +static inline void +squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___136size_t0(s->st, out); +} + +static inline void +squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); + uint8_t b[2U][200U]; + store_block_full___136size_t0(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void +keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( + uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + &s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + s, o1); + } + } +} + +static inline void keccakx2___136size_t_6uint8_t(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( + uu____0, out); +} + +void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { + uint8_t dummy[32U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice uu____1 = digest; + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)}; + keccakx2___136size_t_6uint8_t(uu____0, buf); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)136U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___136size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void +keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( + uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + &s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + s, o1); + } + } +} + +static inline void keccakx2___136size_t_31uint8_t(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( + uu____0, out); +} + +void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, + Eurydice_slice out0, Eurydice_slice out1) { + Eurydice_slice buf0[2U] = {input0, input1}; + Eurydice_slice buf[2U] = {out0, out1}; + keccakx2___136size_t_31uint8_t(buf0, buf); +} + +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t libcrux_sha3_neon_x2_incremental_shake128_init(void) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice data0, - Eurydice_slice data1) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, - Eurydice_slice out1) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, - Eurydice_slice out1) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + return new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); +} + +static inline void load_block___168size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + libcrux_intrinsics_arm64__veorq_u64( + uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; + } + if ((size_t)168U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)168U - (size_t)8U, .end = (size_t)168U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst0, ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)168U - (size_t)8U, .end = (size_t)168U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void load_block_full___168size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, + Eurydice_slice)}; + load_block___168size_t(uu____0, buf); +} + +static inline void load_block_full___168size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___168size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)168U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___168size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice data0, Eurydice_slice data1) { + Eurydice_slice buf[2U] = {data0, data1}; + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t_31uint8_t( + s, buf); +} + +static inline void store_block___168size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)168U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)168U - (size_t)8U, .end = (size_t)168U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)168U - (size_t)8U, .end = (size_t)168U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice( + (size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void store_block___168size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block___168size_t(a, b); +} + +static inline void +squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___168size_t0(s->st, out); +} + +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out0, Eurydice_slice out1) { + Eurydice_slice buf[2U] = {out0, out1}; + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + s, buf); +} + +static inline void +squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + store_block___168size_t0(s->st, out); +} + +static inline void +squeeze_first_three_blocks__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ uu____0 = + split_at_mut_n(out, (size_t)168U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____0.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o10[2U]; + memcpy(o10, uu____0.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + s, o0); + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ uu____1 = + split_at_mut_n(o10, (size_t)168U); + Eurydice_slice o1[2U]; + memcpy(o1, uu____1.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o2[2U]; + memcpy(o2, uu____1.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + s, o1); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + s, o2); +} + +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out0, Eurydice_slice out1) { + Eurydice_slice buf[2U] = {out0, out1}; + squeeze_first_three_blocks__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + s, buf); +} + +static inline void load_block___144size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + libcrux_intrinsics_arm64__veorq_u64( + uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; + } + if ((size_t)144U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)144U - (size_t)8U, .end = (size_t)144U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst0, ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)144U - (size_t)8U, .end = (size_t)144U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void load_block___144size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block___144size_t(uu____0, uu____1); +} + +static inline void +absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block___144size_t0(uu____0, uu____1); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void load_block_full___144size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, + Eurydice_slice)}; + load_block___144size_t(uu____0, buf); +} + +static inline void load_block_full___144size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___144size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)144U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)144U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___144size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void store_block___144size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)144U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)144U - (size_t)8U, .end = (size_t)144U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)144U - (size_t)8U, .end = (size_t)144U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice( + (size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void store_block_full___144size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block___144size_t(uu____0, buf); + uint8_t uu____2[200U]; + memcpy(uu____2, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____3, (size_t)200U * sizeof(uint8_t)); +} + +static inline void store_block_full___144size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + uint8_t ret0[2U][200U]; + store_block_full___144size_t(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t[200U])); +} + +static inline void +squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full___144size_t0(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void store_block___144size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block___144size_t(a, b); +} + +static inline void +squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + store_block___144size_t0(s->st, out); +} + +static inline void +squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___144size_t0(s->st, out); +} + +static inline void +squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); + uint8_t b[2U][200U]; + store_block_full___144size_t0(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void +keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)144U, (size_t)144U, ret); + absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( + uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; + if (blocks == (size_t)0U) { + squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)144U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)144U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + &s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + s, o1); + } + } +} + +static inline void keccakx2___144size_t_6uint8_t(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( + uu____0, out); } inline void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[28U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice uu____1 = digest; + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice)}; + keccakx2___144size_t_6uint8_t(uu____0, buf); +} + +static inline void load_block___104size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + libcrux_intrinsics_arm64__veorq_u64( + uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; + } + if ((size_t)104U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)104U - (size_t)8U, .end = (size_t)104U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst0, ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)104U - (size_t)8U, .end = (size_t)104U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void load_block___104size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block___104size_t(uu____0, uu____1); +} + +static inline void +absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block___104size_t0(uu____0, uu____1); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void load_block_full___104size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, + Eurydice_slice)}; + load_block___104size_t(uu____0, buf); +} + +static inline void load_block_full___104size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___104size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)104U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)104U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___104size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void store_block___104size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)104U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)104U - (size_t)8U, .end = (size_t)104U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)104U - (size_t)8U, .end = (size_t)104U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice( + (size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void store_block_full___104size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block___104size_t(uu____0, buf); + uint8_t uu____2[200U]; + memcpy(uu____2, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____3, (size_t)200U * sizeof(uint8_t)); +} + +static inline void store_block_full___104size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + uint8_t ret0[2U][200U]; + store_block_full___104size_t(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t[200U])); +} + +static inline void +squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full___104size_t0(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void store_block___104size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block___104size_t(a, b); +} + +static inline void +squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + store_block___104size_t0(s->st, out); +} + +static inline void +squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___104size_t0(s->st, out); +} + +static inline void +squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); + uint8_t b[2U][200U]; + store_block_full___104size_t0(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void +keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)104U, (size_t)104U, ret); + absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( + uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; + if (blocks == (size_t)0U) { + squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)104U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)104U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + &s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + s, o1); + } + } +} + +static inline void keccakx2___104size_t_6uint8_t(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( + uu____0, out); } inline void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[48U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice uu____1 = digest; + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice)}; + keccakx2___104size_t_6uint8_t(uu____0, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 0450e6907..f8b0db637 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 409fe455 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_sha3_neon_H @@ -17,6 +17,11 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_sha3_internal.h" +typedef struct + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t_s { + core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t; + void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); @@ -24,24 +29,23 @@ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); -typedef struct libcrux_sha3_neon_x2_incremental_KeccakState2_s { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[2U]; -} libcrux_sha3_neon_x2_incremental_KeccakState2; - -libcrux_sha3_neon_x2_incremental_KeccakState2 +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t libcrux_sha3_neon_x2_incremental_shake128_init(void); void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice data0, - Eurydice_slice data1); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice data0, Eurydice_slice data1); void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, - Eurydice_slice out1); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out0, Eurydice_slice out1); void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, - Eurydice_slice out1); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out0, Eurydice_slice out1); void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data);